2012, DNS and Malware - Cyber Security Informer

Who’s Behind the Botnet-Based Service BHProxies?

Krebs on Security

FEBRUARY 24, 2023

The Mylobot malware includes more than 1,000 hard-coded and encrypted domain names, any one of which can be registered and used as control networks for the infected hosts. BHProxies has authored 129 posts on Black Hat World since 2012, and their last post on the forum was in December 2022. The website BHProxies[.]com com on Mar.

Accountability

Accountability Advertising Marketing Malware

A whirlwind adventure: Malwarebytes' 15-year journey in business cybersecurity

Malwarebytes

APRIL 6, 2023

Act I: Humble Beginnings (2008 - 2012) In the late 2000s, Malwarebytes tiptoed into the business sector with corporate licensing for its consumer anti-malware product. Malwarebytes added a DNS/Web Content Filtering Module and a Cloud Storage Scanning Module to the mix, rounding off a delectable buffet of cybersecurity enhancements.

Cybersecurity

Cybersecurity Malware Cyber threats Small Business

Cyber mercenaries group DeathStalker uses a new backdoor

Security Affairs

DECEMBER 5, 2020

DeathStalker is a hack-for-hire group discovered by Kaspersky, it has been targeting organizations worldwide, mainly law firms and financial entities, since 2012. The backdoor uses multiple tricks to evade detection and leverages DNS over HTTPS (DoH) to communicate with its C2 server, using Cloudflare responders.

DNS

DNS Phishing Antivirus Encryption

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Previously undocumented Aoqin Dragon APT targets entities in Southeast Asia and Australia

Security Affairs

JUNE 9, 2022

Other techniques employed by the APT group include DLL hijacking, Themida-packed files, and DNS tunneling to evade post-compromise detection. Luring users into double-clicking a fake Anti-Virus to execute malware in the victim’s host. The malware sets the auto start function with the value “EverNoteTrayUService”.

Malware

Malware DNS Encryption Education

StripedFly: Perennially flying under the radar

SecureList

OCTOBER 25, 2023

Introduction It’s just another cryptocurrency miner… Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows. This malware employed a custom EternalBlue SMBv1 exploit to infiltrate its victims’ systems.

Malware

Malware DNS Encryption Cryptocurrency

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Krebs on Security

JANUARY 8, 2024

As detailed in my 2014 book, Spam Nation , Spamdot was home to crooks controlling some of the world’s nastiest botnets, global malware contagions that went by exotic names like Rustock , Cutwail , Mega-D , Festi , Waledac , and Grum. I can not provide DNS for u, only domains.

Cybercrime

Cybercrime Banking Computers and Electronics DDOS

DDoS attacks in Q2 2021

SecureList

JULY 28, 2021

The malware creators promoted their brainchild on a specially set-up YouTube channel and Discord server, where they discussed DDoS attacks. This malware is of interest for its use of infected devices as honeypots. It is linked to a vulnerability in DNS resolvers that allows amplification attacks on authoritative DNS servers.

DDOS

DDOS DNS IoT Marketing

Experts presented BOTCHAIN, the first fully functional Botnet built upon the Bitcoin Protocol

Security Affairs

OCTOBER 26, 2018

Security expert Antonio Pirozzi, director at ZLab malware lab at Cybaze firm, presented at the EU Cyber Threat Conference in Dublin conducted a research along with Pierluigi Paganini (aka @securityaffairs ), about how crooks could abuse blockchain for malicious purposes. Added Paganini. Explained Pirozzi.

DNS

DNS Malware Advertising Technology

What Is DMARC Email Security Technology?

eSecurity Planet

JUNE 1, 2023

Domain-based Message Authentication, Reporting and Conformance is a protocol that was first proposed in January 2012 and widely adopted in 2018 by the U.S. A DMARC policy is included in a DNS record for a given domain, enabling the sender to specify if messages are protected by SPF or DKIM. How Does DMARC Work?

Technology

Technology Authentication DNS Phishing

A Deep Dive Into the Residential Proxy Service ‘911’

Krebs on Security

JULY 18, 2022

re network uses at least two free VPN services to lure its users to install a malware-like software that achieves persistence on the user’s computer,” the researchers wrote. “Using the internal router, it would be possible to poison the DNS cache of the LAN router of the infected node, enabling further attacks.”

VPN

VPN Computers and Electronics Antivirus Software

WinDealer dealing on the side

SecureList

JUNE 2, 2022

In their initial disclosures on this threat actor, TeamT5 identified three malware families: SpyDealer, Demsty and WinDealer. In 2020, we discovered a whole new distribution method for the WinDealer malware that leverages the automatic update mechanism of select legitimate applications. WinDealer is a modular malware platform.

Malware

Malware Encryption Social Engineering Telecommunications

PurpleFox botnet variant uses WebSockets for more secure C2 communication

Security Affairs

OCTOBER 20, 2021

” The MSI package first removes registry keys associated with the old Purple Fox installations if any are present, then it replaces the components of the malware with new ones. “The goal is to install the MSI package as an admin without any user interaction.”

Encryption

Encryption DNS Architecture Firewall

NSO mobile Pegasus Spyware used in operations in 45 countries

Security Affairs

SEPTEMBER 18, 2018

Pegasus is a surveillance malware developed by the Israeli surveillance NSO Group that could infect both iPhones and Android devices, it is sold exclusively to the governments and law enforcement agencies. Earlier August, Citizen Lab shared evidence of attacks against 175 targets worldwide carried on with the NSO spyware. COUNTRY NEXUS.

Spyware

Spyware Mobile Surveillance DNS

The Story of Manuel’s Java RAT.

Security Affairs

JANUARY 25, 2019

During the last weeks, the Cybaze-Yoroi ZLab researchers identified infection attempts aimed to install RAT malware directed to the naval industry sector. Instead, in this case, Cybaze-Yoroi ZLab detected the usage of multiplatform Java malware. Figure 5 – Open directory used by malware to download jre.zip component.

Malware

Malware VPN Advertising InfoSec

Necurs Botnet adopts a new strategy to evade detection

Security Affairs

MARCH 4, 2019

Necurs botnet is currently the second largest spam botnet , it has been active since at least 2012 and was involved in massive campaigns spreading malware such as the Locky ransomware , the Scarab ransomware , and the Dridex banking Trojan. ” concludes the post.

DNS

DNS Banking Advertising Ransomware

Analyzing the APT34’s Jason project

Security Affairs

JUNE 6, 2019

Distributed in a ZIP container (a copy is available here ) the interface is quite intuitive: the Microsoft exchange address and its version shall be provided (even if in the code a DNS-domain discovery mode function is available). which according to Microsoft documentation dates back to 2012. WebService.dll assemply version.

Computers and Electronics

Computers and Electronics Penetration Testing DNS Passwords

Threat Trends: Firewall

Cisco Security

OCTOBER 19, 2021

There are other protection mechanisms, such as Malware Defense , that can block further threats. Much of this traffic is comprised of suspicious DNS queries, which point to known or likely Command and Control sites. DNS BIND information disclosure attempts were also commonly encountered. CVE-2012-0391. CVE-2012-2998.

Firewall

Firewall Authentication DNS Accountability

Point-of-Sale (POS) Security Measures for 2021

eSecurity Planet

FEBRUARY 8, 2021

Don Duncan, security engineer at NuData Security, told eSecurity Planet by email that POS systems are often dangerously easy to penetrate with malware , including the following (among many others): Dexter was discovered by Seculert (now Radware) researchers in 2012. vSkimmer malware, a successor to Dexter, dates back to 2013.

Retail

Retail Encryption Malware Artificial Intelligence

Versa Unified SASE Review & Features 2023

eSecurity Planet

SEPTEMBER 26, 2023

Founded in 2012, Versa Networks seeks to deploy a single software operating system, called VOS, to converge and integrate cloud and on-premises security, networking, and analytics. Who is Versa Networks? Using VOS, Versa enables customers and service providers to deploy SASE and software-defined wide area network (SD-WAN) solutions.

Firewall

Firewall Software Antivirus Internet

Iranian Threat Actors: Preliminary Analysis

Security Affairs

JANUARY 15, 2020

Bonupdater, Helminth, Quadangent and PowRuner are some of the most sophisticated Malware attributed to OilRig and analyzed over the past few years. APT33 showed destruction intents by using Malware such as shamoon and stoneDrill , while Muddy mostly wants to “ backdooring ” the victims. CopyKittens.

Computers and Electronics

Computers and Electronics Penetration Testing Malware Government

Cyber CEO: The History Of Cybercrime, From 1834 To Present

Herjavec Group

AUGUST 26, 2021

After being released in 2003, he uses WiFi to commit attacks, program malware and steal credit card information. 2002 – Internet Attack — By targeting the thirteen Domain Name System (DNS) root servers, a DDoS attack assaults the entire Internet for an hour. 1998-2007 — Max Butler — Max Butler hacks U.S. billion dollars in damages.

Cybercrime

Cybercrime Computers and Electronics Banking Hacking

10 Best CASB Security Vendors of 2022

eSecurity Planet

DECEMBER 17, 2021

Continuous monitoring of unsanctioned applications, malware , security policies, and more. Multiple security layers to protect against cloud threats and malware. Scan cloud infrastructure for compromised users, rogue apps, and known malware. Malware detection and prevention. Cloud phishing and malware threats.

Risk

Risk Firewall Authentication Encryption

WarHawk: the New Backdoor in the Arsenal of the SideWinder APT Group

Security Boulevard

OCTOBER 21, 2022

Recently, Zscaler ThreatLabz discovered a new malware being used by the SideWinder APT threat group in campaigns targeting Pakistan: a backdoor we’ve called “WarHawk.” From this check we can deduce that the malware is specifically targeted towards Pakistan by the SideWinder APT Group: Fig 34. Beacon Type: Hybrid HTTP DNS.

DNS

DNS Phishing Malware Government

Cyber Security Informer

Who’s Behind the Botnet-Based Service BHProxies?

A whirlwind adventure: Malwarebytes' 15-year journey in business cybersecurity

Webinars

Trending Sources

Cyber mercenaries group DeathStalker uses a new backdoor

Webinars

Previously undocumented Aoqin Dragon APT targets entities in Southeast Asia and Australia

StripedFly: Perennially flying under the radar

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

DDoS attacks in Q2 2021

Experts presented BOTCHAIN, the first fully functional Botnet built upon the Bitcoin Protocol

What Is DMARC Email Security Technology?

A Deep Dive Into the Residential Proxy Service ‘911’

WinDealer dealing on the side

PurpleFox botnet variant uses WebSockets for more secure C2 communication

NSO mobile Pegasus Spyware used in operations in 45 countries

The Story of Manuel’s Java RAT.

Necurs Botnet adopts a new strategy to evade detection

Analyzing the APT34’s Jason project

Threat Trends: Firewall

Point-of-Sale (POS) Security Measures for 2021

Versa Unified SASE Review & Features 2023

Iranian Threat Actors: Preliminary Analysis

Cyber CEO: The History Of Cybercrime, From 1834 To Present

10 Best CASB Security Vendors of 2022

WarHawk: the New Backdoor in the Arsenal of the SideWinder APT Group

Stay Connected