Quantcast

Archive: Sep 2013

The State of Web Exploit Toolkits 4: Phoenix and Newer Kits

The presentation ends with the analysis of the Phoenix exploit kit’s features, details on newer kits from all over the world, and a summary of the research. Phoenix Exploit Kit The next kit I’m going to talk about is Phoenix. It’s been around since 2007, it’s pretty old, it’s up to version 3. They...

Police Central e-Crime Unit (PCeU) Ukash/Paysafecard Virus: Ransomware Analysis and Removal

Following the influx of the FBI MoneyPak ransomware variants, yet another type of extortion technique came to be in June 2012, pretending to emanate from the Police Central e-Crime Unit, part of the British Metropolitan Police Service. Mainly targeting UK users through determining the victim’s IP location,...

The State of Web Exploit Toolkits 3: How BlackHole Works

Jason Jones covers herein some of the specific features inherent to BlackHole kit, including JavaScript and PDF obfuscation details, JavaScript shellcode, etc. Now I’ll actually get a little bit more into how it works. Running all these things through our sandbox, we’ve looked a lot at URLs that it...

The State of Web Exploit Toolkits 2: BlackHole Kit Scrutinized

Jason Jones now provides an intro to the notorious BlackHole exploit kit, explaining some of its background as well as showing the interface that criminals use. The first kit I’m really going to delve into is BlackHole. It’s been around for a couple of years. It’s definitely become the most popular...

The State of Web Exploit Toolkits – Turnkey Cybercrime Software

During his Black Hat briefing, Jason Jones, the Team Lead for ASI at HP DVLabs, presents a professional extensive analysis of the present-day web exploit kits. I’m going to be talking about the state of web exploit toolkits, which is a lot of what I’ve been doing on my job. I’m the Lead for Advanced...

“Your PC is blocked”: Background of the Police Ransomware Virus

Reveton – the universal extortion instrument The Reveton Trojan which has become a buzzword in the IT security circles over the course of the past year or so is being actively exploited in different profit-driven cybercrime campaigns. A few weeks ago we posted a thorough analysis of the version generating...

From Russia with Love.exe 5: Questions and Answers

This is the final part of the study where The Grugq and Fyodor Yarochkin are explaining more details of the Russian hacking business during the Q&A section. Yarochkin: Alright, do you have any questions? Question: On your point about the ratios: so, this guy was offering the best ratio; do you know any...

From Russia with Love.exe 4: Geeks, Not Gangsters

You can learn here how much it costs to buy a massive DDoS attack service on Russian hacking forums, and what kind of people those sellers are. The Grugq: So, everyone probably knows Twitter went down some time ago. How much do you think that cost per day, on average? It’s 80 bucks! Come on, 80 bucks to...

From Russia with Love.exe 3: Money Laundering and Botnet Services

In this entry the security analysts are focusing on other popular commodities sold on Russian hacking forums, as well as malware distribution services. Yarochkin: One of the most valuable commodities on these forums is actually ICQ numbers. Even now, as of today, ICQ is one of the primary communication means...

From Russia with Love.exe 2: Virtual Currencies and Identity Dumps

The Grugq and Fyodor Yarochkin now move on to outline the prevalent payment methods on Russian hacking forums and touch upon the goods being traded on there. The Grugq: There’s some really cool identity stuff that they do as well. A lot of the money that gets moved around in these illegal economies is...