Jew World Order

Our previous analysis of the Flame malware, the advanced cyber-espionage tool that’s linked to the Stuxnet operation, was initially published at the end of May 2012 and revealed a large scale campaign targeting several countries in the Middle East. The Flame malware, including all of its components, was very large and our ongoing investigation revealed […]

Our previous analysis of the Flame malware, the advanced cyber-espionage tool that’s linked to the Stuxnet operation, was initially published at the end of May 2012 and revealed a large scale campaign targeting several countries in the Middle East. The Flame malware, including all of its components, was very large and our ongoing investigation revealed […]

The appearance of a new Android malware family is not that surprising at all today. Especially when we talk about SMS Trojans which are one of the most popular and oldest type of threats created for extracting money from users. A new family of SMS Trojans named Vidro appeared a few days ago but weve […]

Recently, we came across web malware that instead of injecting an iframe pointing to a fixed existing address generates a pseudo-random domain name, depending on the current date. This approach is not new and is widely used by botnets in CC domain name generation, yet it’s not very common for the web malware weve seen […]

Defcon 2012 marked its 20th anniversary with unexpected speakers, some pretty tough content, and the cultural dark magic that buzzes the conference every year. The Dark Tangent welcomed Mark Weatherford. an ex-Navy and Raytheon security guy that became the CISO of the State of Colorado and California and then CSO at the highly regulated NERC […]

The Blackhat 2012 keynote started the event with Shawn Henry, and ex-Fbi director, painting a grim, seemingly unspeakable picture of cyberespionage in the US. It was interesting that he continually spoke about the gravity of the situation and the need to apply what he learned at the Fbi to protecting digital assets, but he couldn’t […]

The Blackhat 2012 keynote started the event with Shawn Henry, and ex-Fbi director, painting a grim, seemingly unspeakable picture of cyberespionage in the US. It was interesting that he continually spoke about the gravity of the situation and the need to apply what he learned at the Fbi to protecting digital assets, but he couldn’t […]

BlackHat USA may have been wrapped up for the year but DEFCON is in full swing. I didn’t stay around for DEFCON though, which means I finally have some time to reflect on BlackHat. This year featured the first time Apple presented at BlackHat, about iOS security. While the presentation lacked the details usually seen […]

BlackHat USA may have been wrapped up for the year but DEFCON is in full swing. I didn’t stay around for DEFCON though, which means I finally have some time to reflect on BlackHat. This year featured the first time Apple presented at BlackHat, about iOS security. While the presentation lacked the details usually seen […]

Yesterday lots of antivirus labs got a sample of the new antivirus program targeting MAC OS X users. This sample named Backdoor.OSX.Morcut was distributed using social engineering techniques via a JAR file with the name AdobeFlashPlayer.jar and allegedly signed by VeriSign Inc. Notification from the JAVA virtual machine about the launch of the untrusted applet […]

In our previous blogpost, we discussed the Madi campaign, uncovered through joint research with our partner Seculert. In this blogpost, we will continue our analysis with information on the Madi infrastructure, communications, data collection, and victims. The Madi infrastructure performs its surveillance operations and communications with a simple implementation as well. Five command and control […]

Last night, we received a new version of the #Madi malware, which we previously covered in our blog. Following the shutdown of the Madi command and control domains last week, we thought the operation is now dead. Looks like we were wrong. The new version appears to have been compiled on July 25th as it […]

For almost a year, an ongoing campaign to infiltrate computer systems throughout the Middle East has targeted individuals across Iran, Israel, Afghanistan and others scattered across the globe. Together with our partner, Seculert, weve thoroughly investigated this operation and named it the Madi, based on certain strings and handles used by the attackers. You can […]

There are just 11 days to go until the opening ceremony of the Summer Olympic Games in London. With the games fast approaching, now’s a good time for us to issue a gentle reminder about security. I’m not thinking here about the security of the games themselves. It’s possible, of course, that someone might try […]

We speak about attacks on online providers that result in the leak of personal users’ passwords. Just recently we saw the leak of 6.46 million Linkedin user passwordss. Right after this we saw a leak of 400 thousand Yahoo Voices passwords. These are not isolated cases; nowadays we see many successful attacks that lead to […]

This month’s patch Tuesday brings a set of three “critical” bulletins focused on Windows/web browser component vulnerabilities and six other bulletins rated “important”. In other words, two of the critical components are considered “Windows” components, but most likely would be attacked through the web browser. Also, the top priority bulletin patches the CVE-2012-1889 vulnerability being […]

Not really, especially in Latin America. Every day we register lots of similar attacks, each abusing local DNS settings. Actually these attacks are a bit different because they modify the local HOST file but the principle is the same – redirecting the victim to a malicious host via malicious DNS records. Latin American cybercriminals are […]

Here we are. It’s the last call on DNSChanger cleanup. On Monday, the Fbi-run replacement DNS servers are coming down because the court-ordered extension is coming to an end, and your systems may using these servers for resolution. There are a set of sites that may unreliably help you identify whether your machine or router […]

FBI’s “Operation Ghost Click” was discussed earlier by my colleague Kurt here and here and now it comes to an end. Next Monday, 9th of July, at 06:00 (MEZ) the temporary DNS-servers setup by FBI will be shut down. But still there are still thousands of infected machines – one can wonder, what will happen […]

Yesterday we were contacted by our partner MegaFon, one of the major mobile carriers in Russia. They notified us about a suspicious application, which was found in both the Apple App Store and Google Play. At first glance, this seemed to be an SMS worm spread via sending short messages to all contacts stored in […]

Recently, we wrote about Dalai Lama being a frequent Mac user. While this is true for his holiness, not all his supporters use Macs yet. You may wonder why is this relevant? Well, on 6th of July, his holiness will be 77 years old, a kind of round number. There is no surprise that “Dalai […]

Most of the JS code analyzed are legitimate files modified, i.e. no new files are created on the compromised host. Usually the modified code is appended to the end of the legitimate file. There are only a few different malicious codes in the hundreds of infected sites. So we can relate these infections to different […]

Two days ago we intercepted a new APT campaign using a new MacOS X backdoor variant targeted at Uyghur activists. But before we go into details, let’s start with a quiz: – The Dalai Lama walks into an Apple Store. Why? A possible answer is, “to buy one of the new MacBook Pro’s with the […]

To your knowledge, what countries have such kind of policy?

Deep inside one of Stuxnet’s configuration blocks, a certain 8 bytes variable holds a number which, if read as a date, points to June 24th, 2012. This is actually the date when Stuxnet’s LNK replication sub-routines stop working and the worm stops infecting USB memory sticks. The specific variable which keeps the “time of death” […]

3rd party? i assume it came from 3rd party markets and not from Android Market.

Recently, we came by an interesting targeted attack which was evading most antivirus products. This is a recent spearphish targeting various Tibetan and human rights activists. It demonstrates the level of effort put into infiltrating their groups with some unique characteristics, relative to the many other exploits targeting CVE-2012-0158. Here’s how such e-mails appear: Subject: […]

nigerian spam I have one general question about nigerian spam, namely, I am getting in my spam folder lots of spam which I think comes from eastern europian gangs and some from spain. But occasionally I get the nigerina spam, very often cyrillic charset is underlaying and I ask my self isn’t it just masking […]

Microsoft released a set of seven bulletins, patching 26 total software vulnerabilities. Multiple remote code execution holes are being patched, but the two most urgent are the Internet Explorer and Remote Desktop Protocol updates. Almost half of the 26 vulnerabilities being patched this month are maintained in versions 6, 7, 8, and 9 of Internet […]

Microsoft released a set of five bulletins, patching 29 total software vulnerabilities. Multiple remote code execution holes are being patched, but the two most urgent are the Internet Explorer and Remote Desktop Protocol updates. Almost half of the 29 vulnerabilities being patched this month are maintained in versions 6, 7, 8, and 9 of Internet […]