2018, Antivirus and DNS - Cyber Security Informer

Some Fortinet products used hardcoded keys and weak encryption for communications

Security Affairs

NOVEMBER 26, 2019

Security researchers from SEC Consult Vulnerability Lab discovered that multiple Fortinet products use a weak encryption cipher (“XOR” with a static key) and cryptographic keys to communicate with the FortiGuard Web Filter, AntiSpam and AntiVirus cloud services. UDP ports 53, 8888 and TCP port 80 (HTTP POST /fgdsvc).

Encryption

Encryption Antivirus Advertising DNS

Crackonosh Monero miner made $2M after infecting 222,000 Win systems

Security Affairs

JUNE 27, 2021

“While the Windows system is in safe mode antivirus software doesn’t work. The researchers started investigating the threat after they became aware that the malware was disabling and uninstalling its antivirus from infected devices. “It also uses WQL to query all antivirus software installed SELECT * FROM AntiVirusProduct.”

Antivirus

Antivirus Cryptocurrency Malware Software

A Deep Dive Into the Residential Proxy Service ‘911’

Krebs on Security

JULY 18, 2022

These two software are currently unknown to most if not all antivirus companies.” “Using the internal router, it would be possible to poison the DNS cache of the LAN router of the infected node, enabling further attacks.” The Exe Clean service made malware look like goodware to antivirus products.

VPN

VPN Computers and Electronics Antivirus Software

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Security Affairs

JUNE 22, 2021

The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. Experts pointed out that the number of infected systems could be far greater because data provided by AVAST are only related to systems running their antivirus solution.

DNS

DNS Internet Internet Malware

Who’s In Your Online Shopping Cart?

Krebs on Security

NOVEMBER 4, 2018

Sometimes, antivirus products will detect the presence of these malicious scripts and block users from visiting compromised sites, but for better or worse none of the sites I mentioned here currently are flagged as malicious by any of the more than five dozen antivirus tools at the file-scanning service virustotal.com.

Antivirus

Antivirus Hacking Internet Internet

Chinese-speaking cybercrime gang Rocke changes tactics

Security Affairs

OCTOBER 15, 2019

The cybercrime organization was first spotted in April 2018 by researchers at Cisco Talos, earlier 2019 researchers from Palo Alto Networks Unit42 found new malware samples used by the Rocke group for cryptojacking that uninstalls from Linux servers cloud security and monitoring products developed by Tencent Cloud and Alibaba Cloud.

Cybercrime

Cybercrime DNS Malware Advertising

“FudCo” Spam Empire Tied to Pakistani Software Firm

Krebs on Security

SEPTEMBER 6, 2021

The common acronym in nearly all of Saim Raza’s domains over the years — “FUD” — stands for “ F ully U n- D etectable,” and it refers to cybercrime resources that will evade detection by security tools like antivirus software or anti-spam appliances.

Software

Software Phishing Cybercrime Accountability

The return of the AdvisorsBot malware

Security Affairs

FEBRUARY 1, 2019

Security experts at Cybaze – Yoroi ZLab have analyzed a new sample of the AdvisorsBot malware, a downloader that was first spotted in August 2018. Last DNS activity was in December 2018. Figure 14 – previous DNS of C2. As usual, the malware looks like a legitimate e-mail attachment, named as “invoice.doc”.

Malware

Malware DNS Social Engineering Advertising

FIN7 Hackers group is back with a new loader and a new RAT

Security Affairs

OCTOBER 12, 2019

In August 2018, three members of the notorious cybercrime gang have been indicted and charged with 26 felony counts of conspiracy, wire fraud, computer hacking, access device fraud and aggravated identity theft. . The messages sent to the victims were also dropping the backdoor DNSbot that primarily operates over DNS traffic.

Identity Theft

Identity Theft Hacking Advertising DNS

Security Affairs newsletter Round 221 – News of the week

Security Affairs

JULY 7, 2019

Firefox finally addressed the Antivirus software TLS Errors. Sodin Ransomware includes exploit for Windows CVE-2018-8453 bug. Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH). A cyberattack took offline websites of the Georgia agency. After 2 years under the radars, Ratsnif emerges in OceanLotus ops.

Scams

Scams Spyware Advertising DNS

Apple removed the popular app Adware Doctor because steals user browsing history

Security Affairs

SEPTEMBER 8, 2018

— Privacy 1st (@privacyis1st) August 20, 2018. Patrick Wardle by redirecting DNS resolution was able to capture the exfiltrated data: The history.zip file is exfiltrated to a remote to dscan.yelabapp.com that is hosted on Amazon AWS servers, but the analysis of the DNS entries confirms that it is administered by an entity in China.

Adware

Adware DNS Malware Advertising

StripedFly: Perennially flying under the radar

SecureList

OCTOBER 25, 2023

This archive is discreetly hosted on legitimate websites, cleverly disguised as firmware binaries for enigmatic devices labeled “m100” The Bitbucket repository was created on June 21, 2018, under the account of Julie Heilman, and it remains the sole repository associated with this profile. As of 2023, it is trading at around $150.

Malware

Malware DNS Encryption Cryptocurrency

How to Improve Email Security for Enterprises & Businesses

eSecurity Planet

JUNE 8, 2023

It can be time consuming to establish these protocols on an organization’s DNS servers, but doing so will provide two key benefits. Email security tools offer features that screen emails for malicious content using antivirus, anti-spam, DNS, attachment, and other analytics.

Firewall

Firewall DNS Authentication Malware

IT threat evolution Q3 2021

SecureList

NOVEMBER 26, 2021

In June, more than six months after DarkHalo had gone dark, we observed the DNS hijacking of multiple government zones of a CIS member state that allowed the attacker to redirect traffic from government mail servers to computers under their control – probably achieved by obtaining credentials to the control panel of the victims’ registrar.

Malware

Malware Banking Energy and Utilities Accountability

APT trends report Q1 2021

SecureList

APRIL 27, 2021

Although Lyceum still prefers taking advantage of DNS tunneling, it appears to have replaced the previously documented.NET payload with a new C++ backdoor and a PowerShell script that serve the same purpose. Moreover, the malware mentioned by Google matched ThreatNeedle – malware that we have been tracking since 2018.

Malware

Malware Government Spyware Social Engineering

IT threat evolution Q3 2023

SecureList

DECEMBER 1, 2023

Upon startup, this backdoor makes a type A DNS request for the <hex-encoded 20-byte string> u.fdmpkg[.]org After parsing the response to the DNS request, the backdoor launches a reverse shell, using the secondary C2 server for communications. org domain. We also published a report on a new version of the Lumma stealer.

Malware

Malware Ransomware Encryption Energy and Utilities

Why Malware Crypting Services Deserve More Scrutiny

Krebs on Security

JUNE 21, 2023

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or “crypt” your malware so that it appears benign to antivirus and security products. The registration records for the website Cryptor[.]biz ” Crypt[.]guru’s

Malware

Malware Antivirus Cybercrime Hacking

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Russian software engineer Eugene Kaspersky’s frustration with the malware of the 80s and 90s led to the founding of antivirus and cybersecurity vendor Kaspersky Lab. Graham Cluley started as a videogame developer and antivirus programmer three decades ago before serving in senior roles at Sophos and McAfee.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

Indictment, Lawsuits Revive Trump-Alfa Bank Story

Krebs on Security

SEPTEMBER 23, 2021

Since 2018, access to an exhaustive report commissioned by the U.S. The data at issue refers to communications traversing the Domain Name System (DNS), a global database that maps computer-friendly coordinates like Internet addresses (e.g., DNS lookups from Alfa Bank constituted the majority of those requests. trump-email.com).

Banking

Banking DNS Internet Internet

Cyber Security Informer

Some Fortinet products used hardcoded keys and weak encryption for communications

Crackonosh Monero miner made $2M after infecting 222,000 Win systems

Trending Sources

A Deep Dive Into the Residential Proxy Service ‘911’

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Who’s In Your Online Shopping Cart?

Chinese-speaking cybercrime gang Rocke changes tactics

“FudCo” Spam Empire Tied to Pakistani Software Firm

The return of the AdvisorsBot malware

FIN7 Hackers group is back with a new loader and a new RAT

Security Affairs newsletter Round 221 – News of the week

Apple removed the popular app Adware Doctor because steals user browsing history

StripedFly: Perennially flying under the radar

How to Improve Email Security for Enterprises & Businesses

IT threat evolution Q3 2021

APT trends report Q1 2021

IT threat evolution Q3 2023

Why Malware Crypting Services Deserve More Scrutiny

Top Cybersecurity Accounts to Follow on Twitter

Indictment, Lawsuits Revive Trump-Alfa Bank Story

Stay Connected