Last week, our friends from Norman published a great report on a cyber espionage campaign named Operation Hangover. We have released some Yara rules to detect most of the payloads mentioned on the paper. You can download the rules from our Github space: On the other hand the Hangover attackers have been using several … Read more
Yara rules and network detection for Operation Hangover
May 23rd, 2013 | Posted by in APT | Attacks | Exploits | Malware | News | Snort - (0 Comments)New Internet Explorer zeroday was used in the DoL Watering Hole campaign
May 5th, 2013 | Posted by in Advisory | APT | Attacks | Exploits | Malware - (0 Comments)A few days ago we reported a new Watering Hole campaign affecting a U.S Department of Labor website. In our first analysis we reported that the exploited vulnerability was CVE-2012-4792 . Further analysis showed that the vulnerability exploited wasn’t CVE-2012-4792 but a new zeroday vulnerability affecting Internet Explorer 8 (CVE-2013-1347). It was confirmed by Microsoft that released a … Read more
U.S. Department of Labor website hacked and redirecting to malicious code
May 1st, 2013 | Posted by in APT | Attacks | Exploits - (0 Comments)During the last few hours we have identified that one the U.S. Department of Labor website has been hacked and it is serving malicious code. Clarification: The website affected is the The Department of Labor (DOL) Site Exposure Matrices (SEM) Website “The Department of Labor (DOL) Site Exposure Matrices (SEM) Website is a repository of information gathered from … Read more
UrlQuery Chrome Extension
April 29th, 2013 | Posted by in General | Malware | News | Tutorial - (0 Comments)UrlQuery is a service for detecting and analyzing web-based malware, claims its website, this service is very useful and provides a detailed report of the submitted webpage. We use these services a lot in the lab, so we’ve decided to make our lives easier by developing a simple context menu extension which automatically sends urls to the service. The extension … Read more
How cybercriminals are exploiting Bitcoin and other virtual currencies
April 16th, 2013 | Posted by in Attacks | Exploits | Malware | News | Snort - (0 Comments)- What is Bitcoin? Bitcoin is an online descentralised virtual currency based on an open source, P2P protocol. Bitcoins can be transferred using a computer without relying on a financial institution. If you haven’t heard about Bitcoin I recommend you watch the following video: Both the Bitcoin creation and transfer is performed by computers called … Read more
