Securing the .pl domain


Evil: A poor man’s ransomware in JavaScript

Data publikacji: 18/01/2017, Jarosław Jedynak

Introduction Initially Evil was brought to our attention by an incident reported on 2017-01-08. By that time the Internet was completely silent on that threat and we had nothing to analyze. We found first working sample day later, on 2017-01-09. In this article we will shortly summarize our analysis and conclusions. Since then, we had [...] Read more

Technical analysis of CryptoMix/CryptFile2 ransomware

Data publikacji: 04/01/2017, Jarosław Jedynak

Campaign CryptoMix is another ransomware family that is trying to earn money by encrypting victims files and coercing them into paying the ransom. Until recently it was more known as CryptFile2, but for reasons unknown to us it was rebranded and now it’s called CryptoMix. It was observed in the wild being served by the [...] Read more

Tofsee – modular spambot

Data publikacji: 16/09/2016, Adam Krasuski

Tofsee, also known as Gheg, is another botnet analyzed by CERT Polska. Its main job is to send spam, but it is able to do other tasks as well. It is possible thanks to the modular design of this malware – it consists of the main binary (the one user downloads and infects with), which [...] Read more

Necurs – hybrid spam botnet

Data publikacji: 02/09/2016, Adam Krasuski

Necurs is one of the biggest botnets in the world – according to MalwareTech there are a couple millions of infected computers, several hundred thousand of which are online at any given time. Compromised computers send spam email to large number of recipients – usually the messages are created to look like a request to check invoice [...] Read more