News

Necurs is one of the biggest botnets in the world – according to MalwareTech there are a couple millions of infected computers, several hundred thousand of which are online at any given time. Compromised computers send spam email to large number of recipients – usually the messages are created to look like …

Network traffic directed to dark address space of IPv4 protocol can be a good source of information about current state of the Internet. Despite the fact that no packets should be sent to such addresses, in practice various traffic types can be observed there, for example echoes of Denial of …

On 4th of July, Minister Anna Streżyńska, Krzysztof Pietraszkiewicz, chairman of Polish Bank Association and Director of NASK Wojciech Kamieniecki signed an agreement on establishing National CERT, intended as communications hub for governement administration and business to coordinate engagement against Internet threats. National CERT is a part of National Cybersecurity …

We hereby present you our report on security of Polish internet and of our activities in 2015. We have split the document in following parts: timeline, describing the crucial events, our activities, threat landscape and extensive statistics based on our data. We invite you to read the report and join …

At the beginning of the May here in Poland we have couple of free days. 3rd May is Constitution Day, and May 1st is Labour Day. Most of us use those days to unwind after winter, but some malware authors apparently didn’t: a few weeks ago, our friends started …

GMBot (also known as slempo) was described on our blog on October 2015. This malicious application for phishing login and password associated with a specific user of electronic banking uses known and common techniques of application overlay. It is nothing else but a normal phishing attack, very similar to the …

SECURE, held on 25th and 26th of October in Warsaw, Poland, is a conference dedicated entirely to IT security and addressed to administrators, security team members and practitioners in this field. SECURE’s unique feature is the organisers’ commitment to providing participants with reliable information about everything that is current …

Our CERT laboratory recently received a sample of iBanking malware (along with a malicious JavaScript code snippet associated with it), posing as the mobile Trusteer Rapport antimalware solution. The attack scenario isn’t new, it has been used many times in the past, but recently we see an increase in …

Some weeks ago we stumbled on a packer that our tools could not break. Surprisingly, this is actually not that common since most of the malware in the wild uses some sort of RunPE technique which is relatively trivial to break using simple memory tracing. MadProtect is not any different …

Our laboratory recently received a sample of malware used for attacks on Polish users of electronic banking. Analysis of this malware gave us reasons to believe, that this is the software written by the authors of Banatrix (which we discussed in greater detail in our earlier posts), Slave and e-mail …