Tag: raport

Estimating size of the botnets in Poland

Date of publication: 19/05/2014, CERT Polska

computer_wormAnnual CERT Polska report will soon be available on our website for download. This year we decided not only to include statistical data (which will be moved to a separate section), but also describe trends and events that were important according to us and were observed in the last year. While you wait for the report, you can read a short fragment of the report below. It contains a description of the method we used to estimate the botnet size and results of this estimations. Some of the referenced material has been removed to improve readability, but it will be available in the final version of the report.

Read more

Takeover of Domain Silver, Inc .pl domains – updated with sinkhole statistics

Date of publication: 23/08/2013, CERT Polska

On 30th of July, 2013 NASK terminate its agreement with a registrar, Domain Silver, Inc. We described the reason for that decision in a detailed technical report. Today we publish an updated version of the report with our sinkhole statistics. These statistics were made from 20 different botnets sinkholed by our servers. All of them used domains registered through Domain Silver, Inc. These are not all of the botnets that used Domain Silver as the registrar, but only ones that were sinkholed as of 23rd of July 2013. The botnet malware included ZeuS ICE IX, Citadel, Andromeda/Gamarue and Dorkbot/NgrBot. Among them is also the Citadel plitfi botnet, the takedown of which we described previously in a detailed report. Highlights from the gathered data are:
Read more

Anti-botnet effort continues – takeover of Domain Silver, Inc .pl domains

Date of publication: 31/07/2013, CERT Polska

Today we publish an overview of domains registered through Domain Silver, Inc, a registrar operating in the .pl domain. This Registrar started operating in May 2012. Since that time, the CERT Polska team started to observe a large increase in the amount of malicious domains registered in .pl and to receive many complaints concerning domains registered through Domain Silver. Most of the malicious domains present in the .pl were registered through Domain Silver. In May 2013, dozens of domains used for botnet C&C purpose were seized and sinkholed by NASK and CERT Polska. Following further unsuccessful attempts to remedy the situation, NASK (the .pl ccTLD registry) decided to terminate its agreement with the Registrar. In the following sections of the document we explain what the malicious domains registered were used for (as of 9th July 2013), what botnets used the domains and why they posed a threat to the Internet community.
Read more

ZeuS-P2P internals – understanding the mechanics: a technical report

Date of publication: 07/06/2013, CERT Polska


At the beginning of 2012, we wrote about the emergence of a new version of ZeuS called ZeuS-P2P or Gameover. It utilizes a P2P (Peer-to-Peer) network topology to communicate with a hidden C&C center.This malware is still active and it has been monitored and investigated by CERT Polska for more than a year. In the second half of 2012, it directly affected the Polish users, namely that of internet banking.
Read more

ENISA publikuje raport CERT Polska o honeypotach

Date of publication: 26/11/2012, CERT Polska

W zeszłym tygodniu Europejska Agencja ds. Bezpieczeństwa Informacji – ENISA – opublikowała raport o zastosowaniu honeypotów do wykrywania zagrożeń sieciowych: „Proactive Detection of Security Incidents: Honeypots”. Studium wykonane zostało przez zespół CERT Polska. Jest to pierwsze tak obszerne badanie tej technologii pod kątem jej użyteczności do pracy zespołów typu CERT. W przeciwieństwie do poprzednich badań akademickich dotyczących honeypotów, staraliśmy się przyjąć bardzo praktyczne podejście do oceny istniejących rozwiązań typu honeypot.

Read more

CERT Polska Semiannual Report: January-June 2011

Date of publication: 21/10/2011, CERT Polska

CERT Polska

Our first semiannual report, covering period from January to June 2011 is focused on information from automated systems. We have received almost 4 million automated incident reports and we grouped them in major categories such as spam sources, phishing, malware, bots or DDoS attacks. We discuss our findings in the context of the 2010 annual report, indicating some important changes (some of which we are not able to fully explain). Some noteworthy observations are in the area of malware distribution and phishing in Polish networks, as well as spam sources and bots location. Among other discussions, we try to pinpoint some factors that break the apparently obvious correlation between the last two indicators. You can download the report in English from the following URL: http://www.cert.pl/PDF/Report_CP_1H2011.pdf

Read more