Tag: luka

Testing Heartbleed from the client-side perspective

Date of publication: 18/04/2014, CERT Polska

heartbleed-iconIn the last week or so infosec headlines were dominated by reports in the OpenSSL vulnerability (CVE-2014-0160). We blogged on what the situation looked like in regard to Polish services and address space (and TOR as well). It is worth noting however that the OpenSSL library is used not only in the server software. It is also very common element of the client software. What does that mean? If a client software that is using a vulnerable version of OpenSSL connects to a crafted malicious server, the server can ‘download’ a portion of data from client memory. This portion may contain data on which software operates, i.e. password for a database or configuration.
Read more

Malware campaign on Polish governmental site

Date of publication: 20/05/2013, CERT Polska

malware-icon

CERT Polska and CERT.GOV.PL recently discovered a website in the gov.pl domain that has been a part of malware campaign at least since the beginning of May 2013. The page contained a JavaScript code that added a hidden iframe which redirected to the exploit kit. Next, with the help of “Smoke Loader”, two binaries containing malware were downloaded. The first binary was a FakeAV software, which forced the user to buy a “full version” with the promise that it will remove all of the imaginary problems with her machine. The second binary contained a Kryptik trojan, which steals information from a large variety of FTP, SSH and WWW clients. It also steals SSL certificates used to sign code and performs a dictionary attack on the current logged user account. Both of them contain various techniques which are meant to prevent disassembly and debugging.
Read more