-
SECURE 2014 Call for Speakers is Now Open
SECURE 2014 is a conference dedicated entirely to IT security and addressed to administrators, security team members and practitioners in this field. SECURE’s unique feature is the organisers’ commitment to providing participants with reliable information about everything that is current and meaningful in IT security. A high professional level …
Read more -
02 April 2014 CERT Polska
Win a Honeynet Workshop pass! (UPDATE)
Do you want to attend the Honeynet Workshop Conference in Warsaw? If you solve our CrackMe and you will be the first one to do, you can win a free conference pass. The task is to find “flags” – strings connected to the file that we made specifically for this competition …
Read more -
CERT Polska takes part in a new international project
ERT Polska together with NASK Software Development Division joined a new international project to create system named ILLBuster, aimed at detecting illegal content in computer networks. he project is run by international consortium consisting of Università de Cagliari, Università degli Studi di Milano-Bicocca, University of Georgia, Guardia di Finanza, Polizia …
Read more -
Large-scale DNS redirection on home routers for financial theft
In late 2013 CERT Polska received confirmed reports about modifications in e-banking websites observed on… iPhones. Users were presented with messages about alleged changes in account numbers that required confirmation with mTANs. This behavior would suggest that some Zeus-like trojan had been ported to iOS. As this would be the …
Read more -
New .NET banking malware (VBKlip): no network usage, no registry entries and no AV detection
We recently blogged about a new strain of malware called VBKlip. This malware was aimed at Polish online banking users. In the last few days a new, revised version of this malware has resurfaced. This new version is written in .NET and has a few new ideas which seem to …
Read more -
OTP stealer Android app masquerading as mobile antivirus targets Polish users
The E-Security mobile malware appeared at the beginning of this year. This malware was targeting Polish online banking users, with the goal of stealing One Time Passwords (OTPs) used to confirm banking transactions. The attack was part of a bigger scheme. When the user computer was infected, it displayed an …
Read more -
A quick look at a (new?) cross-platform DDoS botnet
At the beginning of December we started to observe a new botnet spreading on both Linux and Windows machines. In case of the Linux operating systems, the bot was installed through an SSH dictionary attack. The attacker logged in to compromised server and simply downloaded and executed a bot file …
Read more -
How to identify and remove the VBKlip malware?
In our previous article we described a new VB malware, named VBKlip by us, that was replacing a Bank Account Number that was copied to the Windows clipboard. In order to check whether your computer is infected you have to just simply copy a correct Bank Account Number (e.g …
Read more -
New VB malware that changes bank account number when copying from clipboard
At the start of October we started receiving reports of propagation of a new strain of unusual malware. This malware was dedicated for Polish online banking users and implemented a technique new to our market. We received a sample of this malicious software, written in Visual Basic 6. It used …
Read more -
PowerZeus Incident Case Study
CERT Polska has created a technical report about a KINS/PowerZeus infection affecting Polish online banking users. In July 2013 we obtained information about an attack on Polish online banking users. This attack utilized a new strain of malware, which had similar abilities to the previously described ZeuS family, e …
Read more