-
Dorkbot likes to socialize and steals more than you can imagine
Recently there have been numerous reports about a new malware spreading through Skype. Since a couple of days, CERT Polska has also been taking an active role in disabling the Dorknet worm. A Polish security portal Niebezpiecznik.pl (article in Polish) mentioned that it also targets Polish users. We acquired …
Read more -
More human than human – Flame’s code injection techniques
Flame aka Flamer aka Skywiper is a sophisticated trojan application discovered in 2012. Since then it has been the subject of extensive analysis by malware research community. The trojan has been recognized as extraordinarily complicatied, with a modular design and advanced algorithms. The degree of Flame’s complexity raised many …
Read more -
Ransomware: how to remove it, even when the computer does not boot?
We have recently published an article (in Polish) about ransomware malware (mainly WeelsOf) spreading in Poland. This kind of ransomware was initally mentioned on the abuse.ch blog: https://www.abuse.ch/?p=3718. It demands 100 Euro or 500 PLN in order to unlock our computer. We also published …
Read more -
Android malware sending Premium SMS targeting Polish users
CERT Polska received an Android malware sample. Both the application name ( poland_xxx.apk ) and its location (it was downloaded while visiting a popular Polish website, probably as a part of advertisement) may mean that Polish Internet users are targeted. Application sends three Permium-rate SMS, all of …
Read more -
Analysis of a very social malware
Yesterday Polish security portal, Niebezpiecznik.pl, has informed about a new kind of malware spreading through Facebook (article in Polish). CERT Polska got a sample of this malicious software to analyse. Despite Facebook being not a new attack vector, this malware sample is very interesting. Currently it is detected by …
Read more -
ZeuS – P2P+DGA variant – mapping out and understanding the threat
n the autumn of 2011 we observed new malware infections, which looked similar to Zeus. Subsequent analysis of the malicious software mechanism start up, the process of hiding and storing of configuration indeed verified that it was ZeuS. However, monitoring of infected machines failed to uncover the characteristic communicatation with …
Read more -
CERT Polska Semiannual Report: January-June 2011
Our first semiannual report, covering period from January to June 2011 is focused on information from automated systems. We have received almost 4 million automated incident reports and we grouped them in major categories such as spam sources, phishing, malware, bots or DDoS attacks. We discuss our findings in the …
Read more -
CERT Polska annual report for 2010 is published
Our annual report for 2010 presents and comments on statistical data derived from CERT Polska daily operations in 2010. The outcome is a comprehensive analysis of network threats affecting Polish networks as we see them. Unlike previous years, when we focused on manually handled incidents, the data presented in the …
Read more -
ZITMO: The new mobile threat
ZeuS is a “popular” spyware, a short analysis of which we had provided earlier. ZITMO, or “Zeus In The MObile”, is a new threat that has been affecting customers of Polish banks for the past few weeks. This is a new variation of Zeus, targeting smartphones as well as PCs …
Read more