https://orcid.org/0000-0002-9097-2246
The Equation Group is a highly advanced secretive computer espionage group, suspected by security expert Claudio Guarnieri and unnamed former intelligence operatives of being tied to the United States National Security Agency (NSA). Because of the group's predilection for strong encryption methods in their operations, the name Equation Group was chosen by Kaspersky Lab, which discovered this operation and also documented 500 malware infections by the group's tools in at least 42 countries.This presentation gives an over view in brief based on the Kaspersky Report.
Showing posts with label Kaspersky. Show all posts
Showing posts with label Kaspersky. Show all posts
Sunday, March 29, 2015
Friday, February 20, 2015
CARBANAK : BANK ROBBERY LIKE NEVER BEFORE
1. As recent as a week back Carbanak, an APT-style campaign targeting financial institutions has been claimed to have been discovered by the Russian/UK Cyber Crime company Kaspersky Lab who said that it had been used to steal money from banks.The malware was said to have been introduced to its targets via phishing emails and is said to have stolen over 500 million dollars, or 1BN dollars in other reports, not only from the banks but from more than a thousand private customers.The criminals were able to manipulate their access to the respective banking networks in order to steal the money in a variety of ways. In some instances, ATMs were instructed to dispense cash without having to locally interact with the terminal. Money mules would collect the money and transfer it over the SWIFT network to the criminals’ accounts.The presentation brings out the executive summary of Modus Operandi of the Malware as analysed by Kaspersky.
2. Carbanak is a backdoor used by the attackers to compromise the victim's machine once the exploit, either in the spear phishing email or exploit kit, successfully executes its payload.Carbanak copies itself into %system32%\com with the name svchost.exe with the file attributes: system, hidden and read-only. The original file created by the exploit payload is then deleted.
How to detect CARBANAK
How to detect CARBANAK
One of the best methods for detecting Carbanak is to look for .bin files in the
folder:
..\All users\%AppData%\Mozilla\
The malware saves files in this location that will later be sent to the C2 server when an internet connection is detected.BAT script for detecting infections(Source : here) is given as follows :
@echo off
for /f %%a in ('hostname') do set "name=%%a" echo %name%
del /f %name%.log 2> nul
if exist "c:\Documents and settings\All users\application data\
mozilla\*.bin" echo "BIN detected" >> %name%.log
if exist %SYSTEMROOT%\System32\com\svchost.exe echo "COM
detected" >> %name%.log
if exist "c:\ProgramData\mozilla\*.bin" echo "BIN2 detected"
>> %name%.log
if exist %SYSTEMROOT%\paexec* echo "Paexec detected"
>> %name%.log
if exist %SYSTEMROOT%\Syswow64\com\svchost.exe echo "COM64
detected" >> %name%.log
SC QUERY state= all | find "SERVICE_NAME" | findstr "Sys$"
if q%ERRORLEVEL% == q0 SC QUERY state= all | find
"SERVICE_NAME" | findstr "Sys$" >> %name%.log
if not exist %name%.log echo Ok > %name%.log xcopy /y %name%.log
"\\
Tuesday, November 25, 2014
REGIN : Groundbreaking MALWARE Threat
An advanced piece of malware, known as ‘Regin’, has been used in systematic spying campaigns against a range of international targets including government agencies and businesses
since at least 2008 vide IT security firms Symantec and Kaspersky Lab
reports both released on 24th Nov 2014.This ppt brings you an overview
of the threat in brief.The piece of malware is unique in the sense that it's structure displays a degree of technical competence rarely seen.Stuxnet looks a decent past....with this complexity
Sunday, November 16, 2014
DarkHotel APT : Story of Unusual Hospitality
A new social Cyber threat is currently being exploited by criminals vide
using hotel Wi-Fi networks to hack the devices of business executives
with the hope of gaining access to a company's sensitive information.The
so-called "Dark Hotel" attack tricks hotel Wi-Fi users into downloading
malicious software that appears to be a legitimate software update
which actually is embedded with customised malware and trojan
droppers.....This ppt gives a brief over view of the report ex Kaspersky
Labs
Thanks Kaspersky : Access full report at https://securelist.com/files/2014/11/darkhotel_kl_07.11.pdf
Thursday, July 18, 2013
Keep Changing Your Antivirus : CRUDE but EFFECTIVE Solution to curb Virus menace
1. We all understand the importance of anti virus today.From a naive user point of view, a user can go for the cheapest of the lot or may be if some one is worried enough he would go for the costliest one....but does that matter in an overall context? I mean w.r.t to the serious business model that this antivirus corporate sector has emerged like....lets see it here down below that brings out the country association of each leading antivirus company :
AVG : Czech Republic
Kaspersky : Russia
Avast : Czech Republic
Norton Symantec : U.S
Avira : Germany
E-Set : Slovakia
F-Secure : Finland
McAfee : U.S
MSE(Microsoft Software Essentials) : U.S
Panda :Spain
2. Sadly we see,there are no Indian companies in this short list.Besides these,if we get specific to India we can quote two companies viz : Quick-heal and K7 Computing..well....that's not the point that I am here to share....the thing to note here is that all these leading companies have got a affiliation with some other country and none is Indian.So when we blindly load a antivirus or a internet security suite in our systems just on faith and word of mouth publicity from peers and friends...are we doing the right thing ? Do we know what is running in the background ? In the name of uploading our dumps what actually goes to their servers? What information does it contain?How does that company identify a virus or a malware?what's the logic that finds a virus?...all these questions are critical because this all is happening in our own machines.....but most of us hardly bother about all this...coz we have faith!!! :-)...and also because there are no standards existing for defining a QR for a antivirus....there is none to cross check what's being cooked?
3. Besides having a question mark on the privacy issues...lets think about the logic being applied or the signatures being released to thwart the known threats....but do we know that more then the known virus list it is the ZERO DAY threats that are getting serious by the day....off-course few bright companies are trying to check that by working on behavioral aspects of a virus or a suspected file...but that has it's set of constraints and is often limited in detecting....so whats the solution.....i recommend using all trial versions for a month each of all leading companies that will pass your one year and then format your windows PC and then start again.....a cheap...crude method of using the best without spending a penny!!!!!!!!!!!!
4. By the way,just for info...virus detection by various companies have their own speeds...a company like kaspersky may be able to detect a virus soon and another company may detect it later or may not even at times detect one....and this time lag of detection is critical to all users!!!!!a second of compromise is enough on your PC with loads of bytes to upload in a matter of a seconds!!!
Comments invited!!!!
AVG : Czech Republic
Kaspersky : Russia
Avast : Czech Republic
Norton Symantec : U.S
Avira : Germany
E-Set : Slovakia
F-Secure : Finland
McAfee : U.S
MSE(Microsoft Software Essentials) : U.S
Panda :Spain
2. Sadly we see,there are no Indian companies in this short list.Besides these,if we get specific to India we can quote two companies viz : Quick-heal and K7 Computing..well....that's not the point that I am here to share....the thing to note here is that all these leading companies have got a affiliation with some other country and none is Indian.So when we blindly load a antivirus or a internet security suite in our systems just on faith and word of mouth publicity from peers and friends...are we doing the right thing ? Do we know what is running in the background ? In the name of uploading our dumps what actually goes to their servers? What information does it contain?How does that company identify a virus or a malware?what's the logic that finds a virus?...all these questions are critical because this all is happening in our own machines.....but most of us hardly bother about all this...coz we have faith!!! :-)...and also because there are no standards existing for defining a QR for a antivirus....there is none to cross check what's being cooked?
3. Besides having a question mark on the privacy issues...lets think about the logic being applied or the signatures being released to thwart the known threats....but do we know that more then the known virus list it is the ZERO DAY threats that are getting serious by the day....off-course few bright companies are trying to check that by working on behavioral aspects of a virus or a suspected file...but that has it's set of constraints and is often limited in detecting....so whats the solution.....i recommend using all trial versions for a month each of all leading companies that will pass your one year and then format your windows PC and then start again.....a cheap...crude method of using the best without spending a penny!!!!!!!!!!!!
4. By the way,just for info...virus detection by various companies have their own speeds...a company like kaspersky may be able to detect a virus soon and another company may detect it later or may not even at times detect one....and this time lag of detection is critical to all users!!!!!a second of compromise is enough on your PC with loads of bytes to upload in a matter of a seconds!!!
Comments invited!!!!
Friday, December 21, 2012
MSE : Loosing Shine
1. Since last few years any one who asked me on recommending a Antivirus for his/her PC...I would always say if you have a original Windows...then leave your worries to MSE...thats Microsoft Security Essentials ie MS's own antivirus or may be I would recommend Kaspersky PURE in few other cases who were not happy with MSE.
2. I had been using MSE for my own system as well...and I found it worked pretty fine...light on use and had no major compatibility and configuring issues since it worked mostly in the background.But there has been some decline in recent time and efforts by Microsoft in keeping with the pace of the hackers and cyber criminals!!!
 |
| Click on image to Enlarge |
4. And to me, that's a huge concern considering how Windows 8 itself draws on a lot of MSE for its own in-built security....:-)
Friday, December 02, 2011
Snake oil Cryptography
1. While reading a post about unhackable codes here , I came across a interesting term know as SNAKE OIL CRYPTOGRAPHY......as Alex Gostev, chief security expert at Kaspersky Labs, dismissed ENIGMA-DS "snake-oil cryptography,"....so found out in brief from wiki...where else!!!
In cryptography, snake oil is a term used to describe commercial cryptographic methods and products which are considered bogus or fraudulent. The name derives from snake oil, one type of quack medicine widely available in 19th century United States.Distinguishing secure cryptography from insecure cryptography can be difficult from the viewpoint of a user.
2. Thanks WIKI
Sunday, February 06, 2011
Win32.Hlux : January 2011 " King of worms"
1. Email-Worm.Win32.Hlux was talk of the E-town in January across the webosphere. This mail worm spreads via emails containing malicious links that prompt users to install a bogus Flash Player, supposedly to view an e-card. The link leads to a dialog window that asks if the user agrees to download a file. Irrespective of the response, the worm sets about to penetrate the system. In addition to propagating via email, Hlux also has bot functionality and adds infected computers to a botnet before connecting to its command center and executing its commands, which are primarily directed at sending pharmaceutical spam.
2. Kaspersky Lab also detected a Trojan dropper masquerading as a key generator for the company's products. The old adage "There's no such thing as a free lunch" is particularly fitting here as the dropper goes on to install and launch two malicious programs. One of them steals program registration data and passwords for online games. The second is a backdoor that also has keylogger functionality.
3. Kaspersky Lab also found the mass distribution of malicious short links on Twitter. After a number of redirects, the attention-grabbing links led users to a page promoting a rogue AV program.
4. Apart from these two hardworkers(?????..i mean mal hardworkers) in january,the other shining star in the E-crime world is AdWare.Win32.WhiteSmoke.a which if clicked, will download a program that demands payment to rectify errors it supposedly detects on the system.
5. More detailed report on http://www.kaspersky.com
Monday, July 26, 2010
User Mapped-Section open???
1. Regular users of Torrents might have seen something like the title disturbing them and stopping them of their downloads....i m one of them...so i tried and checked up few forums...tried doing force start etc...nothing worked....then tried disabling the antivirus for a while.....and it worked.....
2. So...simply just disable the antivirus for the time u wish to download....so lose some...gain some....
Wednesday, June 09, 2010
Securelist.com : Informative attempt by Kaspersky Labs
1. Kaspersky has come up with the launch of a veri informative site on IT security with lots of articles and updates on various types of viruses/malwares etc.You can access the same by clicking here.
2. One interesting section by the name of "Internal threats" is available which should prove popular in future and also "Kaspersky Security Bulletin".
Subscribe to:
Posts (Atom)
