Smoke Loader poses as an Office plugin

27 August 2015 Łukasz Siewierski

Zaufana Trzecia Strona – a Polish security news portal – informed about a new attack on Polish user’s (link is in Polish) that used a Microsoft Office plugin install wizard as a decoy. In reality, the user not only installed the plugin, but also a malware called Smoke Loader. It allows the attacker to gather information about the infected machine and, among other things, redirect its DNS queries. We wrote an article about that malware, when we were informing about the infected sites in the domain. Here we describe some features of Smoke Loader that seem new to us.

Read more

CyberROAD – Invitation to participate in project surveys #2 & #3

24 July 2015 piotrk


CERT Polska along with 19 other partners from 11 countries have joined forces for CyberROAD – a 7FP project aimed to identify current and future issues in the fight against cyber-crime and cyber-terrorism in order to draw a strategic roadmap for cyber security research. A detailed snapshot of the technological, social, economic, political, and legal scenario on which cyber crime and cyber terrorism do develop will be first provided. Then, cyber-crime and cyber-terrorism will be analyzed in order to indentify research gaps and priorities.

The project started in May 2014 and is scheduled for 24 months. More information can be found at

The CyberROAD consortium has created a series of surveys with the objective of discovering the gaps in current cyber security practices, in order to identify the areas where more research is needed. The aim is to develop a definitive roadmap for cyber security research. The first survey was released in December 2014, and is accessible here.

Now, the CyberROAD consortium is releasing two follow-up surveys:

Everyone is invited to participate in the surveys and the participation would greatly assist the CyberROAD project, as we seek to gather input from as wide a range of sources as possible.


  • No data of a personal nature is required to take part.
  • CyberROAD is a research project funded by the European Commission under the Seventh Framework Programme.

Slave, Banatrix and ransomware

3 July 2015 Łukasz Siewierski

In March 2015, S21sec published their analysis of the new e-banking trojan horse targetting Polish users. They named it “Slave”, because such a string was part of a path to one of the shared libraries. We think (in part thanks to the thread) that Slave was made by the same group of authors that are responsible for previously described Banatrix and a ransomware/Android malware campaign. This means that those authors are most certainly fluent in Polish.
Read more

Sorry, but this post is not available in English

17 June 2015 Łukasz Siewierski

Threats in Polish networks – CERT Polska 2014 report (English version)

25 May 2015 piotrk

Malware attack on both Windows and Android

22 May 2015 Łukasz Siewierski

SECURE 2015 – Call for Speakers

8 May 2015 przemek