Clik here to view.
Nitmo ? No ! ... just "iBanking" used by a (the?) Neverquest/Vawtrak team
Vawtrak (Neverquest) got some attention at end of November via Kaspersky.It was not that new in fact. Microsoft added the detection on 2013-05-02 for this evolution (See : Symantec's post ) of...
View ArticleClik here to view.
CVE-2013-5329 integrated in Exploit Kits
Fast post that I will heavily edit later with details and other integration (if some).Angler EK is not a Reveton dedicated EK anymore. After being adopted by the "ru:8080" team,Cridex/Bugat not dead....
View ArticleClik here to view.
CVE-2013-3918 (IE) integrates exploit Kits
On november 8, 2013 FireEye reported a new IE Zero-Day.The exploit appeared for sale on underground on the 2013-12-20CVE-2013-3918 for sale on underground.-----В наличии свежий эксплоит...
View ArticleClik here to view.
Grandclix - a Clicksor Traffic Reseller...
(illustration taken from Mobile Inquirer)Disclaimer : If you have no interest for Malvertising...then you should skip that post. Boring as possible.Recently a "black" has been brought to my...
View ArticleClik here to view.
Icepol ? Urausy via Opener XXX : a subaffiliate of BestSoft/BestAV
Bitdefender recently wrote about the seizure of a server used to distribute "ICEPOL trojan":Icepol MDN - A Server Snapshot http://t.co/s4Qe4KjR3g— BitDefenderLabs (@BitDefenderLabs) January 30,...
View ArticleClik here to view.
CVE-2013-5330 (Flash) in an unknown Exploit Kit fed by high rank websites
On the 2013-01-28 Nathan Fowler warned about a drive-by on eHow.net and Livestrong.com.It was serving a payload triggering TDLv4+ traffic signatures (its check-in over SSL) connected to those reports...
View ArticleClik here to view.
And real name of Magnitude is....
Magnitude from CommunityYou may have noticed a rise in Magnitude occurrence past days. This helped me in connecting the dots.When GrandSoft talked about the remaining Exploit Kits in November 2013 he...
View ArticleClik here to view.
CVE-2014-0497 (Flash up to 12.0.0.43) integrating Exploit Kits
And here we are : first CVE-2014-xxxx exploited in blind mass attack. (I was expecting the 0322 but maybe not that easy to implement)As spotted by EKWatcher , Angler EK is introducing today a new Flash...
View ArticleClik here to view.
CVE-2014-0322 integrating Exploit Kits
It took more times than I thought, but here we are : CVE-2014-0322 is now in Exploit Kit. Seems to be first in Infinity Fiesta.Infinity EK :Thanks Timo Hirvonen for fixing my ugly approach to that...
View ArticleClik here to view.
Angler "April Fish"
(MonsterAV Logo - it was Reveton Affiliate name.and was the first big customer of Angler EK)Yes in French Speaking areas (and in Italy too according to Wikipedia) it's "April Fish" :) not April...
View ArticleClik here to view.
Communizm : the Ramdo/Redyms Affiliate
Communizm Affiliate LogoTargeted by the last MSRT from Microsoft, Ramdo is an evolution of Redyms. Being deployed in Affiliate mode you may have seen it in different Exploit Kit (here : mainly in...
View ArticleClik here to view.
BlackHat-TDS (v1.4)
Infection schemes often implicate TDS (Traffic Direction System - See read more at the end if you don't know what is that). A lot of groups are using custom tools, but when they are not, they are using...
View ArticleClik here to view.
Police Locker land on Android Devices
The "Reveton team" has diversified its locking activity. The advert is old (2014-02-18) but i decided to write about it today as I found a TDS using almost all features proposed by this affiliate...
View ArticleClik here to view.
SevPod : The Waledac (Spambot.Kelihos) Affiliate by Severa
Severa's AvatarWaledac (aka spambot.kelihos) is the Kelihos bot Loader (mod2/[whatever].exe) and is also loading Simda (right now : Simda.AT (MS) - mod1/[whatever].exe).As all affiliate stuff you'll...
View ArticleClik here to view.
Simplocker : The Advert
image from Android Developers blogESET spotted the new “Cryptolocker” for OS #Android devices http://t.co/MKzTH7cEvT#Simplocker#Cryptolocker#security#ransomware— ESET (@esetglobal) June 4, 2014Here is...
View ArticleClik here to view.
CVE-2014-0515 (Flash 13.0.0.182 and earlier) integrating Exploit Kits
Discovered by Kaspersky in April in watering hole attack, soon after used in operation targeting Banking information in Japan/Korea by Symantec, reached Exploit DB at begining of may, then in...
View ArticleClik here to view.
Meet CottonCastle EK
Pamukkale (source image: sina.com)Thanks to an Independant researcher from Russia who shared some referer driving to an Exploit Kit on tcp 27005, I was able to meet again the "Unknow EK" that was...
View ArticleClik here to view.
MBAE (Malwarebytes Anti-Exploit) vs All EKs (Exploit Kits)
Disclaimer: Malwarebytes is a client. This is a sponsored post.The goal for Malwarebytes is to show how effective is Malwarebytes Anti-Exploit (MBAE).My goal is to try to find an exploit/Exploit Kit...
View ArticleClik here to view.
Neutrino Bot (aka MS:Win32/Kasidet)
Advertised on underground by n3utrino since december 2013 Neutrino Bot is another "HTTP stress testing tool" , read DDos Bot.Piece of the advertHere is the text of one Advert...
View ArticleClik here to view.
Titan Browlock System
Browlock are around since past summer. Depressing stuff (I write about it to share the numbers)It's mainly advertised in Affiliate mode but Titan Browlock was sold as a Kit.On "adult traffic" (read...
View Article