VB2014 paper: Caphaw - the advanced persistent pluginer

Micky Pun and Neo Tan analyse the banking trojan that is best known for spreading through Skype.

Since the close of the VB2014 conference in Seattle in October, we have been sharing VB2014 conference papers as well as video recordings of the presentations. Today, we have added 'Caphaw - the advanced persistent pluginer' by Fortinet researchers Micky Pun and Neo Tan.

Caphaw (also known as Shylock) is a bit of a rarity among today's botnets: its source code hasn't been leaked and the malware has never been offered for sale on underground forums, suggesting that the same group of people wrote the code and maintained the botnet.


M3AAWG releases BCP document on dealing with child sexual abuse material

Subject may make many feel uncomfortable, but it is essential that we know how to deal with it.

The mere mention of "child pornography" on the Internet makes many a security expert feel uncomfortable, and not just because of the natural human reaction to the idea of children being abused. It is often used, together with terrorism, as a trump card in discussions on government surveillance and encryption backdoors.

Yet child sexual abuse material (CSAM), as it is officially termed, does exist on the Internet. And there are real children who are abused and whose images are shared on the Internet. Hence for those whose jobs require them to access the shadier corners of the Internet, as well as for those who handle abuse reports, it is something they may well be exposed to at some point.


Hacker group takes over Lenovo's DNS

As emails were sent to wrong servers, DNSSEC might be worth looking into.

Although, after some initial hesitation, Lenovo was rather frank in its admission of messing up regarding the Superfish adware, it was too late for the damage to be undone and many have directed their 15 minutes of Internet rage at the laptop manufacturer.

Unsurprisingly, that included a group of hacktivists using the moniker 'Lizard Squad', who managed to take over the DNS of last night, thus sending visitors to the company's website to one controlled by the attackers instead. This isn't something one would normally pay a great deal of attention to, because it is fairly innocent as hacks go, and doesn't mean the hackers have obtained access to the victim's network.


Coordinated action takes down Ramnit botnet infrastructure

Malware remains present on infected machines; 2012 Virus Bulletin paper worth studying.

A coordinated action from Anubisnetworks, Microsoft and Symantec, together with Europol has done serious damage to the infrastructure behind the 'Ramnit' botnet.

Ramnit is one of those botnets that lurk in the background of the Internet. Its infections mainly occur in countries where the security community tends to have less visibility, with the top three infected countries being India, Indonesia and Vietnam. It is believed to have infected more than 3 million computers in total, and the number of infected machines at the time of the takedown remained fairly high at around 350,000.


VB Conference

VB2015 Prague, 30 Sept - 2 Oct 2015: Covering the global threat landscape The VB conference is a major highlight of the security calendar, with many of its regular attendees citing it as the IT security event of the year. The 25th Virus Bulletin International Conference (VB2015) takes place 30 September to 2 October 2015 at the Clarion Congress Hotel, Prague, Czech Republic.

Previous VB conference delegates said:

‘Your team does an excellent job to make it a conference you want to come back to.’


All but three of the 16 full solutions submitted for this month's test achieved a VBSpam award, and six of them achieved a VBSpam+ award. | Read more...


The latest VB100 comparative on the evergreen Windows 7 resulted in a pleasingly high success rate with just a few products failing to make the grade for certification. | Read more...

Date Event Location
March 09 - 10 European Smart Grid Cyber Security London, UK
Mar 09 - 10 Financial Services Cyber Security Summit, MENA Dubai, UAE
Mar 16 - 20 TROOPERS15 Heidelberg, Germany
Mar 21 - 27 SyScan Singapore
Mar 24 - 27 Black Hat Asia Singapore
Apr 14 - 15 EBCG Cyber Security Summit Financial Sector: Fortify your Ability to Counter Dynamic Attacks Prague, Czech Republic
Apr 14 - 15 EBCG Cyber Security Summit Industrial Sector: Intensified Protective Measures Prague, Czech Republic
Apr 20 - 24 RSA Conference 2015 San Francisco, CA, USA
Sept 30 - Oct 2 VB2015 Prague, Czech Republic
Oct 05 - 07 VB2016 Denver, CO, USA


virusbtn:You've got another two weeks to submit a paper for VB2015
Fri Feb 27 15:00:20

virusbtn:New VB2014 paper: Caphaw - the advanced persistent pluginer, by @creacorn and @tajepe Video:
Fri Feb 27 14:27:14

virusbtn:New blog: @maawg releases BCP document on dealing with child sexual abuse material
Fri Feb 27 13:39:08

virusbtn:Correction: We updated our blog "Hacker group takes over Lenovo's DNS" to correct a statement made in it
Thu Feb 26 18:50:58

CIA15 Philippines