Banking crisis in Cyprus is now being used in a spam campaign promoting the Blackhole exploit kit and the Win32/Cridex Trojan.
Analysis of the Flame worm (Win32/Flamer) reveals some interesting facts about the internal structure of its main module.
Carberp is a unique case, with all the guys who organized really big botnets and made big profits (millions of US dollars) being arrested.
New versions of the Zeroaccess bootkit demonstrate alternative approaches to distribution and to bootkit infection on 32- and 64-bit Windows.
Aleksandr Matrosov and Eugene Rodionov presented their research into â€œSmartcard vulnerabilities in modern banking malwareâ€ at PHDays'2012.
Group-IB and ESET Russia assisted in the investigation that led to the arrest of 6 people suspected of stealing 125m roubles from bank customers in Russia .
Aleksandr Matrosov notes a new exploit kit approach to hiding redirects using implicit iFrame injection. (NB Nuclear Pack, not Blackhole.)
Group-IB's joint investigations with the FSB and MVD resulted in the arrest of a gang of eight accused of larceny, creation of malware, and unauthorized access.
ESET is seeing a new step of evolution for the Rovnix bootkit family.
This article examines the relationship between the Black Hole exploit kit and Win32/Carberp.
This month we discovered new information on a new modification in the Win32/TrojanDownloader.Carberp trojan family.
In their presentation “Cybercrime in Russia: Trends and issues” at CARO2011 -- one of the best presentations of the workshop, in my unbiased opinion ;-) -- Robert Lipovsky, Aleksandr Matrosov and Dmitry Volkov mentioned the Win32/Hodprot malware family, which seems to be undergoing something of a resurgence.
Although the “Ready to Ride” group originated in Russia it distributes Win32/Cycbot outside the borders of the Russian Federation. Going by the prices per installation the primary target of the group is the US.
The TDSS botnet, now in its 4th generation, is seriously sophisticated malware, which is why we've spent so much time writing about it: the revision of the paper The Evolution of TDL: Conquering x64 that will be up on the white papers page shortly runs to 54 pages and includes some highly technical analysis, including the detail on
...Aleks and Eugene released a new version of the tool they developed in the course of their research into the TDL family...
... I haven't recently posted any pointers to our content on SC Magazine's Cybercrime Corner, and now might be a good time to recap on what Randy and I have been posting there this month (so far...) ...