Report an incident
Read in Polish Read in polish
  • About us
  • News
  • FAQ
  • Analyses
  • Publications
  • Contact
Tag #DNS
  • 01 October 2015 piotrb #botnet #detection #detection system #detekcja #dga #DNS #NXDomain #system detekcji

    How non-existent domain names can unveil DGA botnets

    Article thumbnail

    Domain Generation Algorithms are used in botnets to make it harder to block connections to Command & Control servers and to make it difficult to takeover botnet infrastructure. The main objective of these algorithms is to generate a big number of different domain names which usually look random, like Read more

  • 06 May 2015 CERT Polska #analysis #botnet #dga #DNS

    DGA botnet domains: malicious usage of pseudo random domains

    Article thumbnail

    In the previous entry we showed examples of domains, which could be easily missclassified as DGA botnet domains. Most of them are machine generated and used in a non-malicious manner. In this entry, conversely, we will present examples of pseudo random domains, which could be used in attacks or be …

    Read more
  • 17 April 2015 CERT Polska #botnet #dga #DNS

    DGA botnet domains: on false alarms in detection

    Article thumbnail

    Domain Generation Algorithms are often used in botnets to create specially crafted domain names which point to C&C servers. The main purpose of this is to make it more difficult to block connections to these servers (for example with domain blacklists) or to protect the C&C channel (and …

    Read more
  • 11 March 2015 CERT Polska #bank #bankowość #DNS

    Another year, another wave of home router hacks

    Article thumbnail

    While researching incidents that are reported to us, we encountered a new campaign of attacks against Internet banking, this time utilizing hacked home routers. This is a variant of a method we have first observed more than a year ago. The criminals take over control of a home router and …

    Read more
  • 06 February 2014 CERT Polska #DNS

    Large-scale DNS redirection on home routers for financial theft

    Article thumbnail

    In late 2013 CERT Polska received confirmed reports about modifications in e-banking websites observed on… iPhones. Users were presented with messages about alleged changes in account numbers that required confirmation with mTANs. This behavior would suggest that some Zeus-like trojan had been ported to iOS. As this would be the …

    Read more
  • 16 December 2013 CERT Polska #DNS #malware

    A quick look at a (new?) cross-platform DDoS botnet

    Article thumbnail

    At the beginning of December we started to observe a new botnet spreading on both Linux and Windows machines. In case of the Linux operating systems, the bot was installed through an SSH dictionary attack. The attacker logged in to compromised server and simply downloaded and executed a bot file …

    Read more
  • 15 April 2013 CERT Polska #botnet #DNS #malware #trojan

    Citadel plitfi botnet report

    Article thumbnail

    At the end of February 2013 Polish Research and Academic Computer Network and CERT Polska took over 3 domains used by one of the Citadel botnets, known as “plitfi”. All the network traffic from these domains was directed to a sinkhole server controlled by CERT Polska. Today we publish a …

    Read more
  • 21 February 2013 CERT Polska #botnet #dga #DNS #malware #raport #sinkhole #trojan

    Virut botnet report

    Article thumbnail

    At the end of January and the beginning of February 2013 NASK (Research and Academic Computer Network) — the .pl ccTLD Registry — and its security team CERT Polska took over 43 .pl domains used to control the Virut botnet and to spread malicious applications. As a result of this action, all …

    Read more

The CERT Polska team operates within the structures of NASK (Research and Academic Computer Network) — a research institute which conducts scientific studies, operates the national .pl domain registry and provides advanced IT services.

Social media

Facebook Twitter GitHub

Contact

ul. Kolska 12, PL-01-045 Warsaw, Poland
tel.: +48 22 380 82 74
fax: +48 22 380 83 99
ePUAP: /NASK-Instytut/SkrytkaESP

E-mail: [email protected]
Incidents: [email protected]

Co-financed by the Connecting Europe Facility of The European Union
  • © 2023 NASK
  • Privacy policy
  • CSIRT GOV
  • CSIRT MON