Category: Posty

We see scanning for vulnerable BMC modules

Date of publication: 30/06/2014, CERT Polska

Since Dan Farmer published his latest article on BMC vulnerabilities, ARAKIS system records increased rate of UDP port 623 scans, coming from China, USA, Islandia, Romania and Netherlands.

The revealed vulnerabilities allow to gain control of the servers’ online management modules, which control power and gathers status information from the server hardware.

The chart below is generated by the ARAKIS system and shows that regular scanning started after the publication of Dan Farmer’s article on 23th of June.

There are 189 vulnerable servers in Poland.




E-mail trojan attack on and online auction website clients

Date of publication: 25/06/2014, CERT Polska

slammerDuring the last few days, we have observed an attack on Polish users of auction website and a hotel reservation portal – These attacks were directed at Polish users. Victims received a personalized e-mail that informed them that their account has been blocked either due to the outstanding fees or due to the inappropriate auction content. In case of users were led to believe that they made a reservation and an invoice for that reservation is included in the e-mail message. Both campains had nearly identical infection schemes, which makes it very likely that they were performed by the same person or group.
Read more

A look on the VBKlip “battlefield”

Date of publication: 29/05/2014, CERT Polska

loveletter1On multiple occasions we informed about a new threat to Polish online banking users, which we named VBKlip. This is a new kind of malware that substitutes the bank account number that has been copied to the clipboard. This works when we try to, e.g. pay a bill, and we copy the bank account number to paste it to the online banking wire transfer page. Instead of paying the bill we send that money to the attacker. In this article, we publish a detailed analysis of this threat. We consider it a serious threat, because we constantly receive reports from users that they have been infected with it and their money has been stolen.

Read more

Polish team wins NATO exercise

Date of publication: 26/05/2014, CERT Polska


Locked Shields is an readiness testing exercise where security specialists teams from 17 countries compete defending a realistically simulated network from outside attacks. This year the winning team was from Poland, and it included representatives of CERT Polska. Other competitors were coming from Estonia, Finland, NATO CIRC, Italy, Spain, Germany & the Netherlands, Turkey, Latvia & Czech Republic, Hungary, France, Austria & Lithuania.
Read more

Estimating size of the botnets in Poland

Date of publication: 19/05/2014, CERT Polska

computer_wormAnnual CERT Polska report will soon be available on our website for download. This year we decided not only to include statistical data (which will be moved to a separate section), but also describe trends and events that were important according to us and were observed in the last year. While you wait for the report, you can read a short fragment of the report below. It contains a description of the method we used to estimate the botnet size and results of this estimations. Some of the referenced material has been removed to improve readability, but it will be available in the final version of the report.

Read more

Testing Heartbleed from the client-side perspective

Date of publication: 18/04/2014, CERT Polska

heartbleed-iconIn the last week or so infosec headlines were dominated by reports in the OpenSSL vulnerability (CVE-2014-0160). We blogged on what the situation looked like in regard to Polish services and address space (and TOR as well). It is worth noting however that the OpenSSL library is used not only in the server software. It is also very common element of the client software. What does that mean? If a client software that is using a vulnerable version of OpenSSL connects to a crafted malicious server, the server can ‘download’ a portion of data from client memory. This portion may contain data on which software operates, i.e. password for a database or configuration.
Read more

Heartbleed in TOR (and in Poland)

Date of publication: 11/04/2014, CERT Polska

heartbleed-iconIn the last few days the most popular vulnerability seems to be CVE-2014-0160. This two years old vulnerability was in OpenSSL library, versions 1.0.1a-f, and allows to read a part of the memory of the process. The use of this library is very prevalent not only in the server environments (e.g. WWW, or mail), but also on desktops in some client applications. However, the most popular browsers are not affected in any way. We publish our analysis of this CVE and its effect on TOR and Polish network. Information on the Electronic Frontier Foundation Deeplinks blog allows to speculate that the intelligence agencies knew about the bug a year ago and actually used it.

Read more

Honeynet Project Workshop CrackMe Solution

Date of publication: 07/04/2014, CERT Polska

hnp-crackme-crackedWe have announced a CrackMe challenge, which allowed you to win a free pass for the Honeynet Workshop 2014 in Warsaw. Today, we closed the challenge, because the winners have already submitted 10 flags. The winners are Dariusz Tytko (from Poland) and @_zairon_, who also posted his solution to our CrackMe on his blog. We also include our solution below. Of course, if you still are solving it, the solution below contains spoilers.

Read more

SECURE 2014 Call for Speakers is Now Open

Date of publication: 07/04/2014, CERT Polska

SECURE 2014 is a conference dedicated entirely to IT security and addressed to administrators, security team members and practitioners in this field. SECURE’s unique feature is the organisers’ commitment to providing participants with reliable information about everything that is current and meaningful in IT security. A high professional level of the talks is ensured by CERT Polska during the paper selection process. Particular emphasis is on practical solutions, analysis of the current threats, latest trends in countering threats as well as important legal issues. Participants have an opportunity to gain the latest knowledge, improve their qualifications and exchange experience with experts.
Read more