Peeking at Pkybot

Dennis Schwarz

For the past few months ASERT has been keeping an eye on a relatively new banking malware (“banker”) known as “Pkybot”. It is also being classified as a variant of “Bublik”, but the former is much more descriptive of the malware. This post will take a peek at some of the bits and pieces of […]

ZeusVM: Bits and Pieces

Dennis Schwarz

ZeusVM is a relatively new addition to the Zeus family of malware. Like the other Zeus variants, it is a banking trojan (“banker”) that focuses on stealing user credentials from financial institutions. Although recent attention has been on non-Zeus based bankers such as Neverquest and Dyreza, ZeusVM is still a formidable threat. At the time […]

Defending the White Elephant

Curt Wilson

Click here to download the full report that includes attack details, TTPs and indicators of compromise.   Myanmar is a country currently engaged in an important political process. A pro-democracy reform took place in 2011 which has helped the government create an atmopshere conducive to investor interest. The country is resource rich, with a variety of […]

Espionage, Spying and Big Corporate Data, These Are a Few of China’s Favorite Things

ASERT provides a weekly threat bulletin for Arbor customers that highlights and analyzes the week’s top security events and provides other pertinent infosec material. Recently, we covered the public notification of a United Airlines breach by possible Chinese state-sponsored threat actors. In this blog, we offer an alternative hypothesis to the conclusions many have drawn […]

An Update on the UrlZone Banker

Dennis Schwarz

UrlZone is a banking trojan that appeared in 2009. Searching its name or one of its aliases (Bebloh or Shiotob) reveals a good deal of press from that time period along with a few technical analyses in 2009 [1] [2], 2012 [3], and 2013 [4]. Despite having a reputation of evolution, there doesn’t seem to […]

Flu season starting early: the H1N1 Loader

Jeff Edwards

The H1N1 Loader appears to be a relatively new downloader family that, to the best of our knowledge, was initially discovered and analyzed by the security community in May 2015. We have seen several samples show up in our malware zoo this Spring and have documented our preliminary findings from a network communications perspective in a […]

Attack of the Shuriken 2015: Many Hands, Many Weapons

Curt Wilson

The expected evolution of DDoS attacks continues. Attack sizes increase over time, tools become easier to use, more threat actors are launching attacks, older attack techniques have become commoditized and new attack techniques are added to the mix on a regular basis. Attacks are cheap, easy, and extremely common. The criminal underground continues to provide […]

DD4BC DDoS Extortion Threat Activity

Curt Wilson

For the last year or so, an individual or organization calling itself DD4BC (‘DDoS for Bitcoin’) has been rapidly increasing both the frequency and scope of its DDoS extortion attempts, shifting target demographics from Bitcoin exchanges to online casinos and betting shops and, most recently, to prominent financial institutions (banks, trading platforms and payment acquirers) across the United […]

How to Become an Internet Supervillain in Three Easy Steps

One of the truisms of comic books and graphic novels is that nothing is immutable – both heroes and villains are rebooted, retconned, featured as radically (or subtly) different versions in alternate timelines, etc. The Marvel Cinematic Universe, which so far includes the Captain America, Thor,Hulk, Iron Man, and Avengers films, is a good example. […]