Newest addition to a happy family: KBOT

17 May 2016 Maciej Kotowicz

At the beginning of the May here in Poland we have couple of free days. 3rd May is Constitution Day, and May 1st is Labour Day. Most of us use those days to unwind after winter, but some malware authors apparently didn’t: a few weeks ago, our friends started a new campaign, spreading some poorly obfuscated Javascript and quite an interesting modification of KBOT from the Carberp leak.
Read more

GMBot: new ways of phishing data from mobile web browsers

16 May 2016 Małgorzata Dębska

GMBot (also known as slempo) was described on our blog on October 2015. This malicious application for phishing login and password associated with a specific user of electronic banking uses known and common techniques of application overlay. It is nothing else but a normal phishing attack, very similar to the webinject-based malware known from Windows OS. As we expected earlier, using application overlay has become quite popular in android malicious applications. In the last six months, a few new versions of GMBot (and similar applications) were developed. In each case the overlay only involved the applications installed on the phone (banking applications, messaging, e-mail). Last week, our lab received a sample, which is also trying to overlay mobile web browser in order to steal the authentication credentials.

Read more

SECURE 2016 – Call for Speakers

26 April 2016 przemek

SECURE, held on 25th and 26th of October in Warsaw, Poland, is a conference dedicated entirely to IT security and addressed to administrators, security team members and practitioners in this field. SECURE’s unique feature is the organisers’ commitment to providing participants with reliable information about everything that is current and meaningful in IT security. A high professional level of the talks is ensured by CERT Polska during the paper selection process. Particular emphasis is on practical solutions, analysis of the current threats, latest trends in countering threats as well as important legal issues. Participants have an opportunity to gain the latest knowledge, improve their qualifications and exchange experience with experts.

Network attacks are having more and more serious consequences. Targeted elaborate phishing schemes are appearing on a larger scale, leading to losses of amounts measured in millions of euros. Ransomware has exploded, hitting virtually everyone, including new victims such as health care institutions or law firms. We have also witnessed further attacks on industrial systems, such as those targetting the energy/power sector in the Ukraine. The Internet of Things is final arriving, full of “smart” but insecure devices. The attack surface is thus increasing. The challenge in combating serious attacks involves among other things, attribution – the need to reliably assign actors to concrete actions. However, many of the mechanisms for providing accountability on the Internet encounter resistance due to the need to protect the privacy of users. Will these interests always remain in conflict?

If you want to share your experience in these topics, or if you are an expert in one of the areas below, this Call for Speakers is for you.

SECURE 2016 will be held on October 25-26, at the Airport Hotel Okęcie in Warsaw, Poland. The conference topics will be roughly grouped in the following tracks:

  • technical – practical aspects of implementation and integration of security solutions
  • organisational – new trends in attacks, threats and their mitigation
  • legal

Presentation topics

We are looking for speakers willing to deliver a talk covering one or more of the following subjects:

  • malware evolution and analysis, including viruses, worms and botnets
  • intrusion detection
  • innovatory honeypot and sandbox applications
  • Advanced Persistent Threat attacks
  • monitoring of network threats
  • security of smartphones and other mobile systems
  • security events visualisation
  • security of SCADA/ICS
  • early warning against network threats
  • incident handling
  • standards for security incident data exchange
  • DDoS attacks and their mitigation
  • efficiency of methods for mitigation of new attack vectors
  • open source security tools
  • protection of online identity
  • privacy, confidentiality and anonymity
  • steganography
  • Polish and European law in regards to computer and information security
  • law enforcement actions in regards to cybercrime mitigation
  • research projects in the area of computer and information security
  • securing the human

Important facts

  • proposals for presentations must be submitted only via EasyChair:
  • proposals should include at least a title, short abstract, name and bio of the speaker
  • any questions regarding the submission and selection process should be directed to
  • time for presentation: 45 minutes, including q&a
  • commercial presentations will not be accepted
  • all materials should be submitted in one of the following formats: OpenOffice, Microsoft Office, PDF
  • slides of presentations will be made available to all participants in an electronic version unless strictly prohibited by the speaker
  • authors of accepted proposals will receive full conference package (workshops not inclusive), but they are responsible for their travel and accomodation

Important dates

  • Proposals submission until: July 4, 2016
  • Acceptance notice by: August 2, 2016
  • Presentation submission by: October 10, 2016

Krajobraz bezpieczeństwa polskiego Internetu w 2015 – raport roczny z naszej działalności

22 April 2016 alex

Malicious iBanking application with new uninstall countermeasures

16 March 2016 Małgorzata Dębska

Boty w Polsce w 2015 roku

11 March 2016 Przemysław Zielony

MadProtect, not that mad

3 February 2016 Maciej Kotowicz