Support

Archive | Backdoors

View all postings from the Malware – Backdoors category in “Security to the Core,” the Arbor Networks Security Engineering and Response Team Blog.

Illuminating The Etumbot APT Backdoor

The Arbor Security Engineering Response Team (ASERT) has released a research paper concerning the Etumbot malware. Etumbot is a backdoor used in targeted attacks since at least March 2011. Indicators suggest that Etumbot is associated with the Numbered Panda group, also known as IXEHSE, DynCalc, and APT12.  Although previous research has covered related malware, little […]

Continue Reading

Into the Light of Day: Uncovering Ongoing and Historical Point of Sale Malware and Attack Campaigns

Point of Sale systems that process debit and credit cards are still being attacked with an increasing variety of malware. Over the last several years PoS attack campaigns have evolved from opportunistic attacks involving crude theft of card data with no centralized Command & Control, through memory scraping PoS botnets with centralized C&C and most […]

Continue Reading

Happy Holidays: Point of Sale Malware Campaigns Targeting Credit and Debit Cards

Inside Recent Point-of-Sale Malware Campaign Activities Curt Wilson, Dave Loftus, Matt Bing An active Point of Sale (PoS) compromise campaign designed to steal credit and debit card data using the Dexter and Project Hook malware has been detected. Indicators of compromise will be provided for mitigation and detection purposes. Prior to the publication of this […]

Continue Reading

Fort Disco Bruteforce Campaign

In recent months, several researchers have highlighted an uptick in bruteforce password guessing attacks targeting blogging and content management systems. Arbor ASERT has been tracking a campaign we are calling Fort Disco that began in late May 2013 and is continuing. We’ve identified six related command-and-control (C&C) sites that control a botnet of over 25,000 infected Windows […]

Continue Reading

Things in 3FN

I think by this time folks know about the FTC action against 3FN (Triple Fiber Network). Here’s some of the stuff we had tracked there over the years. WinReanimator, Cutwail botnet activity. RogueAV in many forms including TubeStreamDrivers, av-pro-2009.com, do-make-progress.com, and related domains Pinch controllers Dialers Fake cracks and tools like Bosmedia.org Pushdo controllers manda.php […]

Continue Reading

“Baiting” Web Surfers

In case you haven’t already heard, a variety of websites, including those with content about “fish and tackle,” have been identified as having been compromised so that when people browser to the site, they’re then re-directed to an alternate location, where the host is then compromised so that attackers could then steal potentially sensitive data, […]

Continue Reading