Category: Posty

Win a Honeynet Workshop pass! (UPDATE)

Date of publication: 02/04/2014, CERT Polska

hnp-workshop-crackmeDo you want to attend the Honeynet Workshop Conference in Warsaw? If you solve our CrackMe and you will be the first one to do, you can win a free conference pass. The task is to find “flags” – strings connected to the file that we made specifically for this competition. You should use your creativity and skills to find all of the flags and you will get to be at the place where the world-famous IT security specialist will present and debate their ideas.

Read more

Konferencja Honeynet Workshop w Warszawie

Date of publication: 11/03/2014, CERT Polska

hnp_conf_stickerW dniach 12 – 14 maja w Centrum Konferencyjnym Adgar Plaza fundacja The Honeynet Project przy wsparciu CERT Polska oraz NASK organizuje konferencję “2014 Honeynet Project Security Workshop”. Wydarzenie już od kilku lat gromadzi najlepszych ekspertów bezpieczeństwa sektora ICT z całego świata, którzy prezentują wyniki swoich badań, nowe narzędzia i metody walki z zagrożeniami we współczesnym Internecie oraz zachęcają do wspólnej dyskusji i wymiany doświadczeń. Konferencja potrwa trzy dni: dwa poświęcone będą na prezentacje oraz pokazy działania narzędzi tworzonych przez członków fundacji, a ostatniego dnia uczestnicy będą mogli wziąć udział w szkoleniach prowadzonych przez ekspertów i uzyskać praktyczne umiejętności w tematyce takiej jak reverse engineering, walka z botnetami czy bezpieczeństwo technologii wirtualizacji.

Read more

Large-scale DNS redirection on home routers for financial theft

Date of publication: 06/02/2014, CERT Polska

malware-mitr

In late 2013 CERT Polska received confirmed reports about modifications in e-banking websites observed on… iPhones. Users were presented with messages about alleged changes in account numbers that required confirmation with mTANs. This behavior would suggest that some Zeus-like trojan had been ported to iOS. As this would be the first confirmed case of such malware targeting the platform, and at the same time it targeted Polish e-banking users, it immediately attracted our attention. Internally we have come up with several scenarios of how it might have happened, but unfortunately were not able to gather enough first-hand data about the case to rule out any options.Read more

Ogłoszenie wyników konkursu na logo CERT.pl

Date of publication: 24/01/2014, CERT Polska

Z przyjemnością informujemy, że konkurs na logo CERT Polska wygrał pan Wojciech Janicki. W naszej opinii właśnie ten projekt najlepiej oddaje charakter zespołu CERT Polska, a także odznacza się estetyką, prostotą i czytelnością komunikatu wizualnego.

Gratulujemy zwycięzcy i dziękujemy wszystkim uczestnikom konkursu.
Read more

New .NET banking malware (VBKlip): no network usage, no registry entries and no AV detection

Date of publication: 23/01/2014, CERT Polska

2014-01-21-iconWe recently blogged about a new strain of malware called VBKlip. This malware was aimed at Polish online banking users. In the last few days a new, revised version of this malware has resurfaced. This new version is written in .NET and has a few new ideas which seem to result in the fact that none of the three samples we were able to obtain were detected by any of the antivirus solutions present on VirusTotal. This is what makes this threat especially dangerous to the users. The new malware spreads as “Adobe Flash Player” and has an icon as the one on the left.
Read more

OTP stealer Android app masquerading as mobile antivirus targets Polish users

Date of publication: 17/12/2013, CERT Polska

malware-icon

The E-Security mobile malware appeared at the beginning of this year. This malware was targeting Polish online banking users, with the goal of stealing One Time Passwords (OTPs) used to confirm banking transactions. The attack was part of a bigger scheme. When the user computer was infected, it displayed an installation message when a user tried to log in to online banking website. This message instructed the user to install a mobile “certificate” app called “E-Security”. Recently this E-Security app was switched to a new one – more powerful and more dangerous, but essentially made for the same purpose – to steal OTPs sent via text messages to unknowing users.
Read more

A quick look at a (new?) cross-platform DDoS botnet

Date of publication: 16/12/2013, CERT Polska

malware-icon

At the beginning of December we started to observe a new botnet spreading on both Linux and Windows machines. In case of the Linux operating systems, the bot was installed through an SSH dictionary attack. The attacker logged in to compromised server and simply downloaded and executed a bot file. The malware itself is relatively simple – its only functionality is to perform DDoS attacks, mainly DNS Amplification. There is also a version targeting the Windows operating system, which installs a new service in order to gain persistence. The antivirus detectability is fairly high for Windows version: 34/48, while the Linux version is detected by only a couple of antivirus solutions: 3/47.
Read more

Konkurs na projekt logo dla CERT Polska

Date of publication: 18/11/2013, CERT Polska

Zespół CERT Polska działający w strukturach instytutu badawczego NASK zaprasza do konkursu na projekt logo dla nazwy skróconej zespołu: CERT.pl. Konkurs na logo CERT jest okazją wzięcia udziału w stworzeniu zupełnie nowego wizerunku dla krajowej jednostki bezpieczeństwa, która reprezentuje Polskę w wielu inicjatywach i dba o bezpieczeństwo polskiego Internetu. Z uwagi na unikalny charakter zespołu CERT Polska zmierzenie się z tym projektem może być ciekawym wyzwaniem dla każdego uczestnika konkursu.
Read more

What’s new, security-wise, in Android KitKat?

Date of publication: 08/11/2013, Łukasz Siewierski

malware-iconOn the 31st of October Google released a new version of the Android Operating System – 4.4 called KitKat. This version introduces a number of new features, including a handful of security improvements. It also introduces a new approach to SMS and MMS handling, which breaks the compatibility of some Android malware and makes it easier for users to spot a malware infection. This security improvement comes as a side effect to the new system-wide approach to messaging applications.
Read more