2015, DNS and Malware - Cyber Security Informer

Analyzing OilRig’s malware that uses DNS Tunneling

Security Affairs

APRIL 18, 2019

Iran-linked APT group OilRig is heavily leveraging on DNS tunneling for its cyber espionage campaigns, Palo Alto Networks reveals. Security researchers at Palo Alto Networks reported that Iran-linked APT group OilRig is heavily leveraging on DNS tunneling for its cyber espionage campaigns, Palo Alto Networks reveals.

DNS

DNS Malware Advertising Hacking

Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH)

Security Affairs

JULY 4, 2019

The peculiarity of this new piece of malware is the ability to communicate with C2 servers via DNS over HTTPS ( DoH ). The DoH protocol was a new standard proposed in October 2018 and it is currently supported by several publicly available DNS servers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

DNS

DNS Malware Advertising DDOS

DHS CISA urges government agencies to fix SIGRed Windows Server DNS bug within 24h

Security Affairs

JULY 17, 2020

US DHS CISA urges government agencies to patch SIGRed Windows Server DNS vulnerability within 24h due to the likelihood of the issue being exploited. The SigRed flaw was discovered by Check Point researcher Sagi Tzaik and impacts Microsoft Windows DNS. reads the analysis published by CheckPoint. ” states Krebs.

DNS

DNS Government Advertising Engineering

Experts warn of a surge in activity associated FICORA and Kaiten botnets

Security Affairs

DECEMBER 27, 2024

Some of the vulnerabilities exploited by the botnets are CVE-2015-2051 , CVE-2019-10891 , CVE-2022-37056 , and CVE-2024-33112. The script uses various methods like “wget,” “ftpget,” “curl,” and “tftp” to download the malware. ” reads the report published by Fortinet.

Architecture

Architecture Malware DNS DDOS

Microsoft fixes critical wormable RCE SigRed in Windows DNS servers

Security Affairs

JULY 14, 2020

The SigRed flaw was discovered by Check Point researcher Sagi Tzaik and impacts Microsoft Windows DNS. An attacker could exploit the SigRed vulnerability by sending specially-crafted malicious DNS queries to a Windows DNS server. Non-Microsoft DNS Servers are not affected.”

DNS

DNS Advertising Malware Hacking

Massive increase in XorDDoS Linux malware in last six months

Malwarebytes

MAY 25, 2022

Based on a case study in 2015 , Akamai strengthened the theory that the malware may be of Asian origin based on its targets. Microsoft said that XorDDoS continues to home on Linux-based systems, demonstrating a significant pivot in malware targets. MMD believed the Linux Trojan originated in China.

Malware

Malware IoT DDOS DNS

Linksys force password reset to prevent Router hijacking

Security Affairs

APRIL 16, 2020

Linksys has reset passwords for all its customers’ after learning on ongoing DNS hijacking attacks aimed at delivering malware. Crooks continue to launch Coronavirus-themed attacks , in the last weeks, experts observed hackers hijacking D-Link and Linksys routers to redirect users to COVID19-themed sites spreading malware.

Passwords

Passwords DNS Malware Advertising

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

Security Affairs

OCTOBER 1, 2018

Security experts from Qihoo 360 NetLab spotted GhostDNS, a malware that already infected over 100K+ devices and targets 70+ different types of routers. Security experts from Qihoo 360 NetLab have uncovered an ongoing hacking campaign that leverages the GhostDNS malware. ” reads the analysis published by the experts.

DNS

DNS Malware Firmware Phishing

Hackers hijack D-Link and Linksys routers to point users to coronavirus-themed sites serving malware

Security Affairs

MARCH 26, 2020

The number of Coronavirus-themed attacks continues to increase, crooks hijack D-Link and Linksys routers to redirect users to sites spreading COVID19-themed malware. Crooks continue to launch Coronavirus-themed attacks , experts observed hackers hijacking D-Link and Linksys routers to redirect users to COVID19-themed sites spreading malware.

Malware

Malware DNS Advertising Cryptocurrency

GoldenHelper, a new malware delivered via Chinese tax software

Security Affairs

JULY 15, 2020

Security researchers discovered another malware family delivered through tax software that some businesses operating in China are required to install. Security researchers at Trustwave have discovered another malware family delivered through tax software that Chinese banks require companies operating in the country to install.

Software

Software Malware Banking Advertising

New Russian Language Malspam is delivering Redaman Banking Malware

Security Affairs

JANUARY 24, 2019

A still ongoing spam campaign that has been active during the last months has been distributing the Redaman banking malware. Experts at Palo Alto Networks continue to monitor an ongoing spam campaign that has been distributing the Redaman banking malware. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Banking

Banking Malware Advertising DNS

China-linked Winnti APT targets South Korean Gaming firm

Security Affairs

APRIL 22, 2020

” The malware sample employed in the attack resembled a Winnti dropper previously analyzed by ESET researcher that was submitted to a public online malware scanning service. The analysis of the configuration file of malware allowed the identification of the intended target. ” continues the report. Pierluigi Paganini.

DNS

DNS Malware Advertising Software

FIN7 is back with a previously unseen SQLRat malware

Security Affairs

MARCH 22, 2019

The financially-motivated hacking group FIN7 is back and used a new piece of malware in a recent hacking campaign. Security experts at Flashpoint revealed that the financially-motivated cybercrime group FIN7 (aka Anunak and Carbanak ) used new malware in a recent hacking campaign. ” continues the analysis. Pierluigi Paganini.

Malware

Malware Identity Theft Cybercrime Hacking

New Linux coin miner kills competing malware to maximize profits

Security Affairs

FEBRUARY 10, 2019

Security experts from Trend Micro have discovered a new strain of coin miner that targets the Linux platform and installs the XMR-Stak Cryptonight cryptocurrency miner, researchers observed it killing other Linux malware and coin miners present on the infected machine. ” reads the analysis published by Trend Micro. Pierluigi Paganini.

Malware

Malware Cryptocurrency Advertising DNS

The return of the AdvisorsBot malware

Security Affairs

FEBRUARY 1, 2019

Security experts at Cybaze – Yoroi ZLab have analyzed a new sample of the AdvisorsBot malware, a downloader that was first spotted in August 2018. As usual, the malware looks like a legitimate e-mail attachment, named as “invoice.doc”. Figure 3 – Piece of VBS script that starts malware infection. DLL Analysis.

Malware

Malware DNS Social Engineering Advertising

German encrypted email service Tutanota suffers DDoS attacks

Security Affairs

SEPTEMBER 19, 2020

The popular encrypted email service Tutanota was hit with a series of DDoS attacks this week targeting its website fist and its DNS providers later. Encrypted email service, Tutanota suffered a series of DDoS attacks that initially targeted the website and later its DNS providers. “As a result these providers went down. .

DDOS

DDOS Encryption DNS Advertising

OilRig APT uses Karkoff malware along with DNSpionage in recent attacks

Security Affairs

APRIL 24, 2019

Iran-linked OilRig cyberespionage group is using the reconnaissance malware Karkoff along with DNSpionage in recent campaigns. Iran-linked OilRig cyberespione group is using the reconnaissance malware Karkoff along with DNSpionage in recent campaigns. ” reads the analysis published by Talos. ” continues the experts.

Malware

Malware DNS Advertising Hacking

“FudCo” Spam Empire Tied to Pakistani Software Firm

Krebs on Security

SEPTEMBER 6, 2021

In May 2015, KrebsOnSecurity briefly profiled “ The Manipulaters ,” the name chosen by a prolific cybercrime group based in Pakistan that was very publicly selling spam tools and a range of services for crafting, hosting and deploying malicious email. ” The IT network of The Manipulaters, circa 2013. Image: Facebook.

Software

Software Phishing Cybercrime Accountability

New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms

Security Affairs

SEPTEMBER 17, 2018

Palo Alto Network researchers discovered a new malware, tracked as XBash, that combines features from ransomware, cryptocurrency miners, botnets, and worms. Security researchers at Palo Alto Networks have discovered a new piece of malware, dubbed XBash piece that is targeting both Linux and Microsoft Windows servers.

Cryptocurrency

Cryptocurrency Malware Ransomware Cybercrime

Trend Micro observed notable malware activity associated with the Momentum Botnet

Security Affairs

DECEMBER 18, 2019

Security experts recently found notable malware activity affecting devices running Linux that is associated with the Momentum Botnet. Malware researchers from Trend Micro recently observed notable malware activity affecting devices running Linux that is associated with the Momentum Botnet. ” concludes the analysis.

Malware

Malware DDOS Advertising DNS

Hundreds of Microsoft sub-domains open to hijacking

Security Affairs

MARCH 5, 2020

Security researchers demonstrated that hundreds of sub-domains belonging to Microsoft could potentially be hijacked and abused to deliver malware and for phishing attacks. Let’s consider mybrowser.microsoft.com, it might have resolved by the DNS to something like webserver9000.azurewebsites.net. azurewebsites.net.

DNS

DNS Phishing Advertising Malware

The Muncy malware is on the rise

Security Affairs

FEBRUARY 19, 2019

Over the last few days, a phishing campaign from DHL and entitled “ DHL Shipment Notification ” has been targeted users worldwide distribution the Muncy malware. Now, the malware is targeting user’s worldwide and has been spread via phishing campaigns. The process flow diagram below shown how the malware works.

Malware

Malware Phishing DNS Engineering

Security Affairs - Untitled Article

Security Affairs

JULY 17, 2019

Threat actors used the Extembro DNS- changer Trojan in an adware campaign to prevent users from accessing security-related websites. Security experts at Malwarebytes observed an adware campaign that involved the Extembro DNS- changer Trojan to prevent users from accessing websites of security vendors. ” concludes the analysis.

Adware

Adware DNS Advertising Malware

Recent Roaming Mantis campaign hit hundreds of users worldwide

Security Affairs

APRIL 8, 2019

Kaspersky Lab reported that hundreds of users have been targeted with malware over the past month as part of a recent Roaming Mantis campaign. Security experts at Kaspersky Lab reported that hundreds of users have been targeted with malware over the past month as part of a new campaign associated with Roaming Mantis gang.

DNS

DNS Mobile Phishing Malware

DarkHydrus adds Google Drive support to its RogueRobin Trojan

Security Affairs

JANUARY 19, 2019

“This malware is a lure Excel document with name ‘???????.xlsm’. The final stage malware is a backdoor written in C#. According to the analysis made by malware researchers from Palo Alto Networks, the text file includes parts of a Windows Script Component (.SCT) The final stage malware is a backdoor written in C#.

DNS

DNS Penetration Testing Malware Advertising

Iran-Linked OilRig APT group targets high-ranking office in a Middle Eastern nation

Security Affairs

SEPTEMBER 14, 2018

The OilRig hacker group has been around since at least 2015, since then it targeted mainly organizations in the financial and government sectors, in the United States and Middle Eastern countries. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” continues the experts.

DNS

DNS Phishing Government Malware

For nearly a year, Brazilian users have been targeted with router attacks

Security Affairs

JULY 13, 2019

The campaign uncovered by Avast aimed at silently modifying the Brazilian users’ Domain Name System (DNS) settings to redirect victims to malicious websites mimicking legitimate ones. “ Malware then guesses routers’ passwords , which new research from Avast shows are often weak. ” reads a blog post published by Avast.

DNS

DNS Passwords Advertising Banking

Chinese-speaking cybercrime gang Rocke changes tactics

Security Affairs

OCTOBER 15, 2019

The group has been observed using new tactics, techniques, and procedures (TTPs), it is also using updated malware to evade detection. “the actor moved away from hosting the scripts on dedicated servers and instead started to use Domain Name System (DNS) text records. Pierluigi Paganini.

Cybercrime

Cybercrime DNS Malware Advertising

Hackers use hackers spreading tainted hacking tools in long-running campaign

Security Affairs

MARCH 10, 2020

“The threat actors behind this campaign are posting malware embedded inside various hacking tools and cracks for those tools on several websites. The domain started to be associated with malware around the time of the re-registration, however, it is unclear whether this Vietnamese individual has any ties to the malware campaign.”

Hacking

Hacking Advertising Malware DNS

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

Security Affairs

JANUARY 13, 2019

Proofpoint analyzed two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang. Security researchers at Proofpoint researchers discovered two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang.

Malware

Malware Financial Services DNS Retail

Crooks use tainted Zoom apps to target users at home due to Coronavirus outbreak

Security Affairs

APRIL 2, 2020

“This piece of malware has components injected in the repackaged Zoom application,” The attacks observed by the researchers only did not involved the official Google Play. ddns.net:4444, which is a dynamic DNS service that allows a user with a dynamic IP address to map it to a subdomain. Pierluigi Paganini.

Mobile

Mobile Advertising Malware DNS

China-Linked APT15 group is using a previously undocumented backdoor

Security Affairs

JULY 23, 2019

The attackers demonstrated an increasing level of sophistication across the years, they used custom-malware and various exploits in their attacks. “Second, we identified a previously undocumented malware family with strong links to the Ke3chang group – a backdoor we named Okrum. ” reads the report published by ESET.

Malware

Malware DNS Advertising Manufacturing

TrickBot operators employ Linux variants in attacks after recent takedown

Security Affairs

OCTOBER 28, 2020

According to a new report published by researchers from security firm Netscout , TrickBot’s operators have started to use a new variant of their malware in an attempt to Linux systems and expand the list of its targets. “Often delivered as part of a zip, this malware is a lightweight Linux backdoor. Pierluigi Paganini.

DNS

DNS Banking Advertising Malware

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

Security Affairs

JUNE 18, 2020

They use DNS tunneling for stealthier C&C communications, and place execution guardrails on the malicious components to hide the malware from security researchers.” Experts also observed attackers using a DNS downloader that was designed for long-term, covert access to the target machine. Pierluigi Paganini.

DNS

DNS Advertising Spyware Software

Nigerian Tesla: 419 scammer gone malware distributor unmasked

Malwarebytes

MAY 5, 2022

The technique is really simple as it only requires an email account that sends messages to itself containing stolen credentials for each victim that executed the malware on their computer. We have records indicating that several Adobe fake pages were deployed from 2015 until recently. Test successful! ” from the same machine.

Malware

Malware Scams Phishing Accountability

Explained: Domain fronting

Malwarebytes

DECEMBER 1, 2023

The list includes Amazon (banned in 2018), Google (2018), Microsoft (2022), and Cloudflare (2015). For a “normal” connection to a website, a Domian Name System (DNS) finds the IP address for the requested domain name. For a “normal” connection to a website, a Domian Name System (DNS) finds the IP address for the requested domain name.

DNS

DNS Internet Internet Encryption

Iran-linked APT34: Analyzing the webmask project

Security Affairs

APRIL 23, 2019

Security expert Marco Ramilli published the findings of a quick analysis of the webmask project standing behind the DNS attacks implemented by APT34 (aka OilRig and HelixKitten ). According to Duo, “ OilRig delivered Trojans that use DNS tunneling for command and control in attacks since at least May 2016. Leaked Source code.

DNS

DNS Computers and Electronics Penetration Testing Government

Cyber Defense Magazine – November 2020 has arrived. Enjoy it!

Security Affairs

NOVEMBER 4, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Click here to check out or media kit and market with us, today. email: marketing@cyberdefensemagazine.com. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

InfoSec

InfoSec DNS Advertising Marketing

HOW DO PROVIDERS IMPLEMENT INTERNET BLOCKING IN BELARUS?

Security Affairs

SEPTEMBER 23, 2020

Qurium analyzes the blocking implemented by four different operators in Belarus Belarus operators use their own infrastructure to implement the blocking Block techniques include transparent web proxies, injection of HTTP responses, stateless and stateful SSL DPI and fake DNS responses. Qurium forensics report: Internet blocking in Belarus.

Internet

Internet Internet DNS Advertising

Hoaxcalls Botnet expands the target list and adds new DDoS capabilities

Security Affairs

APRIL 24, 2020

The botnet was initially designed to launch DDoS attacks using UDP, DNS and HEX floods. In the first 48 hours of discovery, our sensors recorded 15 unique IP addresses spreading malware from a server hosted at 176.123.3.96. Today the number of malware hosting servers has grown to over 75.” score of 9.8 Pierluigi Paganini.

DDOS

DDOS IoT Advertising DNS

Microsoft July 2020 Security Updates address 123 vulnerabilities

Security Affairs

JULY 15, 2020

“Today we released an update for CVE-2020-1350 , a Critical Remote Code Execution (RCE) vulnerability in Windows DNS Server that is classified as a ‘wormable’ vulnerability and has a CVSS base score of 10.0. This issue results from a flaw in Microsoft’s DNS server role implementation and affects all Windows Server versions.

DNS

DNS Advertising Engineering Internet

Reading the Yoroi Cyber Security Annual Report 2018

Security Affairs

MAY 13, 2019

Yoroi Cyber Security Annual Report 2018 – In 2018 cyber-security experts observed an increased number of cyber attacks, malware endure to be the most aggressive and pervasive threat. Section 1 describes the evolution of the malware in the threat landscape in the past twelve months. Download the Yoroi Cyber Security Report 2018.

Malware

Malware Advertising DNS Surveillance

The SLoad Powershell malspam is expanding to Italy

Security Affairs

NOVEMBER 27, 2018

sLoad is a sophisticated script, used in the past to deliver different types of malware such as the dreaded “ Ramnit banker”. Technical details, including IoCs and Yara Rules, about the sLoad malware are available on the Yoroi blog. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Advertising

Advertising Spyware DNS Malware

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Krebs on Security

JANUARY 8, 2024

As detailed in my 2014 book, Spam Nation , Spamdot was home to crooks controlling some of the world’s nastiest botnets, global malware contagions that went by exotic names like Rustock , Cutwail , Mega-D , Festi , Waledac , and Grum. I can not provide DNS for u, only domains.

Cybercrime

Cybercrime Banking Computers and Electronics DDOS

Analyzing OilRig’s malware that uses DNS Tunneling

Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH)

Trending Sources

DHS CISA urges government agencies to fix SIGRed Windows Server DNS bug within 24h

Experts warn of a surge in activity associated FICORA and Kaiten botnets

Microsoft fixes critical wormable RCE SigRed in Windows DNS servers

Massive increase in XorDDoS Linux malware in last six months

Linksys force password reset to prevent Router hijacking

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

Hackers hijack D-Link and Linksys routers to point users to coronavirus-themed sites serving malware

GoldenHelper, a new malware delivered via Chinese tax software

New Russian Language Malspam is delivering Redaman Banking Malware

China-linked Winnti APT targets South Korean Gaming firm

FIN7 is back with a previously unseen SQLRat malware

New Linux coin miner kills competing malware to maximize profits

The return of the AdvisorsBot malware

German encrypted email service Tutanota suffers DDoS attacks

OilRig APT uses Karkoff malware along with DNSpionage in recent attacks

“FudCo” Spam Empire Tied to Pakistani Software Firm

New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms

Trend Micro observed notable malware activity associated with the Momentum Botnet

Hundreds of Microsoft sub-domains open to hijacking

The Muncy malware is on the rise

Security Affairs - Untitled Article

Recent Roaming Mantis campaign hit hundreds of users worldwide

DarkHydrus adds Google Drive support to its RogueRobin Trojan

Iran-Linked OilRig APT group targets high-ranking office in a Middle Eastern nation

For nearly a year, Brazilian users have been targeted with router attacks

Chinese-speaking cybercrime gang Rocke changes tactics

Hackers use hackers spreading tainted hacking tools in long-running campaign

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

Crooks use tainted Zoom apps to target users at home due to Coronavirus outbreak

China-Linked APT15 group is using a previously undocumented backdoor

TrickBot operators employ Linux variants in attacks after recent takedown

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

Nigerian Tesla: 419 scammer gone malware distributor unmasked

Explained: Domain fronting

Iran-linked APT34: Analyzing the webmask project

Cyber Defense Magazine – November 2020 has arrived. Enjoy it!

HOW DO PROVIDERS IMPLEMENT INTERNET BLOCKING IN BELARUS?

Hoaxcalls Botnet expands the target list and adds new DDoS capabilities

Microsoft July 2020 Security Updates address 123 vulnerabilities

Reading the Yoroi Cyber Security Annual Report 2018

The SLoad Powershell malspam is expanding to Italy

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Stay Connected