LEDjnd:

LED energy saving lamp guiding support network is in the NDRC, the Ministry of Science, the SASAC, the Ministry of Industry, Ministry of Environmental Protection, the Ministry of Commerce and other ministries, the global advocate and develop green low-carbon industries, promote low-carbon lifestyle and country background vigorously promote energy conservation, environmental protection, decided to gradually discontinued incandescent, set up under the full shift to LED energy-saving lamps, represented by new ideas, from the diplomatic drift Chinese central enterprises editorial department, the development of exchanges and cooperation between Chinese and foreign alliances, LED industry , Peking University School of Economics, […] Continue Reading…

Furtim/SFG Using Existing Virtual Fast-Flux Network

Same Network Leveraged by Carberp, Pony and More

This month, reports surfaced of a sophisticated malware threat found on computers of a European power generation and distribution company. The malware was dubbed “SFG” and the reports linked it to a malware strain named “Furtim” by the security researchers who first recognized and analyzed it in May 2016.

The post Furtim/SFG Using Existing Virtual Fast-Flux Network appeared first on Damballa.

[…] Continue Reading…

Identifying “Billion Dollar” BBSwift Malware on Networks – Surprising IOCs

BBSwift was used to attempt nearly USD $1 billion in fraudulent bank transfers from Bangladesh Bank using the SWIFT network. Due in part to some small mistakes (like typos) made by the attackers that aroused suspicion, some transfers failed, others were denied, and some were later reversed.

The post Identifying “Billion Dollar” BBSwift Malware on Networks – Surprising IOCs appeared first on Damballa.

[…] Continue Reading…

SpyEye Sentencing

On Wednesday, April 20, 2016, a federal judge handed down stiff sentences for Aleksandr Panin (“Gribodemon” or “Harderman”), author of the infamous SpyEye banking trojan, and his co-conspirator, Hamza Bendelladj (“bx1”).

The post SpyEye Sentencing appeared first on Damballa.

[…] Continue Reading…

How Wide Open is the Back Door to Command & Control?

Based on enterprise networks Damballa assessed over the past three months the answer is ‘very.’ Data collected during Network Security Checkups shows that more than 60% of the time, infected devices successfully connected with criminal control & command (C&C) servers.

The post How Wide Open is the Back Door to Command & Control? appeared first on Damballa.

[…] Continue Reading…

Threat Actors Use Sketchy Dating Website to Launch New Home Router Attacks

A year ago, SANS ISC revealed a malware family, dubbed TheMoon, that scans for any vulnerable home router based on the HNAP protocol. The criminals moved from scanning IP ranges for potential vulnerable home routers to embedding the attack on a website.

The post Threat Actors Use Sketchy Dating Website to Launch New Home Router Attacks appeared first on Damballa.

[…] Continue Reading…

MegalodonHTTP author arrested, Damballa assists Law Enforcement

Last month, the Norwegian police arrested five men in a joint effort with Europol as part of the OP Falling sTAR. Damballa’s Threat Discovery Center worked in cooperation with the Norwegian police over the last few months to track and identify the author of the malware called MegalodonHTTP.

The post MegalodonHTTP author arrested, Damballa assists Law Enforcement appeared first on Damballa.

[…] Continue Reading…

Pony Up! Eight Months of Evolution

Damballa’s Threat Discovery Center has been monitoring Pony for eight months, and has captured all instances. We’re releasing statistics that show the evolution, strategy and tactics of how criminals keep their infrastructure on the move.

The post Pony Up! Eight Months of Evolution appeared first on Damballa.

[…] Continue Reading…

Darkode Reloaded – New Forum Gets “F” Grade

We’ve been monitoring the dark web to see if a new Darkode forum would show up and we discovered the new Darkode Reloaded. It has resurfaced.

The post Darkode Reloaded – New Forum Gets “F” Grade appeared first on Damballa.

[…] Continue Reading…

Wannabe Cybercriminal Seeks Support for Pony Loader

We received a fascinating request the other day from a company called darknetshop located in Thailand. The proprietor, Waipot Sompa, expressed an interest in acquiring a copy of Pony Loader as well as install support.

The post Wannabe Cybercriminal Seeks Support for Pony Loader appeared first on Damballa.

[…] Continue Reading…

New Discovery: Ties Between Corebot and Darknet Crypt Service

Crypter is a software used by cybercriminals to encrypt their malware to evade detection. It can add features to the malware like sandbox, virtual machine checks, autorun creation and more, depending on the software.

The post New Discovery: Ties Between Corebot and Darknet Crypt Service appeared first on Damballa.

[…] Continue Reading…