MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.


MalwareIntelligence whitepapers

Botnets Administration. A real case - ZeuS & SpyEye
Malware networks continue to grow and parallel to, the potential risk of becoming victims of their criminal activities. Gone are those days where the main vector for malicious code distribution was made up of pages that promote pornographic and warez type programs.

Today, malware is distributed through any kind of website as a key used to feedback a crime far more comprehensive and ambitious, mainly led by botnets. Also incorporating self-defense mechanisms and more complex evasion. To understand this diversity, this paper describes a real example, which was part of a complex investigation, about how a given botmaster their botnets through SpyEye and ZeuS crimeware.

Criminal activities from BKCNET “SIA” IZZI / ATECH-SAGADE [Part one]
BKCNET "SIA" IZZI, also known as or simply ATECH-SAGADE is an AS (Autonomous System) numbers in 6851, currently is one of the most active of crimeware through which are distributed daily a large amount of malicious code , besides being the control base for the accommodation of several C&C which feed the underground economy.

Your geolocation is in Latvia and, as I mentioned on another occasion, "This ASN is listed as a server of criminal activities such as spread of different families of rogue, hosting crimeware as YES Exploit System, in 2009 I host the strategies Waledac botnet (Storm successor), also to ZeuS and to have direct relationship with the criminals who are behind the botnet Koobface maneuvers". The following evidence is left AS6851 activities in the range of IP's and chipboard from to

Computer Attacks. Security weaknesses that are commonly exploited
Over time, the advancement of media and communication technology has led to the emergence of new attack vectors and new types of crimes that have become Internet and computer technologies in areas most hostile to any kind of organization, and person you have computers connected to the World Wide Web.

Unlike what happened years ago, where people with broad skills in the computer field enjoyed researching these issues with the aim of incorporating more knowledge, at present has completely distorted giving rise to new characters using computer resources and knowledge its functioning as a resource for crime and economic benefits.

Phoenix Exploit’s Kit. From the mythology to a criminal business
Criminal alternatives grow very fast in an ecosystem where day to day business opportunities are conceived through fraudulent processes. In this sense, the demand for resources for the cyber criminal isn’t expected and is constantly growing.

Generally I find new crimeware looking to get a place and a good acceptance in the virtual streets of the world underground, trying to reflect a balance on the cost/benefit of the "product" promoted, that allows criminals to enter the market as quickly as possible. This paper presents a series of data on criminal activities and fraud carried out using Phoenix Exploit's Kit as channel management, how often the cycle of criminal business on this crimeware and what are the exploits found in its different versions.

myLoader. Base C&C to manage Oficla/Sasfis Botnet
Criminal activities are increasingly unfair. Currently, no one denies that the malicious code is an unethical business and criminal whereby cybercriminals steal lots of money.

This also responds to the why of professionalism and sophistication in the development of malware, and associated components of spread and infection strategies, transforming them into increasingly aggressive threats.

Under this scenario, a new threat crimeware designed for fraudulent purposes is In-the-Wild. MyLoader is a particular purpose framework developed to manage the activities of a botnet.

SpyEye Bot [Part two]. Conversations with the creator of crimeware [English only]
In recent weeks, SpyEye (a new financial trojan) has been popular in the news and underground and well received. The cheap cost of the software relavtive to its competition combined with an easy to use interface has increased its popularity. The ability to remove the competition with the product with a built-in ZeuS Killer has also raised eyebrows.

Our previous report, "SpyEye. Analysis of a new crimeware alternative scenario", addressed known technical issues involving the activities of this threat. In this second part we present the exclusive interview by Ben Koehl, Crimeware Research of MalwareIntelligence.

SpyEye Bot [Part one]. Analysis of a new alternative scenario crimeware
Earlier this year saw the light in the underground black market that moves the axes of crimeware, a new application designed to provide feedback for criminal and fraudulent business.

This application, called SpyEye, is aimed at facilitating the recruitment of zombies and managing your network (C&C – Command and Control) through management panel via the web, from which it is possible to process the information obtained (intelligence) and stored in statistics, a regular feature of criminal packages today. This document describes the activities of SpyEye from the stage of infection giving relevant information about their purpose.

Annual compendium of information. Crimeware in 2009 [Spanish only]
Undoubtedly, the current status of the global criminal activities are channeled through the web is a great business and is growing in dark underground as the different environments offered by the Internet, stealing private information through different "bugs"...

... that spread running different "plans" strategically designed, including developing applications designed to automate the process of crime that are marketed in the same environment underground, then transform all cash.

Analysis of an attack of malware web-based
Internet has become an ally platform of attack for malware creators, who through the use of different techniques such as Drive-by-Download, Drive-by-Update, scripting, exploit, among others, and combining them seek to recruit an army of computers that respond only to their malicious instructions.

These attacks, using the Internet as a basis for implementing a direct damaging loads on the victim, in parallel, almost instantaneous and transparent view of the less experienced users, has become a latent and dangerous risk of infection by the simple act of accessing a website.

The following document sets out a concrete example that uses the above actions to exploit and infect a victim, describing also several extra features that enhance the damage of malware.

Alejandro Cantis
Crimeware Research

0 comentarios:

Post a Comment