Today we announced our recent discovery of a network of 1.9 million infected computers controlled by cybercriminals. This is one of the largest bot networks controlled by a single team of cybercriminals (or cybergang) that we found this year. In this blog post we will provide you with additional details about this network, the malware in use and how the operators are using it to make money – after all, this is the main drive for cybercrime today. We found that the botnet’s command ... [More]

In our recent Cybercrime Intelligence report, we described the business side of the Golden Cash botnet. In this blog post, we will provide you with more technical information about the botnet C&C server and the attack lifecycle. Here is how it works: A user visits a legitimate compromised website which contains malicious Iframe. This Iframe causes the victim’s browser to pull the exploit code from a server armed with the exploit toolkit. Upon successful exploitation, a special buil... [More]

As you probably security companies are using sandboxes in order to analyze viruses. You might be familiar with some of those sandboxes like CWSandbox, Anubis, etc... Those analysis tools run the virus on a virtual host for a limited time, and report to the user about the virus’s activities. Recently, I analyzed an interesting virus, besides the fact that this virus steals sensitive data from the user, it also connects every several minutes to an FTP account and uploads 2 files. I to... [More]