Clik here to view.
Update to Citadel : v.1.3.4.5
A new version of Citadel has been announced : v1.3.4.5 "Summer Edition"Aquabox post on Exploit.inOriginal text of the advert :Новая летняя версия Citadel 1.3.4.5 Summer Edition готова порадовать ваших...
View ArticleClik here to view.
Ransomware : Smile you're on camera - Reveton.C new landing pages
Reveton is since few days being spread in a new version tagged by Microsoft as revision C.To be more persuasive in the ransom process there is now a "video recording : On" feature.See:Reveton.C US...
View ArticleClik here to view.
Ransomware : Keep smiling ! You're on camera...again - Tobfy new landings
Following Reveton's move, it's now Tobfy which is including Camera feature (Flash Plugin)...and a default landing page trying to mimic Interpol.See:Tobfy.B Default LandingTobfy.B FR LandingTobfy.B UK...
View ArticleClik here to view.
Redkit - one account = one color
There is brain behind the Redkit Exploit Kit.After first publication of Screenshots they added above the menu, the account ID in #fefefe on #ffffffInvisible to human, cristal clear for photoshop.Redkit...
View ArticleClik here to view.
Inside Pony 1.7 / Fareit C&C - Botnet Control Panel
Farmville Pony IconClient recognized by Microsoft as : PWS:Win32/FareitPony 1.7 Login ScreenPony 1.7 Home ScreenPony 1.7 FTP GrabberPony 1.7 Http GrabberPony 1.7 StatisticsPony 1.7 ReportsManageError...
View ArticleClik here to view.
Inside Andromeda Bot v2.06 Webpanel / AKA Gamarue - Botnet Control Panel
Bot recognized by Microsoft as : Worm:Win32/GamarueBots/StatsBlacklistAdd TaskTasks ListServiceSocks4Advert on Exploit.inОписание:Универсальный модульный бот. На основе этого продукта можно построить...
View ArticleClik here to view.
CVE-2012-1723 on BH EK
As seen on Brian Krebs' blog :Some BH EK are now taking advantage of CVE-2012-1723Checked on a reverse proxy of the BH EK that was already taking avantage of CVE-2012-1889Windows XP with IE8 up to date...
View ArticleClik here to view.
Gimemo finally targeting USA with Camera Feature too
Two moves for Gimemo : - Camera Feature (as : Reveton and Tobfy) - USA targeted (impersonnating FBI and Moneypack payment as Reveton)See :Gimemo - July 2012 - FBI + Camera for USA citizensIt seems...
View ArticleClik here to view.
Inside Blackhole Exploits Kit v1.2.4 - Exploit Kit Control Panel
Paunch Notification on Exploit.In about BH EK 1.2.4Original text of the advert :---------------------------------------- вышла версия 1.2.4из новинок:+ добавлен новый java эксплойт CVE-2012-1723...
View ArticleClik here to view.
Inside Citadel 1.3.4.5 C&C & Builder - Botnet Control Panel
Citadel Panel v1.3.4.5 :Citadel - Login ScreenCitadel - SummaryCitadel - OSCitadel - Installed Software - SoftwaresCitadel - Installed Software - FirewallCitadel - Installed Software -...
View ArticleClik here to view.
Update to Blackhole Exploit Kits: v1.2.5
Paunch notification on Exploit.in about v1.2.5Original text of the advert (Pastebin) : -------------------------------------------------------------вышла версия 1.2.5из новинок:+ добавлен XML эксплойт...
View ArticleClik here to view.
Lost in design - Tobfy
The Ransomware Tobfy is back in town.After an attempt to create a new design targeting many countries, the project seems to have been canceled.(See for Instance the Design built for Ireland and Canada...
View ArticleClik here to view.
Inside Upas Kit (1.0.1.1) aka Rombrast C&C - Botnet Control Panel
In middle of june a new botnet was advertised on underground forum as Upas Kit. (see end of this post for advert). Bot is recognized by Microsoft in Win32/Rombrast famillyUpas - Login ScreenUpas -...
View ArticleClik here to view.
Ransom.II - UGC payment for USA - Windows Genuine impersonation for DE
Ransom.II introduced new designs two days ago for DE and USA.In USA it's a new payment system appearing in the Ransom field : Ultimage Game CardUGC logo used in Ransomwarethat has been introduced in 2...
View ArticleClik here to view.
Java 0day ( CVE-2012-4681) Update available for Blackhole Exploit Kit owner
According to a post of Paunch, the Blackhole creator, the actual java 0 day (CVE-2012-4681) is available for Blackhole owner since yesterday evening.Paunch post on Exploit.In about java 0 dayOriginal...
View ArticleClik here to view.
CVE-2012-4681 - On its way to Sakura Exploit Kit too
No surprise at all here...Today found a strange behaviour on a Sakura EK...
View ArticleClik here to view.
CVE-2012-4681 - Связка Sweet Orange
Связка Sweet OrangeYes, it's becoming boring.We'll make it fast.Using [FR] Malekal's sniper technics (hat tip) you can find a Sweet Orange EK when you need one :breitlingline[.]biz/ <-- Do not try...
View ArticleClik here to view.
CVE-2012-4681 - Redkit Exploit Kit - I want Porche Turbo
Not making the headlines but yet effective (doesn't need a 0 day to reach 20% break) Redkit Exploit Kit has also (again...no news here) integrated the last Vulnerability from...
View ArticleClik here to view.
Blackhole Exploit Kits update to v2.0
Paunch notification on Exploit.in about v2.0Original text of the Advert ( Pastebin ) (for rough translation see at bottom - Illustration of an infection + related files in this post.)BlackHole exploit...
View ArticleClik here to view.
Fast look at an infection by a Blackhole Exploit Kit 2.0
Bet there is a new logo...but don't have itIf you didn't know that Blackhole Exploit Kit has been rewritten to version 2.0 take a look at this postAll files here :...
View Article