InfoSec Week 12, 2017

Posted on 26 March 2017

Good article about Zeus GameOver botnet take down and chasing of Evgeniy Mikhailovich Bogachev aka Slavik, author of the Zeus malware family.

Forbes analysed corporate connections between American and Russian commercial spyware producers.

The CIA defeated Comodo antivirus by storing binaries in the recycle bin.

Malware disguised as legitimate software for Siemens control gear has infected industrial equipment worldwide. At least 10 industrial plants were found running the infected software.

"Malware used by Winnti, a group mainly known for targeting the online gaming industry, was connecting to a GitHub account to obtain the exact location of its C&C servers. The malware looked up an HTML page stored in the GitHub project to obtain the encrypted string containing the IP address and port number for the C&C server"

Microsoft's Application Verifier tool can be used by attackers to grab control of antivirus software. Researchers loaded their own DLL library into target process using benign Microsoft Application Verifier.

Some information from the Wikileaks about the CIA "The Bakery" division behind the Cisco surveillance implants.

Chinese scammers are deploying rogue cellphone towers to spread the Android Swearing Trojan via a malicious URL in SMS messages.

Comments !