• Evolution of an Android malware: the story of a friend of ZitMo

    Article thumbnail

    Recently we blogged about a new threat to Polish e-banking users called “E-Security”. When a user, whose machine was infected, tried to access her internet banking site she was greeted with a message that instructed her to install “E-Security Certificate” application on her Android phone. This “certificate” was nothing more …

    Read more
  • 07 June 2013 CERT Polska #malware

    ZeuS-P2P internals – understanding the mechanics: a technical report

    Article thumbnail

    At the beginning of 2012, we wrote about the emergence of a new version of ZeuS called ZeuS-P2P or Gameover. It utilizes a P2P (Peer-to-Peer) network topology to communicate with a hidden C&C center.This malware is still active and it has been monitored and investigated by CERT Polska …

    Read more
  • Malware campaign on Polish governmental site

    Article thumbnail

    CERT Polska and CERT.GOV.PL recently discovered a website in the gov.pl domain that has been a part of malware campaign at least since the beginning of May 2013. The page contained a JavaScript code that added a hidden iframe which redirected to the exploit kit. Next, with …

    Read more
  • The “E-Security” app: a new friend of ZitMo

    Article thumbnail

    Recently, we obtained a new Android malware sample, which is targeting Polish e-banking users. The application is called “E-Security” and its filename is e-security.apk . It also has a security-related icon shown on the left. The malware is relatively simple, but effective at achieving its goals …

    Read more
  • 23 April 2013 CERT Polska

    CERT Polska Annual Report 2012

    Article thumbnail

    Our Annual Report for 2012 is based mostly on data feeds from various automated systems. They provided us with information on more than 10.5 million of incidents in Polish networks last year. Most of this data is consequently passed on via n6 platform to corresponding Internet providers for handling …

    Read more
  • Citadel plitfi botnet report

    Article thumbnail

    At the end of February 2013 Polish Research and Academic Computer Network and CERT Polska took over 3 domains used by one of the Citadel botnets, known as “plitfi”. All the network traffic from these domains was directed to a sinkhole server controlled by CERT Polska. Today we publish a …

    Read more
  • 08 April 2013 CERT Polska #ENISA #raport

    In-depth look at Kippo: an integration perspective

    Article thumbnail

    Brute-force (dictionary) attacks on Secure Shell (SSH) services remain popular on the Internet. Although hardly a sophisticated type of attack, it is relatively effective, and one of the most common intrusion vectors for UNIX servers. Kippo is a low-interaction honeypot emulating the SSH service. The honeypot can be used to …

    Read more
  • Virut botnet report

    Article thumbnail

    At the end of January and the beginning of February 2013 NASK (Research and Academic Computer Network) — the .pl ccTLD Registry — and its security team CERT Polska took over 43 .pl domains used to control the Virut botnet and to spread malicious applications. As a result of this action, all …

    Read more
  • 23 January 2013 CERT Polska

    Honeyspider Network 2.0

    Article thumbnail

    The project is a joint venture between NASK/CERT Polska (Poland) and National Cyber Security Centre (Netherlands). Goal of this system is to determine whether a site is malicious to the end-user. Scalability and ability to combine output from multiple client honeypots makes it an effective way of detecting malicious …

    Read more
  • 18 January 2013 CERT Polska #botnet

    NASK shuts down dangerous Virut botnet domains

    Article thumbnail

    NASK has taken over multiple domains used for cybercrime activities, making their further usage for illegal purposes impossible. The domain names were used to spread and control dangerous malware known as “Virut” . NASK’s actions are aimed at protecting Internet users from threats that involved the botnet built with Virut-infected …

    Read more