Shark3 Window's Info
Previous versions included features not so popular among RATs by default such as, built-in VirusTotal submission, process injection, and with the new version promoted to have a built-in rootkit capabilities, next to its Vista compatibility, let's ask the ultimate question - is it a RAT, or is it a malware? That's the rhetorical question.
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
The recently exposed RBN's fake security software was literally just the tip of the iceberg in this ongoing practice of distributing spyware and malware under the shadow of software that's positioned as anti-spyware and anti-malware one. The domain farm of fake security software which I'll assess in this post is worth discussing due to the size of its portfolio, how they've spread the scammy ecosystem on different networks, as well as the directory structure they take advantage of, one whose predictability makes it faily easy to efficiency obtain all the fake applications. This particular case is also a great example of the typical for a Rock Phish kit efficiency vs quality trade off, namely, all the binaries dispersed through the different domains are actually hosted on a single IP, and are identical.
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Who needs zero day vulnerabilities when the average end user is still living in the perimeter defense world and believes that security means having a firewall and an anti virus software running only? Now that's of course a rhetoric question given how modern malware is either blocking the update process of these applications, or shutting them down almost by default these days.
These are all courtesy of what looks like Chinese folks, and represent a good example of what malicious economies of scale are as a concept that emerged during 2007. Years ago, when a vulnerability was found and exploit released, malicious parties were quickly taking advantage of the "window of opportunity" following the myth that the more publicity the vulnerability receives, the more useless it will get, given more people will patch. That's such a wishful thinking, one the people behind Storm Worm apparently perceived as FUD-ish one, and by not following it, ended up with operating the largest botnet known for the time being - a botnet that was built on the foundations of outdated vulnerabilities pushed through emails, using sites as the infection vector , and not a single zero day one.
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Remember the World's Internet Censorship Map? This is a niche version of it that's "mapping the online censorship and anti-censorship efforts related to the Web 2.0". Compared to, for instance, Irrepressible, whose idea is to take advantage of the long-tail of anti-censorship by allowing everyone to embedd a badge that's spreading censored content, the Global Voices Advocacy "seeks to build a global anti-censorship network of bloggers and online activists dedicated to protecting freedom of expression and free access to information online." and aims to act as a vehicle to communicate the censored information to the rest of the world, a far more pragmatic approach than having the censored bloggers figure out how to post the facts online - they'll simply forward them to the GVA.
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Don't play poker on an infected table part two. The following three online casinos are currently serving embedded malware in the form of IFRAMES and the average javascript obfuscation.
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Having found a static pattern for identifying a Rock Phish domain a couple of months ago in the form of the bogus "209 Host Locked" message, the Rock Phishers seems to have picked up the finding and changed the default domain message to "66.1 Host Locked" as of recently. Here are the very latest Rock Phish domains using this :
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
