-
SECURE 2017 – Call for Speakers
Call for Speakers for SECURE 2017 is now open. If you have an interesting topic and would like to share your ideas with a crowd of Polish and international IT security specialists, please consider submitting your proposal. You will find all applicable information below. SECURE 2017 will be held on …
Read more -
We are joining the No More Ransom Project
From the beginning of April we are officially an Associate Partner of the No More Ransom Project. Its main goal is to fight ransomware by helping victims with free decryption of their files. It is coordinated, among others, by Europol, and it connects law enforcement agencies and private sector companies …
Read more -
Sage 2.0 analysis
Introduction Sage is a new ransomware family, a variant of CryLocker. Currently it’s distributed by the same actors that are usually distributing Cerber, Locky and Spora. In this case malspam is the infection vector. Emails from the campaign contain only malicious zip file without any text. Inside zip attachment …
Read more -
Nymaim revisited
Introduction Nymaim was discovered in 2013. At that time it was only a dropper used to distribute TorrentLocker. In February 2016 it became popular again after incorporating leaked ISFB code, dubbed Goznym. This incarnation of Nymaim was interesting for us because it gained banking capabilities and became a serious threat …
Read more -
Evil: A poor man’s ransomware in JavaScript
Introduction Initially Evil was brought to our attention by an incident reported on 2017-01-08. By that time the Internet was completely silent on that threat and we had nothing to analyze. We found first working sample day later, on 2017-01-09. In this article we will shortly summarize our analysis and …
Read more -
Technical analysis of CryptoMix/CryptFile2 ransomware
Campaign CryptoMix is another ransomware family that is trying to earn money by encrypting victims files and coercing them into paying the ransom. Until recently it was more known as CryptFile2, but for reasons unknown to us it was rebranded and now it’s called CryptoMix. It was observed in …
Read more -
Tofsee – modular spambot
Tofsee, also known as Gheg, is another botnet analyzed by CERT Polska. Its main job is to send spam, but it is able to do other tasks as well. It is possible thanks to the modular design of this malware – it consists of the main binary (the one user downloads …
Read more -
Necurs – hybrid spam botnet
Necurs is one of the biggest botnets in the world – according to MalwareTech there are a couple millions of infected computers, several hundred thousand of which are online at any given time. Compromised computers send spam email to large number of recipients – usually the messages are created to look like …
Read more -
Network traffic periodicity analysis of dark address space
Network traffic directed to dark address space of IPv4 protocol can be a good source of information about current state of the Internet. Despite the fact that no packets should be sent to such addresses, in practice various traffic types can be observed there, for example echoes of Denial of …
Read more -
Agreement on establishment of National CERT
On 4th of July, Minister Anna Streżyńska, Krzysztof Pietraszkiewicz, chairman of Polish Bank Association and Director of NASK Wojciech Kamieniecki signed an agreement on establishing National CERT, intended as communications hub for governement administration and business to coordinate engagement against Internet threats. National CERT is a part of National Cybersecurity …
Read more