Top IT Security Bloggers
Arbor Networks
-
Estimating the Revenue of a Russian DDoS Booter
Arbor NetworksAt the end of 2014, ASERT presented research where we mapped some DDoS booter advertisements on Russian language forums to their behind-the-scenes DDoS botnet infrastructures. For this post, we will follow up on that research a bit by looking at another one of these mappings and trying to estimate the revenue generated by the DDoS […] -
Dumping Core: Analytical Findings on Trojan.Corebot
Arbor NetworksDownload the full report here. The Corebot banking trojan was initially discovered and documented last year by researchers at Security Intelligence. Since then, it has evolved rapidly and, in terms of capabilities such as browser-based web injections, it is now similar to the dominant banking malware such as Zeus, Neverquest, and Dyreza although its actual impact to date is […] -
The Big Bong Theory: Conjectures on a Korean Banking Trojan
Arbor NetworksDownload the full report here. ASERT has been analyzing samples of a banking trojan targeting South Korean financial institutions. We call the banker “Big Bong” and provide, in this threat intelligence report, an in-depth behavioral analysis of the malware from builder to bot and from installation to exfiltration including obfuscation techniques, certificate use, and VPN-based […] -
Uncovering the Seven Pointed Dagger
Arbor NetworksThe full report “Uncovering the Seven Pointed Dagger: Discovery of the Trochilus RAT and Other Targeted Threats” can be downloaded here. Threat actors with strategic interest in the affairs of other governments and civil society organizations have been launching targeted exploitation campaigns for years. Typically, these campaigns leverage spear phishing as the delivery vector and often […] -
Amplifying Black Energy
Arbor NetworksClick here to download the full report. The Black Energy malware family has a long and storied history dating back to 2007. Originally a monolithic DDoS platform, significant advancements were made in 2010 including support for an extensible plugin architecture that allowed Black Energy 2 to more easily expand beyond DDoS into other activities such […] -
How to test and fix IPv6 fragmentation issues
Arbor NetworksIn an earlier blog post, I discussed the issues associated with IPv6 packet fragmentation. Of particular significance, IPv6 fragmentation relies extensively on the computer sourcing packets being able to receive ICMPv6 “packet too big” message type 2 sent from any intermediate device in the route to the packet’s destination. The capability to confirm that an […] -
Peeking at Pkybot
Arbor NetworksFor the past few months ASERT has been keeping an eye on a relatively new banking malware (“banker”) known as “Pkybot”. It is also being classified as a variant of “Bublik”, but the former is much more descriptive of the malware. This post will take a peek at some of the bits and pieces of […] -
ZeusVM: Bits and Pieces
Arbor NetworksZeusVM is a relatively new addition to the Zeus family of malware. Like the other Zeus variants, it is a banking trojan (“banker”) that focuses on stealing user credentials from financial institutions. Although recent attention has been on non-Zeus based bankers such as Neverquest and Dyreza, ZeusVM is still a formidable threat. At the time […] -
Defending the White Elephant
Arbor NetworksClick here to download the full report that includes attack details, TTPs and indicators of compromise. Myanmar is a country currently engaged in an important political process. A pro-democracy reform took place in 2011 which has helped the government create an atmopshere conducive to investor interest. The country is resource rich, with a variety of […] -
Espionage, Spying and Big Corporate Data, These Are a Few of China’s Favorite Things
Arbor NetworksASERT provides a weekly threat bulletin for Arbor customers that highlights and analyzes the week’s top security events and provides other pertinent infosec material. Recently, we covered the public notification of a United Airlines breach by possible Chinese state-sponsored threat actors. In this blog, we offer an alternative hypothesis to the conclusions many have drawn […]