Clik here to view.
Popads add Social Engineering : Self-Generated fake cert on jar applet
Seems there is an unpatched vulnerability being exploited in the wild once again.At least operational on java 1.7 update 15. <-- Seems I need more coffee & training in fact :)I first thought it...
View ArticleClik here to view.
CVE-2013-0634 (Adobe Flash Player) integrating Exploit Kits
This post to follow integration of this CVE in the most used exploit kits (should be updated)."Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows""snipshot" from...
View ArticleClik here to view.
Hello Neutrino ! (just one more Exploit Kit)
A new exploit kit is being advertised since yesterday on underground forum : Neutrino.Nice, it's not "Cool OrangeHole Kit""snip shot" of the advertText of the Advert...
View ArticleClik here to view.
CVE-2013-1493 (jre17u15 - jre16u41) integrating Exploit Kits
That was fast (4 days after patch). After CVE-2013-0634 (flash), it's now CVE-2013-1493 (last know vulnerability up to jre17u15 - jre16u41) that reach Cool Exploit Kit (from Reveton distributor - btw...
View ArticleClik here to view.
Ransomware - Kovter : looking at your browsing history for more credibility
This is just another Ransomware...Kovter - US 2013-03-29 (dont trust date on my VM)but why posting about it and not about Galock the DHS one...Look :From source to Kovter ransom messageKovter is...
View ArticleClik here to view.
Reveton "Spring Collection" is ... disappointing - New countries Targeted
So here, the big news is in fact that South America is now a potential target for Cool EK and Reveton cause they have updated the design of their Ransomware, adding new countries. But we can't call...
View ArticleClik here to view.
Urausy Ransomware - Middle-East under attack
Urausy is now targeting Middle East with cashU as payment system.It seems that Reveton could disappear as the almost only distributor ( /world/ Cool EK) has switched to Urausy since 2013-04-04 (after...
View ArticleClik here to view.
Meet Safe Pack (v2.0)... Again :)
A "new" pack is advertised on underground. Thanks Kahu Security for locating and providing initial image of the advert.In fact I faced it before seeing the advert, and reading it really puzzled...
View ArticleClik here to view.
CVE-2013-2423 integrating Exploit Kits
snipshot from mitre.orgOne week after Patch Java7u21 the vulnerability is being exploited in mass blind attack.( First alert come from Timo Hirvonen with CrimeBoss and later CritXPack/SafePack. Will...
View ArticleClik here to view.
Inside RDPxTerm (panel 5.1 - bot 4.4.2) aka Neshta C&C - Botnet control panel
Advertised on underground forum since 2013-03-27 by "ReV"Initial Text of the Advert :------------------------------------------RDPxTerm 5.1 (bild 4.4.2) priv8 edition.Характеристики административной...
View ArticleClik here to view.
Inside Styx - Exploit Kit Control Panel
(Lorenz-84 - For the thumbnail)Styx LogoIn this post we'll just see how the panel looks like.If you want to know more about the price and exploits included see the "Read more" part at the end.However...
View ArticleClik here to view.
Unveiling the Locker Bomba (aka Lucky Locker v0.6 aka Lyposit/Adneukine )
On the 10th of may was advertised on underground forum by bomba_service a new Ransomware in Affiliate mode.LOCKER BomBa best service - максимальный заработокBomba Locker advertOriginal...
View ArticleClik here to view.
The missing link - Some lights on "Urausy" affiliate
featured in UrausyOne of the most common Ransomware since end of 2012 is Urausy. You can land on it via every possible infection vector.Urausy Design (updated but missing : BH|DZ|KW|OM|QA|YE )Too...
View ArticleClik here to view.
Silence Exploit Kit new brows.....oh wait !
Silence Exploit Kit LogoA "new" Exploit Kit is advertised since one month underground. Thanks @UnicornSec for spotting the advert. But if you are busy...just jump to the end.. :) not worth your...
View ArticleClik here to view.
Blackhole Exploit Kit goes 2.1.0, shows new URL Patterns
Paunch AnnouncementOriginal Text :------------------------------------------Версия 2.1.0Небольшие изменения в функционале, выдаче, и другом+ Аренда теперь включает наши домены, заметьте за те же деньги...
View ArticleClik here to view.
A "Styxy" Cool EK !
Around 2013-04-27 the prolific "Reveton" Cool EK suddenly became silent. The Ransomware was then pushed in SofosFO and Sweet Orange.At end of may another Cool EK appeared, operated by another group and...
View ArticleClik here to view.
"Private Exploit Pack" - new BEP featuring CVE-2013-1347
Private Exploit PackAnimated Ad in Imposition signatureSince end of may "imposition" is advertising on underground forum a new browser exploit pack that come with name "Private Exploit Pack".Private...
View ArticleClik here to view.
Urausy Ransomware - July 2013 Design Refresh - "Summer 2013 Collection"
featured in UrausyUrausy, the Ransomware spread by BestAV Affiliate, is showing new clothes since middle of july (thanks to @SecObscurity and @tachion24 for fast ping 2 weeks ago)Patchwork of Urausy...
View ArticleClik here to view.
Cbeplay.P History - increased activity fuelled by a Youtube Malvertising -...
CBeplay US Design 2013-08On 2013-07-30 I heard from Chris Wakelin about Youtube malvertising via zxroll.doniz .nl/stats/ - 188.120.236.21929182 | 188.120.224.0/20 | ISPSYSTEM | RU | BANGUP-MOSCOW.RU...
View ArticleClik here to view.
CVE-2013-2465/CVE-2013-2471 integrating Exploit Kits -- jre7u21 CVE- jre6u45...
Snipshots from MitreTwo days after disclosure, CVE-2013-2465 is starting to be integrated in Exploit Kits.What makes it "better" than CVE-2013-2460 (recently integrated in Private Exploit Pack) is that...
View Article