Apple and the Flashback (Mac virus) domains

Flashback is a Mac virus and was discovered in September 2011. There are some analyses at [1] [2] [3] The first domain generation algorithm implemented in Flashback generates 5 domains every day with the TLDs com, net, kz, in and info: 9/27/2013 mdrmcwayiivnrvo.com 9/27/2013 mdrmcwayiivnrvo.net 9/27/2013 mdrmcwayiivnrvo.kz 9/27/2013 mdrmcwayiivnrvo.in 9/27/2013 mdrmcwayiivnrvo.info All current Flashback domains […]

Fake DGA: Simda

We have lately analyzed a sample of Simda (= new version of Expiro). It features a fake domain generation algorithm (DGA) which generates domains, however, not really using them. The sample has 4 hard-coded IP addresses embedded of which it tries to connect as command & control (C&C) server. If one server is not responding […]

Endgame Systems and ipTrust

Our colleagues at Engdame Systems run a quite interesting product – ipTrust. It is the Virus Tracker from 2010/2011 and Endgame Systems is the Kleissner & Associates from 2010/2011. There is quite some information available, cited within this report herein later. [1] [2] [3] [4] [5] They have contracts and ties to CIA and NSA […]

Uncovering a high profile Russian attack

In July 2013, researchers at Kleissner & Associates uncovered what appeared to be an active espionage campaign targeting high profile companies worldwide including a European Bank and several FORTUNE 500 companies. For details please see the full report: http://virustracker.info/download/K&A%20Russian%20Attacks.pdf For any press inquiries please write info@virustracker.info.