Today we announced our recent discovery of a network of 1.9 million infected computers controlled by cybercriminals. This is one of the largest bot networks controlled by a single team of cybercriminals (or cybergang) that we found this year. In this blog post we will provide you with additional details about this network, the malware in use and how the operators are using it to make money – after all, this is the main drive for cybercrime today. We found that the botnet’s command ... [More]

In our recent Cybercrime Intelligence report, we described the business side of the Golden Cash botnet. In this blog post, we will provide you with more technical information about the botnet C&C server and the attack lifecycle. Here is how it works: A user visits a legitimate compromised website which contains malicious Iframe. This Iframe causes the victim’s browser to pull the exploit code from a server armed with the exploit toolkit. Upon successful exploitation, a special buil... [More]

A new 0-day attack has hit the web recently. The reported vulnerability is associated with Microsoft Windows TV Tuner library, 'MPEG2TuneRequest' Object and can be exploited via a malformed Web page. The attack enables remote code execution (RCE) on the targeted machine. Exploit code has already been spotted on the web. Here is a code snippet of the 0-day exploit as detected: Utilizing patented real-time code analysis technologies, Finjan’s unified secure web gateway blocks the 0-day a... [More]

A new 0-day attack has hit the web recently. The reported vulnerability is associated with Microsoft Windows TV Tuner library, 'MPEG2TuneRequest' Object and can be exploited via a malformed Web page. The attack enables remote code execution (RCE) on the targeted machine. Exploit code has already been spotted on the web. Here is a code snippet of the 0-day exploit as detected: Utilizing patented real-time code analysis technologies, Finjan’s unified secure web gateway blocks the 0-day a... [More]

As you probably security companies are using sandboxes in order to analyze viruses. You might be familiar with some of those sandboxes like CWSandbox, Anubis, etc... Those analysis tools run the virus on a virtual host for a limited time, and report to the user about the virus’s activities. Recently, I analyzed an interesting virus, besides the fact that this virus steals sensitive data from the user, it also connects every several minutes to an FTP account and uploads 2 files. I to... [More]