News

  • Virut botnet report

    Article thumbnail

    At the end of January and the beginning of February 2013 NASK (Research and Academic Computer Network) — the .pl ccTLD Registry — and its security team CERT Polska took over 43 .pl domains used to control the Virut botnet and to spread malicious applications. As a result of this action, all …

    Read more
  • 23 January 2013 CERT Polska

    Honeyspider Network 2.0

    Article thumbnail

    The project is a joint venture between NASK/CERT Polska (Poland) and National Cyber Security Centre (Netherlands). Goal of this system is to determine whether a site is malicious to the end-user. Scalability and ability to combine output from multiple client honeypots makes it an effective way of detecting malicious …

    Read more
  • 18 January 2013 CERT Polska #botnet

    NASK shuts down dangerous Virut botnet domains

    Article thumbnail

    NASK has taken over multiple domains used for cybercrime activities, making their further usage for illegal purposes impossible. The domain names were used to spread and control dangerous malware known as “Virut” . NASK’s actions are aimed at protecting Internet users from threats that involved the botnet built with Virut-infected …

    Read more
  • 15 October 2012 CERT Polska

    New paper on data sharing published

    Article thumbnail

    In September this year CERT Polska participated in the “Information Assurance and Cyber Defense” symposium organized by NATO’s Science and Technology Organization. Our paper, titled “Proactive Detection and Automated Exchange of Network Security Incidents”, investigates issues related to sharing security-related data among CERTs and other organizations. We attempted to …

    Read more
  • 11 October 2012 CERT Polska #dorkbot #malware

    Dorkbot likes to socialize and steals more than you can imagine

    Article thumbnail

    Recently there have been numerous reports about a new malware spreading through Skype. Since a couple of days, CERT Polska has also been taking an active role in disabling the Dorknet worm. A Polish security portal Niebezpiecznik.pl (article in Polish) mentioned that it also targets Polish users. We acquired …

    Read more
  • 14 September 2012 CERT Polska

    Do you really need Java?

    Article thumbnail

    In late August, Oracle has decided to release Java updates before the planned publication date on October 16 CPU (Critical Patch Update). According to reports update contains four security fixes. This year Oracle has already introduced 32 security fixes across all Java SE products. The immediate cause for the release …

    Read more
  • 13 August 2012 CERT Polska #malware

    More human than human – Flame’s code injection techniques

    Article thumbnail

    Flame aka Flamer aka Skywiper is a sophisticated trojan application discovered in 2012. Since then it has been the subject of extensive analysis by malware research community. The trojan has been recognized as extraordinarily complicatied, with a modular design and advanced algorithms. The degree of Flame’s complexity raised many …

    Read more
  • Ransomware: how to remove it, even when the computer does not boot?

    Article thumbnail

    We have recently published an article (in Polish) about ransomware malware (mainly WeelsOf) spreading in Poland. This kind of ransomware was initally mentioned on the abuse.ch blog: https://www.abuse.ch/?p=3718. It demands 100 Euro or 500 PLN in order to unlock our computer. We also published …

    Read more
  • Android malware sending Premium SMS targeting Polish users

    Article thumbnail

    CERT Polska received an Android malware sample. Both the application name ( poland_xxx.apk ) and its location (it was downloaded while visiting a popular Polish website, probably as a part of advertisement) may mean that Polish Internet users are targeted. Application sends three Permium-rate SMS, all of …

    Read more
  • 21 June 2012 CERT Polska #malware

    Analysis of a very social malware

    Article thumbnail

    Yesterday Polish security portal, Niebezpiecznik.pl, has informed about a new kind of malware spreading through Facebook (article in Polish). CERT Polska got a sample of this malicious software to analyse. Despite Facebook being not a new attack vector, this malware sample is very interesting. Currently it is detected by …

    Read more