AutoIt scripts are the new black for malware startups

4 July 2014 Łukasz Siewierski

AutoIt scripts use becomes more and more fashionable for malware obfuscators, cryptors and alike. Especially among the not-so-sophisticated malicious software. Recently we described the phishing attack targeted at Polish users using Booking.com and Allegro.pl. This attacked used AutoIt script (called RazorCrypt) in one of its stages in order to pack the final malware. We observed a somewhat similar campaign (although there are no conclusions about the authors this time) that also used a very interesting AutoIt script and also was targeting Polish users of an auction website Allegro.pl.

Read more

We see scanning for vulnerable BMC modules

30 June 2014 alex

Since Dan Farmer published his latest article on BMC vulnerabilities, ARAKIS system records increased rate of UDP port 623 scans, coming from China, USA, Islandia, Romania and Netherlands.

The revealed vulnerabilities allow to gain control of the servers’ online management modules, which control power and gathers status information from the server hardware.

The chart below is generated by the ARAKIS system and shows that regular scanning started after the publication of Dan Farmer’s article on 23th of June.

There are 189 vulnerable servers in Poland.

E-mail trojan attack on Booking.com and online auction website Allegro.pl clients

25 June 2014 Łukasz Siewierski

Armagedon

During the last few days, we have observed an attack on Polish users of auction website Allegro.pl and a hotel reservation portal – Booking.com. These attacks were directed at Polish users. Victims received a personalized e-mail that informed them that their account has been blocked either due to the outstanding fees or due to the inappropriate auction content. In case of Booking.com users were led to believe that they made a reservation and an invoice for that reservation is included in the e-mail message. Both campains had nearly identical infection schemes, which makes it very likely that they were performed by the same person or group.

Read more

A look on the VBKlip “battlefield”

29 May 2014 Łukasz Siewierski

Polish team wins NATO exercise

26 May 2014 alex

Annual cert.pl report

22 May 2014 alex

Estimating size of the botnets in Poland

19 May 2014 Łukasz Siewierski