Dynamic Malware Binaries
I recently found the distribution point for a malware affiliate that dynamically generates a new binary (but the same malware) every time it is queried. The malware distributers periodically query the...
View ArticleCrime or Espionage?
ZeuS is a well known crimeware tool kit that is readily available online. The tool allows even the most unskilled to operate a botnet. Typically, Zeus has been associated with banking fraud. Recently,...
View ArticleCrime or Espionage? Part 2
In “Crime or Espionage Part 1” I examined a series of attacks that appear to be aimed at those interested in intelligence issues and those in the government and military. The malware used in these...
View ArticleOld Threats are Current Threats
Despite the fact that the authors of the Pinch Trojan were “pinched” by law enforcement in 2007, the Pinch Trojan continues to be a current threat both because the source code is available (so anyone...
View ArticleKrajabot
The Kraja botnet has managed to compromise 185,645 computers, the vast majority of which are located in Russia. Of the 199,513 unique IP addresses recorded from compromised computers, 87.88% are in IP...
View ArticleBlack Hat SEO, PPC & RogueAV Part 2
Part 1 of “Black Hat SEO, PPC & RogueAV” focused on the type and amount of incoming traffic generated through BlackHat SEO methods. This traffic is monetized through the use of RogueAV,...
View ArticleClustering Zeus Command and Control Servers
Recently, more than 150 individuals around the world have been arrested on bank fraud related charges after using the Zeus malware to acquire credentials that enabled the criminals to steal more than...
View ArticleMalware Diversification
There are wide varieties of malware, many of which have similar functionality. As a result there is a tendency to portray them as being in competition with on another. In some ways this is true,...
View ArticleCommand and Control in the Cloud
In “Shadows in the Cloud: An investigation into cyber espionage 2.0” my co-authors and I analyzed the command and control infrastructure of a network that extracted secret, confidential and restricted...
View ArticleClustering Zeus Command and Control Servers Part 2
In Part 1 of “Clustering Zeus Command and Control Servers” I focused on clustering Zeus command and control servers based on three criteria: IP addresses, domain names, and email addresses used to...
View ArticleNobel Peace Prize, Amnesty HK and Malware
There have been two recent attacks involving human rights and malware. First, on November 7, 2010, contagiodump.blogspot.com posted an analysis of a malware attack that masqueraded as an invitation to...
View ArticleKoobface: Inside a Crimeware Network
The Information Warfare Monitor (Citizen Lab, Munk School of Global Affairs, University of Toronto and the SecDev Group, Ottawa) announce the release of Koobface: Inside a Crimeware Network by Nart...
View ArticlePack Mules: The Re-Shipping Fraud & Malware Connection
Malware toolkits are designed to steal information, such as bank account data, and provide cyber criminals with vast quantities of stolen credentials. Every day, credit card numbers stolen by malware...
View ArticleRX-promotion: A Pharma Shop
More than 65% of spam consists of “pharmaceutical spam” sent through a variety of well known spam botnets such as Rustock and Cutwail. These spam messages use multiple shop brands and sell a variety of...
View Article2010 and Beyond
The year of 2010 has been an interesting for malware researchers. From the attacks on Google through to the ShadowNet there have been many interesting cases that targeted high profile targets. However,...
View Article