27 August 2015 Łukasz Siewierski
Zaufana Trzecia Strona – a Polish security news portal – informed about a new attack on Polish user’s (link is in Polish) that used a Microsoft Office plugin install wizard as a decoy. In reality, the user not only installed the plugin, but also a malware called Smoke Loader. It allows the attacker to gather information about the infected machine and, among other things, redirect its DNS queries. We wrote an article about that malware, when we were informing about the infected sites in the gov.pl domain. Here we describe some features of Smoke Loader that seem new to us.
24 July 2015 piotrk
CERT Polska along with 19 other partners from 11 countries have joined forces for CyberROAD – a 7FP project aimed to identify current and future issues in the fight against cyber-crime and cyber-terrorism in order to draw a strategic roadmap for cyber security research. A detailed snapshot of the technological, social, economic, political, and legal scenario on which cyber crime and cyber terrorism do develop will be first provided. Then, cyber-crime and cyber-terrorism will be analyzed in order to indentify research gaps and priorities.
The project started in May 2014 and is scheduled for 24 months. More information can be found at http://www.cyberroad-project.eu/
The CyberROAD consortium has created a series of surveys with the objective of discovering the gaps in current cyber security practices, in order to identify the areas where more research is needed. The aim is to develop a definitive roadmap for cyber security research. The first survey was released in December 2014, and is accessible here.
Now, the CyberROAD consortium is releasing two follow-up surveys:
Everyone is invited to participate in the surveys and the participation would greatly assist the CyberROAD project, as we seek to gather input from as wide a range of sources as possible.
- No data of a personal nature is required to take part.
- CyberROAD is a research project funded by the European Commission under the Seventh Framework Programme.
3 July 2015 Łukasz Siewierski
In March 2015, S21sec published their analysis of the new e-banking trojan horse targetting Polish users. They named it “Slave”, because such a string was part of a path to one of the shared libraries. We think (in part thanks to the kernelmode.info thread) that Slave was made by the same group of authors that are responsible for previously described Banatrix and a ransomware/Android malware campaign. This means that those authors are most certainly fluent in Polish.