Upcoming Sality presentation at Botconf

Update: The presentation is available here and the paper here. The Virus Tracker team will join Botconf’15 conference in Paris, France! We will hold a presentation about Sality. Abstract: Sality is one of the longest-alive threats and probably the most underrated botnet ever. It made its first appearance in 2003 and is still active in […]

Zombie malware without command & control servers

As malware needs to communicate in some ways with its operators (for getting commands, updates and sending stolen data) they typically implement a form of communication to command & control servers. Those C&Cs are either hard-coded or generated (based on some type of seed) domain names or IPs. For generated domains they implement a domain […]

CoreBot: A closer look

A week ago our colleagues at IBM published a blog post about a new stealer named “CoreBot”. The post points out that CoreBot has a modular plugin system, is capable of stealing private information including certificates and has a DGA (domain generation algorithm) implemented. We got our hands to 4 different samples and analyzed them. […]

NetBIOS: Old & known but still posing a threat

There are few good articles about NetBIOS like Is it time to get rid of NetBIOS?, NetBIOS spoofing for attacks on browser and Pwning hotel guests and still it (NetBIOS over TCP/IP) poses a threat to modern systems. NetBIOS was developed in the 80s and is strictly seen just an API, though there is NetBIOS […]