Archive for 'July 2014'

    BrutPOS: RDP Bruteforcing Botnet Targeting POS Systems

    By Nart Villeneuve, Joshua Homan, Kyle Wilhoit
    There have been an increasing number of headlines about breaches at retailers in which attackers have made off with credit card data after compromising point-of-sale (POS) terminals. However, what is not commonly discussed is the fact that one third of these breaches are a result of weak default passwords in the remote administration software that is typically installed on these systems. [1] While advanced exploits generate a lot of interest, sometimes it’s Read more...


    Havex, It’s Down With OPC

    By Kyle Wilhoit
    FireEye recently analyzed the capabilities of a variant of Havex (referred to by FireEye as “Fertger” or “PEACEPIPE”), the first publicized malware reported to actively scan OPC servers used for controlling SCADA (Supervisory Control and Data Acquisition) devices in critical infrastructure (e.g., water and electric utilities), energy, and manufacturing sectors. While Havex itself is a somewhat simple PHP Remote Access Trojan (RAT) that has been analyzed by other sources, none of these Read more...


    Operation Tovar: The Latest Attempt to Eliminate Key Botnets

    By Meaghan Molloy
    Coordinated botnet disruptions have increased in pace and popularity over the last few years as more private companies work with international law enforcement agencies to combat malware infections on a grand scale. Operation Tovar, announced on June 2 2014, is the latest to make headlines. The target of the investigation, Evgeniy Mikhailovich Bogachev, was indicted by the Department of Justice and is wanted by the FBI for his role as alleged leader Read more...


    The Little Signature That Could: The Curious Case of CZ Solution

    By James T. Bennett, Kyle Wilhoit
    Malware authors are always looking for new ways to masquerade their actions. Attackers are looking for their malware to be not only fully undetectable, but also appear valid on a system, so as not to draw attention. Digital signatures are one way malware authors keep under the radar. Digital signatures are an easy, quick way to verify the authenticity of an application utilizing the signature.Threat actors routinely steal digital signing certificates to Read more...


    The Service You Can’t Refuse: A Secluded HijackRAT

    By Jinjian Zhai, Jimmy Su
    In Android world, sometimes you can’t stop malware from “serving” you, especially when the “service” is actually a malicious Android class running in the background and controlled by a remote access tool (RAT). Recently, FireEye mobile security researchers have discovered such a malware that pretends to be a “Google Service Framework” and kills an anti-virus application as well as takes other malicious actions.In the past, we’ve seen Android malware that execute privacy Read more...

    An error has occurred

     

    Well that wasn’t supposed to happen. Something went wrong when trying to access this page. Please try again in a few minutes while we’re working on it.

    To send feedback about this error, click here.