Micky Pun and Neo Tan analyse the banking trojan that is best known for spreading through Skype.
Since the close of the VB2014 conference in Seattle in October, we have been sharing VB2014 conference papers as well as video recordings of the presentations. Today, we have added 'Caphaw - the advanced persistent pluginer' by Fortinet researchers Micky Pun and Neo Tan.
Caphaw (also known as Shylock) is a bit of a rarity among today's botnets: its source code hasn't been leaked and the malware has never been offered for sale on underground forums, suggesting that the same group of people wrote the code and maintained the botnet.
Subject may make many feel uncomfortable, but it is essential that we know how to deal with it.
The mere mention of "child pornography" on the Internet makes many a security expert feel uncomfortable, and not just because of the natural human reaction to the idea of children being abused. It is often used, together with terrorism, as a trump card in discussions on government surveillance and encryption backdoors.
Yet child sexual abuse material (CSAM), as it is officially termed, does exist on the Internet. And there are real children who are abused and whose images are shared on the Internet. Hence for those whose jobs require them to access the shadier corners of the Internet, as well as for those who handle abuse reports, it is something they may well be exposed to at some point.
As emails were sent to wrong servers, DNSSEC might be worth looking into.
Although, after some initial hesitation, Lenovo was rather frank in its admission of messing up regarding the Superfish adware, it was too late for the damage to be undone and many have directed their 15 minutes of Internet rage at the laptop manufacturer.
Unsurprisingly, that included a group of hacktivists using the moniker 'Lizard Squad', who managed to take over the DNS of lenovo.com last night, thus sending visitors to the company's website to one controlled by the attackers instead. This isn't something one would normally pay a great deal of attention to, because it is fairly innocent as hacks go, and doesn't mean the hackers have obtained access to the victim's network.
Malware remains present on infected machines; 2012 Virus Bulletin paper worth studying.
Ramnit is one of those botnets that lurk in the background of the Internet. Its infections mainly occur in countries where the security community tends to have less visibility, with the top three infected countries being India, Indonesia and Vietnam. It is believed to have infected more than 3 million computers in total, and the number of infected machines at the time of the takedown remained fairly high at around 350,000.