Report an incident
Read in Polish Read in polish
  • About us
  • News
  • FAQ
  • Analyses
  • Publications
  • Contact
Tag #botnet
  • 05 February 2019 Michał Praszmo #botnet #malware #trickbot #trojan

    Detricking TrickBot Loader

    Article thumbnail

    TrickBot (TrickLoader) is a modular financial malware that first surfaced in October in 20161. Almost immediately researchers have noticed similarities with a credential-stealer called Dyre. It is still believed that those two families might’ve been developed by the same actor. But in this article we will not focus …

    Read more
  • 01 June 2018 Paweł Srokosz #analysis #banker #botnet #malware

    Ostap malware analysis (Backswap dropper)

    Article thumbnail

    Malicious scripts, distributed via spam e-mails, have been getting more complex for some time. Usually, if you got an e-mail with .js attachment, you could safely assume it’s just a simple dropper, which is limited to downloading and executing malware. Unfortunately, there is a growing number of campaigns these …

    Read more
  • 16 January 2018 Agnieszka Bielec #analysis #android #botnet #malware #trojan

    Analysis of a Polish BankBot

    Article thumbnail

    Analysis of a Polish BankBot Recently we have observed campaigns of a banking malware for Android system, which targets Polish users. The malware is a variant of the popular BankBot family, but differs from the main BankBot samples. Its victims were infected by installing a malicious application from Google Play …

    Read more
  • 24 May 2017 Paweł Srokosz #analysis #emotet #botnet #dhl #malware #trojan

    Analysis of Emotet v4

    Article thumbnail

    Introduction Emotet is a modular Trojan horse, which was firstly noticed in June 2014 by Trend Micro. This malware is related to other types like Geodo, Bugat or Dridex, which are attributed by researches to the same family. Emotet was discovered as an advanced banker – it’s first campaign targeted …

    Read more
  • 01 October 2015 piotrb #botnet #detection #detection system #detekcja #dga #DNS #NXDomain #system detekcji

    How non-existent domain names can unveil DGA botnets

    Article thumbnail

    Domain Generation Algorithms are used in botnets to make it harder to block connections to Command & Control servers and to make it difficult to takeover botnet infrastructure. The main objective of these algorithms is to generate a big number of different domain names which usually look random, like Read more

  • 06 May 2015 CERT Polska #analysis #botnet #dga #DNS

    DGA botnet domains: malicious usage of pseudo random domains

    Article thumbnail

    In the previous entry we showed examples of domains, which could be easily missclassified as DGA botnet domains. Most of them are machine generated and used in a non-malicious manner. In this entry, conversely, we will present examples of pseudo random domains, which could be used in attacks or be …

    Read more
  • 17 April 2015 CERT Polska #botnet #dga #DNS

    DGA botnet domains: on false alarms in detection

    Article thumbnail

    Domain Generation Algorithms are often used in botnets to create specially crafted domain names which point to C&C servers. The main purpose of this is to make it more difficult to block connections to these servers (for example with domain blacklists) or to protect the C&C channel (and …

    Read more
  • 25 June 2014 CERT Polska #botnet #e-banking #malware

    E-mail trojan attack on Booking.com and online auction website Allegro.pl clients

    Article thumbnail

    During the last few days, we have observed an attack on Polish users of auction website Allegro.pl and a hotel reservation portal – Booking.com. These attacks were directed at Polish users. Victims received a personalized e-mail that informed them that their account has been blocked either due to the …

    Read more
  • 29 May 2014 CERT Polska #botnet #e-banking #malware

    A look on the VBKlip “battlefield”

    Article thumbnail

    On multiple occasions we informed about a new threat to Polish online banking users, which we named VBKlip. This is a new kind of malware that substitutes the bank account number that has been copied to the clipboard. This works when we try to, e.g. pay a bill, and …

    Read more
  • 22 May 2014 CERT Polska #botnet #malware

    Annual cert.pl report

    Article thumbnail

    We have published our annual report, describing CERT Polska activities in 2013. The highlights of the document are: our botnets takeover summary, our malware analyses results, stopping rogue registrar Domain Silver Inc. and results of botnet sizes estimations done using new methodology. Full document in English can be downloaded HERE …

    Read more
1 2 ... 3 »

The CERT Polska team operates within the structures of NASK (Research and Academic Computer Network) — a research institute which conducts scientific studies, operates the national .pl domain registry and provides advanced IT services.

Social media

Facebook Twitter GitHub

Contact

ul. Kolska 12, PL-01-045 Warsaw, Poland
tel.: +48 22 380 82 74
fax: +48 22 380 83 99
ePUAP: /NASK-Instytut/SkrytkaESP

E-mail: [email protected]
Incidents: [email protected]

Co-financed by the Connecting Europe Facility of The European Union
  • © 2023 NASK
  • Privacy policy
  • CSIRT GOV
  • CSIRT MON