Property:Link
From Botnets.fr
Jump to navigation
Jump to search
This is a property of type
URL
.
Usage
807
previous 500
20
50
100
250
500
next 500
Filter
<p>The <a target="_blank" rel="nofollow noreferrer noopener" class="external text" href="https://www.semantic-mediawiki.org/wiki/Help:Property_page/Filter">search filter</a> allows the inclusion of <a target="_blank" rel="nofollow noreferrer noopener" class="external text" href="https://www.semantic-mediawiki.org/wiki/Help:Query_expressions">query expressions</a> such as <code>~</code> or <code>!</code>. The selected <a target="_blank" rel="nofollow noreferrer noopener" class="external text" href="https://www.semantic-mediawiki.org/wiki/Query_engine">query engine</a> might also support case insensitive matching or other short expressions like:</p><ul><li><code>in:</code> result should include the term, e.g. '<code>in:Foo</code>'</li></ul><ul><li><code>not:</code> result should to not include the term, e.g. '<code>not:Bar</code>'</li></ul>
Showing 500 pages using this property.
"
"Crypto Ransomware" CTB-Locker (Critroni.A) on the rise
+
http://malware.dontneedcoffee.com/2014/07/ctb-locker.html
+
"NetTraveler is Running!" - Red Star APT attacks compromise high-profile victims
+
http://securelist.com/blog/research/35936/nettraveler-is-running-red-star-apt-attacks-compromise-high-profile-victims/
+
"njRAT" Uncovered
+
http://www.threatgeek.com/2013/06/fidelis-threat-advisory-1009-njrat-uncovered.html
+
'
'Tigger' trojan keeps security researchers hopping
+
http://www.darkreading.com/security/attacks-breaches/215800583/tigger-trojan-keeps-security-researchers-hopping.html
+
1
1940 IPs for a BHEK/ULocker server - Nexcess-Net
+
http://malware.dontneedcoffee.com/2012/09/ULockerAS36444BHEK.html
+
A
A DDoS family affair: Dirt Jumper bot family continues to evolve
+
https://asert.arbornetworks.com/a-ddos-family-affair-dirt-jumper-bot-family-continues-to-evolve/
+
A Foray into Conficker’s Logic and Rendezvous Points
+
https://www.usenix.org/legacy/events/leet09/tech/full papers/porras/porras.pdf
+
A ScarePakage variant is targeting more countries : impersonating Europol and AFP
+
http://malware.dontneedcoffee.com/2014/08/scarepackageknstant.html
+
A case study on Storm worm
+
http://static.usenix.org/event/leet08/tech/full papers/holz/holz html/
+
A chat with NGR Bot
+
http://resources.infosecinstitute.com/ngr-rootkit/
+
A new iteration of the TDSS/TDL-4 malware using DGA-based command and control
+
https://www.damballa.com/downloads/r pubs/damballa discovery brief 9 2012.pdf
+
A peek inside the Darkness (Optima) DDoS Bot
+
http://blog.webroot.com/2012/03/08/a-peek-inside-the-darkness-optima-ddos-bot/
+
A peek inside the PickPocket botnet
+
http://www.webroot.com/blog/2012/01/06/a-peek-inside-the-pickpocket-botnet/
+
A quick update on spambot Kelihos
+
http://www.abuse.ch/?p=4878
+
A study of the Ilomo / Clampi botnet
+
http://www.trendmicro.com/us/security-intelligence/research-and-analysis/index.html
+
A study on botnet detection techniques
+
http://www.ijsrp.org/research paper apr2012/ijsrp-apr-2012-113.pdf
+
APT1: technical backstage
+
http://www.malware.lu/Pro/RAP002 APT1 Technical backstage.1.0.pdf
+
AbaddonPOS: A new point of sale threat linked to Vawtrak
+
https://www.proofpoint.com/us/threat-insight/post/AbaddonPOS-A-New-Point-Of-Sale-Threat-Linked-To-Vawtrak
+
Acquisition and analysis of volatile memory from Android devices
+
http://digitalforensicssolutions.com/papers/android-memory-analysis-DI.pdf
+
Actually, my name is Duqu - Stuxnet is my middle name
+
http://stratsec.blogspot.fr/2012/03/actually-my-name-is-duqu-stuxnet-is-my.html
+
Adobe Flash Player 0-day and HackingTeam's Remote Control System
+
http://www.securelist.com/en/blog/208194112/Adobe Flash Player 0 day and HackingTeam s Remote Control System
+
Adrenalin botnet. The trend marks the Russian crimeware
+
http://evilfingers.blogspot.fr/2009/05/adrenalin-botnet-trend-marks-russian.html
+
Advancing the fight against botnets with consumer notifications
+
http://blogs.technet.com/b/security/archive/2011/12/05/advancing-the-fight-against-botnets-with-consumer-notifications.aspx
+
Aldi Bot - bka.de DDoS
+
http://www.youtube.com/watch?v=UskKFTFVLyI
+
Alina: casting a shadow on POS
+
https://www.trustwave.com/Resources/SpiderLabs-Blog/Alina--Casting-a-Shadow-on-POS/
+
Alina: following the shadow part 1
+
https://www.trustwave.com/Resources/SpiderLabs-Blog/Alina--Following-The-Shadow-Part-1/
+
Alina: following the shadow part 2
+
https://www.trustwave.com/Resources/SpiderLabs-Blog/Alina--Following-The-Shadow-Part-2/
+
All-in-one malware: an overview of Sality
+
http://www.symantec.com/connect/blogs/all-one-malware-overview-sality
+
An Analysis of the iKeeB (duh) iPhone botnet (Worm)
+
http://mtc.sri.com/iPhone/
+
An advanced hybrid peer-to-peer botnet
+
http://static.usenix.org/event/hotbots07/tech/full papers/wang/wang.pdf
+
An analysis of Dorkbot’s infection vectors (part 2)
+
http://blogs.technet.com/b/mmpc/archive/2012/11/21/an-analysis-of-dorkbot-s-infection-vectors-part-2.aspx
+
An analysis of the cross-platform backdoor NetWeirdRC
+
http://www.intego.com/mac-security-blog/an-analysis-of-the-cross-platform-backdoor-netweirdrc/
+
An analysis of underground forums
+
http://cseweb.ucsd.edu/~voelker/pubs/forums-imc11.pdf
+
An encounter with trojan Nap
+
http://blog.fireeye.com/research/2013/02/an-encounter-with-trojan-nap.html
+
An evaluation of current and future botnet defences
+
http://eprints.qut.edu.au/32595/1/c32595.pdf
+
An interesting case of JRE sandbox breach (CVE-2012-0507)
+
http://blogs.technet.com/b/mmpc/archive/2012/03/20/an-interesting-case-of-jre-sandbox-breach-cve-2012-0507.aspx
+
An overnight sensation — CoreBot returns as a full-fledged financial malware
+
https://securityintelligence.com/an-overnight-sensation-corebot-returns-as-a-full-fledged-financial-malware/
+
An overview of exploit packs
+
http://contagiodump.blogspot.it/2010/06/overview-of-exploit-packs-update.html
+
An overview of messaging botnets
+
https://blogs.mcafee.com/mcafee-labs/an-overview-of-messaging-botnets
+
Analyse de Xtreme RAT
+
http://code.google.com/p/malware-lu/wiki/en xtreme RAT
+
Analyse et poncage du botnet HerpesNet
+
https://malware.lu/articles/2012/05/21/analysis-and-pownage-of-herpesnet-botnet.html
+
Analyse of the sample cdorked.A
+
http://code.google.com/p/malware-lu/wiki/en malware cdorked A
+
Analyse statique de Duqu stage 1
+
http://code.google.com/p/malware-lu/wiki/en static analysis duqu stage 1
+
Analyse statique de Duqu stage 2
+
http://code.google.com/p/malware-lu/wiki/en static analysis duqu stage 2
+
Analysis of DarkMegi aka NpcDark
+
http://stopmalvertising.com/rootkits/analysis-of-darkmegi-aka-npcdark.html
+
Analysis of TDL4
+
http://baesystemsdetica.blogspot.fr/2012/10/analysis-of-tdl4 8570.html
+
Analysis of Ysreef (a variant of Tobfy)
+
http://code.google.com/p/malware-lu/wiki/en malware Ysreef
+
Analysis of a PlugX malware variant used for targeted attacks
+
http://www.circl.lu/pub/tr-12/
+
Analysis of a VBScript bot
+
http://research.zscaler.com/2014/01/analysis-of-vbscript-bot.html
+
Analysis of a stage 3 Miniduke malware sample
+
https://www.circl.lu/pub/tr-14/
+
Analysis of a “/0” stealth scan from a botnet
+
http://www.caida.org/publications/papers/2012/analysis slash zero/analysis slash zero.pdf
+
Analysis of functions used to encode strings in Flame (GDB script)
+
http://code.google.com/p/malware-lu/wiki/en flame analysis with script gdb
+
Analysis of ngrBot
+
http://stopmalvertising.com/rootkits/analysis-of-ngrbot.html
+
Analysis of the Finfisher lawful interception malware
+
https://community.rapid7.com/community/infosec/blog/2012/08/08/finfisher
+
Analysis of the malware of Red October - Part 1
+
http://code.google.com/p/malware-lu/wiki/en malware redoctober
+
Analysis of the malware of Red October - Part 2
+
http://code.google.com/p/malware-lu/wiki/en malware redoctober2
+
Analysis: Malware Win32/Rimecud.B
+
https://community.qualys.com/blogs/securitylabs/2011/05/09/analysis-malware-win32rimecudb
+
Analyzing a new exploit pack
+
http://www.kahusecurity.com/2012/analyzing-a-new-exploit-pack/
+
Anaru malware now live and ready to steal
+
http://www.symantec.com/connect/ko/blogs/anaru-malware-now-live-and-ready-steal
+
And real name of Magnitude is....
+
http://malware.dontneedcoffee.com/2014/02/and-real-name-of-magnitude-is.html
+
Android Marcher now marching via porn sites
+
http://research.zscaler.com/2016/03/android-marcher-now-marching-via-porn.html
+
Android RATs branch out with Dendroid
+
http://www.symantec.com/connect/ko/blogs/android-rats-branch-out-dendroid
+
Android malware pairs man-in-the-middle with remote-controlled banking trojan
+
http://blogs.mcafee.com/mcafee-labs/android-malware-pairs-man-in-the-middle-with-remote-controlled-banking-trojan
+
Android trojan used to create simple SMS spam botnet
+
http://blog.cloudmark.com/2012/12/16/android-trojan-used-to-create-simple-sms-spam-botnet/
+
Android.Bmaster: A million-dollar mobile botnet
+
http://www.symantec.com/connect/blogs/androidbmaster-million-dollar-mobile-botnet
+
Android.Counterclank found in official Android market
+
http://www.symantec.com/connect/blogs/androidcounterclank-found-official-android-market
+
Andromeda 2.7 features
+
http://blog.fortinet.com/Andromeda-2-7-Features/ blog.fortinet.com
+
Angler Exploit Kit – Operating at the Cutting Edge
+
http://community.websense.com/blogs/securitylabs/archive/2015/02/05/angler-exploit-kit-operating-at-the-cutting-edge.aspx
+
Anonymous supporters tricked into installing ZeuS trojan
+
http://www.symantec.com/connect/ko/blogs/anonymous-supporters-tricked-installing-zeus-trojan
+
Another family of DDoS bots: Avzhan
+
http://www.arbornetworks.com/asert/2010/09/another-family-of-ddos-bots-avzhan/
+
Anunak:APT against financial institutions
+
https://www.fox-it.com/en/files/2014/12/Anunak APT-against-financial-institutions2.pdf
+
Análisis del comportamiento de VOlk y sus funcionalidades
+
http://blogs.eset-la.com/laboratorio/2012/12/26/analisis-comportamiento-volk-funcionalidades/
+
Apache binary backdoors on Cpanel-based servers
+
http://blog.sucuri.net/2013/04/apache-binary-backdoors-on-cpanel-based-servers.html
+
Apple releases Java update; includes fix for vulnerability exploited by Flashback malware
+
http://www.intego.com/mac-security-blog/apple-releases-java-update-includes-fix-for-vulnerability-exploited-by-flashback-malware/
+
Apple took 3 years to fix Finfisher trojan hole
+
http://krebsonsecurity.com/2011/11/apple-took-3-years-to-fix-finfisher-trojan-hole/
+
Apple zombie malware 'NetWeird' rummages for browser and email passwords
+
http://nakedsecurity.sophos.com/2012/08/24/apple-zombie-malware-netweird-rummages-for-browser-and-email-passwords/
+
Armenian Bredolab creator jailed for computer sabotage
+
http://threatpost.com/en us/blogs/armenian-bredolab-creator-jailed-computer-sabotage-052312
+
Attack on Zygote: a new twist in the evolution of mobile threats
+
https://securelist.com/analysis/publications/74032/attack-on-zygote-a-new-twist-in-the-evolution-of-mobile-threats/
+
Attackers place Command and Control servers inside enterprise walls
+
http://www.securityweek.com/new-attack-method-puts-command-and-control-servers-inside-enterprise-walls
+
Attention! All data on your hardrive is encrypted
+
http://blogs.avg.com/news-threats/attention-data-hardrive-encrypted
+
AutoIT ransomware
+
http://code.google.com/p/malware-lu/wiki/en analyse autoit ransomware
+
Avalanche phishers migrate to ZeuS
+
http://www.bankinfosecurity.com/avalanche-phishers-migrate-to-zeus-a-3030
+
Avatar rootkit: the continuing saga
+
http://www.welivesecurity.com/2013/08/21/avatar-rootkit-the-continuing-saga/
+
B
Back to Stuxnet: the missing link
+
http://www.securelist.com/en/blog/208193568/Back to Stuxnet the missing link
+
Backdoor uses Evernote as command and control server
+
http://blog.trendmicro.com/trendlabs-security-intelligence/backdoor-uses-evernote-as-command-and-control-server/
+
Backdoor:Win32/Caphaw.A
+
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor:Win32/Caphaw.A
+
Banking trojan Dridex uses macros for infection
+
http://blog.trendmicro.com/trendlabs-security-intelligence/banking-trojan-dridex-uses-macros-for-infection/
+
BareBox: efficient malware analysis on bare-metal
+
http://www.cs.ucsb.edu/~chris/research/doc/acsac11 barebox.pdf
+
Battling the Rustock threat
+
http://go.microsoft.com/?linkid=9777259
+
Battling the Zbot threat
+
http://download.microsoft.com/download/A/2/2/A226868B-7922-4655-BF48-F11DDEE3E63C/Battling the Zbot threat.pdf
+
Behind the Captcha or Inside Blackhole Exploit Kit 2.0 - Exploit Kit Administration Panel
+
http://malware.dontneedcoffee.com/2012/09/behind-captcha-or-inside-blackhole.html
+
Bitcrypt broken
+
http://blog.cassidiancybersecurity.com/post/2014/02/Bitcrypt-broken
+
Black Dragon: "... and all will burn beneath the shadow of my wings"
+
http://malwageddon.blogspot.fr/2013/07/black-dragon-and-all-will-burn-beneath.html
+
BlackEnergy competitor – The 'Darkness' DDoS bot
+
http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20101205
+
Blackhole & Cridex: season 2 episode 1: Intuit spam & SSL traffic analysis
+
http://www.deependresearch.org/2012/10/blackhole-cridex-season-2-episode-1.html
+
Blackhole Ramnit - samples and analysis
+
http://contagiodump.blogspot.com/2012/01/blackhole-ramnit-samples-and-analysis.html
+
Blackhole and Cool Exploit kits nearly extinct
+
https://threatpost.com/blackhole-and-cool-exploit-kits-nearly-extinct/103034
+
Blackhole exploit kit v2 on the rise
+
http://research.zscaler.com/2012/10/blackhole-exploit-kit-v2-on-rise.html
+
Blackhole, CVE-2012-0507 and Carberp
+
http://blog.eset.com/2012/03/30/blackhole-cve-2012-0507-and-carberp blog.eset.com
+
Bleeding Life Exploit Pack
+
http://www.kahusecurity.com/2010/bleeding-life-exploit-pack/
+
Bleeping Computer
+
http://www.bleepingcomputer.com/
+
Blueliv
+
http://www.blueliv.com
+
Bot Roast II nets 8 individuals
+
http://www.fbi.gov/news/pressrel/press-releases/bot-roast-ii-nets-8-individuals
+
Bot herders build newer versions of previous botnet Waledac
+
http://www.spamfighter.com/News-18155-Bot-Herders-Build-Newer-Versions-of-Previous-Botnet-Waledac.htm
+
Bot of the day: Ramnit/Ninmul
+
http://www.emergingthreatspro.com/bot-of-the-day/bot-of-the-day-ramnitninmul/
+
Bot shopping with my wife
+
http://pandalabs.pandasecurity.com/bot-shopping-with-my-wife/
+
BotGrep: finding P2P bots with structured graph analysis
+
http://static.usenix.org/events/sec10/tech/full papers/Nagaraja.pdf
+
BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection
+
https://www.damballa.com/downloads/a pubs/Usenix08.pdf
+
BoteAR: a “social botnet”- What are we talking about
+
https://securelist.com/blog/research/57768/botear-a-social-botnet/
+
Botnet command server hidden in Tor
+
https://blog.gdatasoftware.com/blog/article/botnet-command-server-hidden-in-tor.html
+
Botnet construction, control and concealment
+
http://www.shadowserver.org/wiki/uploads/Information/thesis botnet krogoth 2008 final.pdf
+
Botnet operation disabled
+
http://www.fbi.gov/news/stories/2011/april/botnet 041411
+
Botnet shutdown success story - again: disabling the new Hlux/Kelihos botnet
+
http://www.securelist.com/en/blog/208193431/Botnet Shutdown Success Story again Disabling the new Hlux Kelihos Botnet
+
Botnet shutdown success story: how Kaspersky Lab disabled the Hlux/Kelihos botnet
+
http://www.securelist.com/en/blog/208193137/Botnet Shutdown Success Story How Kaspersky Lab Disabled the Hlux Kelihos Botnet
+
Botnet: classification, attacks, detection, tracing, and preventive measures
+
http://www.hindawi.com/journals/wcn/2009/692654/
+
Botnets on discount!
+
http://blog.gdatasoftware.com/blog/article/botnets-on-discount.html
+
Boxer SMS trojan: malware as a global service
+
http://blog.eset.com/2012/11/29/android-boxer-a-worldwide-sms-trojan
+
Bredolab botmaster ‘Birdie’ still at large
+
http://krebsonsecurity.com/2012/03/bredolab-botmaster-birdie-still-at-large/
+
Bredolab severely injured but not dead
+
http://blog.fireeye.com/research/2010/10/bredolab-severely-injured-but-not-dead.html
+
Buh-bye Beebone! Law enforcement kills polymorphic virus-spreading botnet
+
https://nakedsecurity.sophos.com/2015/04/12/buh-bye-beebone-law-enforcement-kills-polymorphic-virus-spreading-botnet/
+
C
CTB-Locker is back: the web server edition
+
https://securelist.com/blog/research/73989/ctb-locker-is-back-the-web-server-edition/
+
CVE-2012-4681 - On its way to Sakura Exploit Kit too
+
http://malware.dontneedcoffee.com/2012/08/cve-2012-4681-on-its-way-to-sakura.html
+
CVE-2012-4681 - Redkit Exploit Kit - I want Porche Turbo
+
http://malware.dontneedcoffee.com/2012/08/cve-2012-4681-redkit-exploit-kit-i-want.html
+
CVE-2012-4681 - Связка Sweet Orange
+
http://malware.dontneedcoffee.com/2012/08/cve-2012-4681-sweet-orange.html
+
CVE-2012-5076 - Massively adopted - Blackhole update to 2.0.1
+
http://malware.dontneedcoffee.com/2012/11/cve-2012-5076-massively-adopted.html
+
CVE-2013-1493 (jre17u15 - jre16u41) integrating exploit kits
+
http://malware.dontneedcoffee.com/2013/03/cve-2013-1493-jre17u15-jre16u41.html
+
CVE-2013-2465/CVE-2013-2471/CVE-2013-2463 integrating Exploit Kits -- jre7u21 CVE- jre6u45 and earlier
+
http://malware.dontneedcoffee.com/2013/08/cve-2013-2465-integrating-exploit-kits.html
+
CVE-2013-5330 (Flash) in an unknown Exploit Kit fed by high rank websites
+
http://malware.dontneedcoffee.com/2014/02/cve-2013-5330-flash-in-unknown-exploit.html
+
CVE-2015-0311 (Flash up to 16.0.0.287) integrating Exploit Kits
+
http://malware.dontneedcoffee.com/2015/01/cve-2015-0311-flash-up-to-1600287.html
+
Carbanak/Anunak in the BlueCoat malware analysis appliance
+
https://www.bluecoat.com/security-blog/2015-02-18/carbanakanunak-bluecoat-malware-analysis-appliance
+
Carbanak: Multi-million dollar cybercrime gang focuses on banks rather than their customers
+
http://www.symantec.com/connect/blogs/carbanak-multi-million-dollar-cybercrime-gang-focuses-banks-rather-their-customers
+
Carberp + BlackHole = growing fraud incidents
+
http://blog.eset.com/2011/12/04/carberp-blackhole-growing-fraud-incidents blog.eset.com
+
Carberp - a modular information stealing trojan
+
http://pxnow.prevx.com/content/blog/carberp-a modular information stealing trojan.pdf
+
Carberp gang evolution: CARO 2012 presentation
+
http://blog.eset.com/2012/05/24/carberp-gang-evolution-at-caro-2012 blog.eset.com
+
Carberp reverse engineering
+
http://quequero.org/Carberp Reverse Engineering
+
Carberp steals e-cash vouchers from Facebook users
+
http://www.trusteer.com/blog/carberp-steals-e-cash-vouchers-facebook-users
+
Carberp, the renaissance ?
+
http://malware.dontneedcoffee.com/2012/12/carberprenaissance.html
+
Carberp-based trojan attacking SAP
+
http://blogs.technet.com/b/mmpc/archive/2013/11/20/carberp-based-trojan-attacking-sap.aspx
+
Carberp-in-the-Mobile
+
http://www.securelist.com/en/blog/208194045/Carberp in the Mobile
+
Carberp: Silent trojan, eventual successor to ZeuS
+
http://www.infospyware.net/blog/carberp-silent-trojan-eventual-successor-to-zeus/
+
Carberp: it’s not over yet
+
http://www.securelist.com/en/blog/694/Carberp its not over yet
+
Case study of the Miner botnet
+
https://ccdcoe.org/sites/default/files/multimedia/pdf/5 7 PlohmannGerhards-Padilla ACaseStudyOnTheMinerBotnet.pdf
+
Cerber Dominates Ransomware Landscape After Locky's Demise
+
https://www.bleepingcomputer.com/news/security/cerber-dominates-ransomware-landscape-after-lockys-demise/
+
Chameleon botnet grabbed $6m A MONTH from online ad-slingers
+
http://www.theregister.co.uk/2013/03/19/chameleon botnet/
+
Chapro.A source code
+
http://dustri.org/code/chapro.c
+
Chasing cybercrime: network insights of Dyre and Dridex trojan bankers
+
https://www.blueliv.com/research/chasing-the-cybercrime-network-insights-of-dyre-and-dridex-trojan-bankers-report/
+
China targets macs used by NGOs
+
http://www.f-secure.com/weblog/archives/00002334.html
+
Cimbot - A technical analysis
+
https://www.fireeye.com/blog/threat-research/2009/03/cimbot-a-technical-analysis.html
+
Citadel : le fichier de configuration
+
http://cert.lexsi.com/weblog/index.php/2012/03/12/426-citadel-le-fichier-de-configuration
+
Citadel V1.3.5.1: enter the fort’s dungeons
+
http://blogs.rsa.com/rsafarl/citadel-v1-3-5-1-enter-the-forts-dungeons/
+
Citadel ZeuS bot
+
http://cyb3rsleuth.blogspot.com/2012/01/citadel-zeus-bot.html
+
Citadel plitfi botnet report
+
http://www.cert.pl/news/6900/langswitch lang/en
+
Citadel trojan malware analysis
+
http://botnetlegalnotice.com/citadel/files/Patel Decl Ex20.pdf
+
Citadel trojan touts trouble-ticket system
+
http://krebsonsecurity.com/2012/01/citadel-trojan-touts-trouble-ticket-system/
+
Citadel: a cyber-criminal’s ultimate weapon?
+
http://blog.malwarebytes.org/intelligence/2012/11/citadel-a-cyber-criminals-ultimate-weapon/
+
Clampi/Ligats/Ilomo trojan
+
http://www.secureworks.com/research/threats/clampi-trojan/
+
Collateral damage: Microsoft hits security researchers along with Citadel
+
https://www.abuse.ch/?p=5362
+
Combatting point-of-sale malware
+
http://www2.trustwave.com/rs/trustwave/images/Special Report Combatting Point of Sale Malware.pdf
+
Conficker working group
+
http://www.confickerworkinggroup.org/
+
Conficker working group: lessons learned
+
http://www.confickerworkinggroup.org/wiki/uploads/Conficker Working Group Lessons Learned 17 June 2010 final.pdf
+
Confidential documents from Japanese politics stolen by malware
+
http://securityaffairs.co/wordpress/11529/intelligence/confidential-documents-from-japanese-politics-stolen-by-malware.html
+
Cool EK : "Hello my friend..." CVE-2012-5076
+
http://malware.dontneedcoffee.com/2012/11/cool-ek-hello-my-friend-cve-2012-5067.html
+
Cool Exploit Kit - A new Browser Exploit Pack on the Battlefield with a "Duqu" like font drop
+
http://malware.dontneedcoffee.com/2012/10/newcoolek.html
+
Cool exploit kit - URL structure
+
http://fortknoxnetworks.blogspot.fr/2012/11/cool-exploit-kit-url-structure.html
+
Coordinated DDoS attack during Russian Duma elections
+
http://blogs.law.harvard.edu/idblog/2011/12/08/coordinated-ddos-attack-during-russian-duma-elections/
+
Coreflood botnet - Detection and remediation
+
http://sempersecurus.blogspot.com/2011/04/coreflood-botnet-detection-and.html
+
Covert channels over social networks
+
http://www.sans.org/reading-room/whitepapers/threats/covert-channels-social-networks-33960
+
Cracking down on botnets
+
http://blogs.technet.com/b/microsoft blog/archive/2010/02/25/cracking-down-on-botnets.aspx
+
Cracking into the new P2P variant of Zeusbot/Spyeye
+
http://www.symantec.com/connect/blogs/cracking-new-P2P-variant-zeusbotspyeye
+
Cracking the encrypted C&C protocol of the ZeroAccess botnet
+
http://www.virusbtn.com/pdf/conference slides/2012/Morris-VB2012.pdf
+
Crisis for Windows sneaks onto virtual machines
+
http://www.symantec.com/connect/blogs/crisis-windows-sneaks-virtual-machines
+
Critroni crypto ransomware seen using Tor for command and control
+
http://threatpost.com/critroni-crypto-ransomware-seen-using-tor-for-command-and-control/107306
+
Cross-platform Frutas RAT builder and back door
+
http://www.symantec.com/connect/blogs/cross-platform-frutas-rat-builder-and-back-door
+
CryptXXX: new ransomware from the actors behind Reveton, dropping via Angler
+
https://www.proofpoint.com/us/threat-insight/post/cryptxxx-new-ransomware-actors-behind-reveton-dropping-angler
+
Crypto breakthrough shows Flame was designed by world-class scientists
+
http://arstechnica.com/security/2012/06/flame-crypto-breakthrough/
+
Crypto experts called on to crack cyberspy tool's encryption
+
http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/240005480/crypto-experts-called-on-to-crack-cyberspy-tool-s-encryption.html
+
CryptoDefense and How Decrypt ransomware information guide and FAQ
+
http://www.bleepingcomputer.com/virus-removal/cryptodefense-ransomware-information
+
Cutwail drives spike in malicious HTML attachment spam
+
http://labs.m86security.com/2012/02/cutwail-drives-spike-in-malicious-html-attachment-spam/
+
Cyber gang seeks botmasters to wage massive wave of trojan attacks against U.S. banks
+
http://blogs.rsa.com/rsafarl/cyber-gang-seeks-botmasters-to-wage-massive-wave-of-trojan-attacks-against-u-s-banks/
+
D
DDoS attacks: the Zemra bot
+
http://www.symantec.com/connect/blogs/ddos-attacks-zemra-bot
+
DDoS watch: keeping an eye on Aldi Bot
+
http://ddos.arbornetworks.com/2011/10/ddos-aldi-bot/
+
DGAs and cyber-criminals: a case study
+
http://www.damballa.com/downloads/r pubs/RN DGAs-and-Cyber-Criminals-A-Case-Study.pdf (pdf)
+
DIMVA
+
http://www.dimva.org/
+
DISCLOSURE: detecting botnet command and control servers through large-scale NetFlow analysis
+
http://www.iseclab.org/papers/disclosure.pdf
+
DNS: a botnet dialect
+
http://www.slideshare.net/ffranz/rootedcon2012-dns-a-botnet-dialect-carlos-diaz-francisco-j-gomez
+
DaRK DDoSseR leads to Gh0st RAT
+
http://blog.trendmicro.com/trendlabs-security-intelligence/dark-ddosser-leads-to-gh0st-rat/
+
Damballa
+
http://www.damballa.com
+
DarkMegi rootkit - sample (distributed via Blackhole)
+
http://contagiodump.blogspot.fr/2012/04/this-is-darkmegie-rootkit-sample-kindly.html contagiodump.blogspot.fr
+
Darkmegi: this is not the Rootkit you’re looking for
+
http://blogs.mcafee.com/mcafee-labs/darkmegi-not-the-rootkit-youre-looking-for
+
Darkness DDoS bot version identification guide
+
http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20110127
+
De code van Dorifel nader bekeken
+
http://webwereld.nl/analyse/111452/de-code-van-dorifel-nader-bekeken.html
+
Demystifying Pobelka
+
http://foxitsecurity.files.wordpress.com/2013/01/demystifying-pobelka1.pdf
+
Department of Justice takes action to disable international botnet
+
http://www.justice.gov/opa/pr/2011/April/11-crm-466.html www.justice.gov
+
Department of Labor strategic web compromise
+
http://blog.crowdstrike.com/department-labor-strategic-web-compromise/
+
Detecting extended attributes (ZeroAccess) and other Frankenstein’s monsters with HMFT
+
http://www.hexacorn.com/blog/2013/01/25/detecting-extended-attributes-zeroaccess-and-other-frankensteins-monsters-with-hmft/
+
Detection and classification of different botnet C&C channels
+
http://www.cse.lehigh.edu/~gtan/paper/ATC2011.pdf
+
Dharma Ransomware Uses AV Tool to Distract from Malicious Activities
+
https://blog.trendmicro.com/trendlabs-security-intelligence/dharma-ransomware-uses-av-tool-to-distract-from-malicious-activities/
+
Digging inside Tinba malware - A walkthrough
+
http://secniche.blogspot.it/2012/06/two-weeks-back-tinba-malware-hit.html secniche.blogspot.it
+
Digging into the Nitol DDoS botnet
+
http://blogs.mcafee.com/mcafee-labs/digging-into-the-nitol-ddos-botnet
+
Dirt Jumper DDoS bot increasingly popular
+
https://asert.arbornetworks.com/dirt-jumper-ddos-bot-increasingly-popular/
+
Discerning relationships: the Mexican botnet connection
+
http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp discerning-relationships mexican-botnet.pdf
+
Discovered: botnet costing display advertisers over six million dollars per month
+
http://www.spider.io/blog/2013/03/chameleon-botnet www.spider.io
+
Disorderly conduct: localized malware impersonates the police
+
http://blogs.technet.com/b/mmpc/archive/2011/12/19/disorderly-conduct-localized-malware-impersonates-the-police.aspx
+
Disttrack malware overwrites files, infects MBR
+
http://blog.trendmicro.com/disttrack-malware-overwrites-files-infects-mbr
+
Disttrack sabotage malware wipes data at unnamed Middle East energy organization
+
http://www.securityweek.com/disttrack-sabotage-malware-wipes-data-unnamed-middle-east-energy-organization
+
Doctor Web a détecté un botnet enrôlant plus de 550 000 Mac
+
http://news.drweb.fr/?i=611&c=4&lng=fr&p=0 news.drweb.fr
+
Doctor Web exposes 550 000 strong Mac botnet
+
http://news.drweb.com/show/?i=2341
+
Domain generation algorithms (DGA) in stealthy malware
+
http://blog.damballa.com/?p=1504 blog.damballa.com
+
Dorifel crypto malware paralyzes Dutch companies and public sector
+
http://blog.emsisoft.com/2012/08/09/dorifel-crypto-malware-paralyzes-dutch-companies-and-public-sector/ blog.emsisoft.com
+
Dorifel is much bigger than expected and it’s still active and growing!
+
https://securelist.com/blog/incidents/33898/dorifel-is-much-bigger-than-expected-and-its-still-active-and-growing/
+
Dorifel virus gereed voor Nederlandse banking phishing
+
http://www.digital-investigation.eu/nieuws/14/dorifel-virus-gereed-voor-nederlandse-banking-phishing.html www.digital-investigation.eu
+
Dorifel/Quervar: the support scammer’s secret weapon
+
http://blog.eset.com/2012/08/11/dorifelquervar-the-support-scammers-secret-weapon blog.eset.com
+
Dorkbot: conquistando Latinoamérica
+
http://www.eset-la.com/pdf/prensa/informe/dorkbot conquistando latinoamerica.pdf www.eset-la.com
+
Dragonfly Threat Against Western Energy Suppliers
+
http://www.symantec.com/connect/blogs/emerging-threat-dragonfly-energetic-bear-apt-group
+
Dridex learns new trick: P2P over HTTP
+
http://securityblog.s21sec.com/2014/11/dridex-learns-new-trick-P2P-over-http.html
+
DroidLive New SMS Android Trojan
+
http://www.csc.ncsu.edu/faculty/jiang/DroidLive/
+
Duqu FAQ
+
http://www.securelist.com/en/blog/208193178/Duqu FAQ
+
Dutch users served Sinowal for lunch
+
http://blog.trendmicro.com/dutch-users-served-sinowal-for-lunch/
+
Dyre Banking Trojan
+
http://www.secureworks.com/cyber-threat-intelligence/threats/dyre-banking-trojan/
+
E
ESET Welivesecurity
+
http://www.welivesecurity.com/
+
ESET analyzes first Android file-encrypting, TOR-enabled ransomware
+
http://www.welivesecurity.com/2014/06/04/simplocker/
+
EURO Winlocker
+
http://www.xylibox.com/2012/08/euro-winlocker.html
+
Egypt Finfisher intrusion tools and ethics
+
http://www.f-secure.com/weblog/archives/00002114.html
+
Emerging attack vectors - RSA slide deck
+
http://pen-testing.sans.org/blog/2012/03/07/emerging-attack-vectors-rsa-slide-deck pen-testing.sans.org
+
Encyclopedia entry: Win32/Carberp
+
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32/Carberp
+
Encyclopedia entry: Win32/Conficker
+
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Win32/Conficker
+
Encyclopedia entry: Win32/Oderoor
+
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Win32/Oderoor
+
Equation: the Death Star of malware galaxy
+
https://securelist.com/blog/research/68750/equation-the-death-star-of-malware-galaxy/
+
Esage Lab
+
http://esagelab.com/
+
Esthost taken down - Biggest cybercriminal takedown in history
+
http://blog.trendmicro.com/?p=38093
+
Etude sur le fonctionnement du Trojan.Matsnu.1 codant les données des utilisateurs
+
http://news.drweb.fr/show/?i=641&c=8 news.drweb.fr
+
Evolution of Win32Carberp: going deeper
+
http://blog.eset.com/2011/11/21/evolution-of-win32carberp-going-deeper blog.eset.com
+
Exploring the market for stolen passwords
+
http://krebsonsecurity.com/2012/12/exploring-the-market-for-stolen-passwords/
+
F
F-Secure has discovered MiniDuke malware samples in the wild
+
http://securityaffairs.co/wordpress/23658/cyber-crime/f-secure-new-miniduke-atp.html
+
FAQ on Kelihos.B/Hlux.B sinkholing
+
http://www.honeynet.org/node/836 www.honeynet.org
+
FBI ransomware now targeting Apple’s Mac OS X users
+
http://blog.malwarebytes.org/intelligence/2013/07/fbi-ransomware-now-targeting-apples-mac-os-x-users/
+
FBI shuts down Coreflood botnet, zombies transmitting financial data
+
http://www.eweek.com/c/a/Security/FBI-Shuts-Down-Coreflood-Botnet-Zombies-Transmitting-Financial-Data-767165/
+
Fake FBI Ransomware analysis
+
http://blogs.avg.com/news-threats/fake-fbi-ransomware-analysis/
+
Fast look at Sundown EK
+
http://malware.dontneedcoffee.com/2015/06/fast-look-at-sundown-ek.html
+
Fast look at an infection by a Blackhole Exploit Kit 2.0
+
http://malware.dontneedcoffee.com/2012/09/BHEK2.0landing.html
+
Feodo - a new botnet on the rise
+
http://blog.fireeye.com/research/2010/10/feodosoff-a-new-botnet-on-the-rise.html
+
Festi botnet analysis & investigation
+
http://go.eset.com/us/resources/white-papers/AVAR2012 pdf.pdf go.eset.com
+
FighterPOS: a new one-man PoS malware campaign
+
http://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/fighterpos-one-man-pos-malware-campaign
+
File infector Expiro hits US, steals FTP credentials
+
http://blog.trendmicro.com/trendlabs-security-intelligence/file-infector-expiro-hits-us-steals-ftp-credentials/
+
FireEye
+
https://www.fireeye.com
+
First step in cross-platform Trojan bankers from Brazil done
+
https://securelist.com/blog/research/74051/first-step-in-cross-platform-trojan-bankers-from-brazil-done/
+
First widespread virus cross-infection
+
http://www.symantec.com/connect/blogs/first-widespread-virus-cross-infection
+
Five charged in largest hacking scheme ever prosecuted in US
+
http://www.securityweek.com/five-charged-largest-hacking-scheme-ever-prosecuted-us
+
Flame, Duqu and Stuxnet: in-depth code analysis of mssecmgr.ocx
+
http://blog.eset.com/2012/07/20/flame-in-depth-code-analysis-of-mssecmgr-ocx blog.eset.com
+
Flame: replication via Windows Update MITM proxy
+
http://www.securelist.com/en/blog/208193566/Flame Replication via Windows Update MITM proxy server
+
Flamer analysis: framework reconstruction
+
http://blog.eset.com/2012/08/02/flamer-analysis-framework-reconstruction blog.eset.com
+
Flamer: highly sophisticated and discreet threat targets the Middle East
+
http://www.symantec.com/connect/blogs/flamer-highly-sophisticated-and-discreet-threat-targets-middle-east
+
Flamer: urgent suicide
+
http://www.symantec.com/connect/blogs/flamer-urgent-suicide
+
Flashfake Mac OS X botnet confirmed
+
http://www.securelist.com/en/blog/208193441/Flashfake Mac OS X botnet confirmed
+
Fortiguard: Android/Stiniter.A!tr
+
http://www.fortiguard.com/av/VID3677621 www.fortiguard.com
+
Fox-IT
+
https://www.fox-it.com/
+
From Georgia, with love Win32/Georbot
+
http://blog.eset.com/wp-content/media files/ESET win32georbot analysis final.pdf blog.est.com (pdf)
+
From Sakura to Reveton via Smoke Bot - or a botnet distribution of Reveton
+
http://malware.dontneedcoffee.com/2012/09/from-sakura-to-reveton-via-smoke-bot-or.html
+
Full analysis of Flame's Command & Control servers
+
http://www.securelist.com/en/blog/750/Full Analysis of Flame s Command Control servers
+
Full analysis of Flame's command & control servers
+
https://www.securelist.com/en/blog/750/Full Analysis of Flame s Command Control servers
+
G
Gamarue dropping Lethic bot
+
http://research.zscaler.com/2015/06/gamarue-dropping-lethic-bot.html
+
GandCrab ransomware distributed by RIG and GrandSoft exploit kits
+
https://blog.malwarebytes.com/threat-analysis/2018/01/gandcrab-ransomware-distributed-by-rig-and-grandsoft-exploit-kits/
+
Gangstaservice Winlock Affiliate
+
http://www.xylibox.com/2012/08/gangstaservice-winlock-affiliate.html
+
Gauss: Nation-state cyber-surveillance meets banking Trojan
+
http://www.securelist.com/en/blog/208193767/Gauss Nation state cyber surveillance meets banking Trojan
+
Gauss: abnormal distribution
+
http://www.securelist.com/en/analysis/204792238/Gauss Abnormal Distribution
+
Get gamed and rue the day...
+
http://blogs.technet.com/b/mmpc/archive/2011/10/25/get-gamed-and-rue-the-day.aspx
+
Getting more "personal" & deeper into Cridex with parfeit credential stealer infection
+
http://malwaremustdie.blogspot.jp/2012/12/get-more-personal-deeper-into-cridex.html malwaremustdie.blogspot.jp
+
Gimemo finally targeting USA with Camera Feature too
+
http://malware.dontneedcoffee.com/2012/07/gimemocameraUSA.html
+
Gimemo wants to play in the big league
+
http://malware.dontneedcoffee.com/2012/05/gimemo-wants-to-play-in-big-league.html
+
GingerMaster Android Malware Utilizing A Root Exploit
+
http://www.csc.ncsu.edu/faculty/jiang/GingerMaster/
+
Going solo: self-propagating ZBOT malware spotted
+
http://blog.trendmicro.com/trendlabs-security-intelligence/going-solo-self-propagating-zbot-malware-spotted/
+
Google Groups trojan
+
http://www.symantec.com/connect/blogs/google-groups-trojan
+
Got malware? Rent an exploit service
+
https://blog.damballa.com/archives/1893 blog.damballa.com
+
Gumblar Google-poisoning attack morphs
+
http://www.theregister.co.uk/2009/05/19/gumblar google poisoning update/
+
Guys behind Gauss and Flame are the same
+
http://blog.fireeye.com/research/2012/08/guys-behind-gauss-and-flame-are-the-same.html
+
H
HARMUR: storing and analyzing historic data on malicious domains
+
http://www.cs.bham.ac.uk/~covam/publications/badgers2011harmur.html www.cs.bham.ac.uk
+
HTran and the Advanced Persistent Threat
+
http://www.secureworks.com/cyber-threat-intelligence/threats/htran/
+
HackRead
+
https://www.hackread.com
+
Hackers are increasingly targeting IoT Devices with Mirai DDoS Malware
+
https://www.hackread.com/iot-devices-with-mirai-ddos-malware/
+
Hammertoss: stealthy tactics define a Russian cyber threat group
+
https://www2.fireeye.com/rs/848-DID-242/images/rpt-apt29-hammertoss.pdf
+
Harnig botnet: a retreating army
+
https://www.fireeye.com/blog/threat-research/2011/03/a-retreating-army.html
+
Harnig is back
+
https://www.fireeye.com/blog/threat-research/2011/08/harnig-is-back.html
+
Harvesting data on the Xarvester botmaster
+
http://krebsonsecurity.com/2012/08/harvesting-data-on-the-xarvester-botmaster/
+
Have we seen the end of the ZeroAccess botnet?
+
http://nakedsecurity.sophos.com/2014/01/07/have-we-seen-the-end-of-the-zeroaccess-botnet/
+
Hello Neutrino ! (just one more Exploit Kit)
+
http://malware.dontneedcoffee.com/2013/03/hello-neutrino-just-one-more-exploit-kit.html
+
Herpes botnet
+
http://xylibox.blogspot.fr/2011/12/herpes-botnet.html xylibox.blogspot.fr
+
HerpesNet botnet 1.7
+
http://toolzware.com/theblog/herpesnet-botnet-1-7/ toolzware.com
+
Hesperbot – A new, advanced banking trojan in the wild
+
http://www.eset.com/us/resources/white-papers/Hesperbot Whitepaper.pdf
+
Hiding in plain sight: the FAKEM remote access trojan
+
http://blog.trendmicro.com/trendlabs-security-intelligence/hiding-in-plain-sight-the-fakem-remote-access-trojan/
+
Hiloti: the (bot)master of disguise
+
http://blog.fortinet.com/hiloti-the-botmaster-of-disguise/ blog.fortinet.com
+
Hodprot: hot to bot
+
http://go.eset.com/us/resources/white-papers/Hodprot-Report.pdf go.eset.com (PDF)
+
How Lockergoga took down Hydro — ransomware used in targeted attacks aimed at big business
+
https://doublepulsar.com/how-lockergoga-took-down-hydro-ransomware-used-in-targeted-attacks-aimed-at-big-business-c666551f5880
+
How to steal a Botnet and what can happen when you do
+
http://www.youtube.com/watch?v=2GdqoQJa6r4 Youtube
+
Hébergeurs malhonnêtes : nouvelle fermeture (3FN)
+
http://blog.crimenumerique.fr/2009/06/06/hebergeurs-malhonnetes-nouvelle-fermeture-3fn/
+
I
IRC bot for Android
+
http://www.securelist.com/en/blog/208193332/IRC bot for Android
+
IcoScript: using webmail to control malware
+
https://www.virusbtn.com/virusbulletin/archive/2014/08/vb201408-IcoScript
+
Illuminating the Etumbot APT backdoor
+
http://www.arbornetworks.com/asert/2014/06/illuminating-the-etumbot-apt-backdoor/
+
Infamous Skynet botnet author allegedly arrested
+
http://www.malwaretech.com/2013/12/infamous-skynet-botnet-author-allegedly.html
+
Inside Andromeda Bot v2.06 Webpanel / AKA Gamarue - Botnet Control Panel
+
http://malware.dontneedcoffee.com/2012/07/inside-andromeda-bot-v206-webpanel-aka.html
+
Inside Blackhole Exploits Kit v1.2.4 - Exploit Kit Control Panel
+
http://malware.dontneedcoffee.com/2012/07/inside-blackhole-exploits-kit-v124.html
+
Inside Carberp botnet
+
http://malwareint.blogspot.com/2011/02/inside-carberp-botnet.html
+
Inside Citadel 1.3.4.5 C&C & Builder - Botnet Control Panel
+
http://malware.dontneedcoffee.com/2012/07/inside-citadel-1.3.4.5-cncNbuilder.html
+
Inside Impact exploit kit
+
http://malware.dontneedcoffee.com/2012/12/inside-impact-exploit-kit-back-on-track.html
+
Inside Pony 1.7 / Fareit C&C - Botnet Control Panel
+
http://malware.dontneedcoffee.com/2012/06/inside-pony-17.html
+
Inside Smoke Bot - Botnet Control Panel
+
http://malware.dontneedcoffee.com/2012/04/inside-smoke-bot.html
+
Inside Smoke Bot - botnet control panel
+
http://malware.dontneedcoffee.com/2012/04/inside-smoke-bot.html
+
Inside Styx exploit kit control panel
+
http://malware.dontneedcoffee.com/2013/05/inside-styx-2013-05.html
+
Inside Ulocker
+
http://www.xylibox.com/2012/08/ulocker.html www.xylibox.com
+
Inside Upas Kit (1.0.1.1) aka Rombrast C&C - Botnet Control Panel
+
http://malware.dontneedcoffee.com/2012/08/inside-upas-kit1.0.1.1.html
+
Inside an APT campaign with multiple targets in India and Japan
+
http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp luckycat redux.pdf
+
Inside the Grum botnet
+
http://krebsonsecurity.com/2012/08/inside-the-grum-botnet/
+
Inside the world of the Citadel trojan
+
http://www.mcafee.com/us/resources/white-papers/wp-citadel-trojan.pdf www.mcafee.com
+
Inside view of Lyposit aka (for its friends) Lucky LOCKER
+
http://malware.dontneedcoffee.com/2012/11/inside-view-of-lyposit-aka-for-its.html
+
Insights from the analysis of the Mariposa botnet
+
http://www.ncfta.ca/papers/InsightsFromTheAnalysisOfTheMariposaBotnet.pdf
+
Insights into Win32/Bradop
+
http://blogs.technet.com/b/mmpc/archive/2012/06/15/insights-into-win32-bradop.aspx
+
Interconnection of Gauss with Stuxnet, Duqu & Flame
+
http://blog.eset.com/2012/08/15/interconnection-of-gauss-with-stuxnet-duqu-flame blog.eset.com
+
International cyber ring that infected millions of computers dismantled
+
http://www.fbi.gov/news/stories/2011/november/malware 110911/malware 110911
+
Internet Census 2012, port scanning /0 using insecure embedded devices
+
http://census2012.sourceforge.net/paper.html
+
Introducing Ponmocup-Finder
+
http://c-apt-ure.blogspot.fr/2012/06/introducing-ponmocup-finder.html c-apt-ure.blogspot.fr
+
It’s 2012 and Armageddon has arrived
+
http://ddos.arbornetworks.com/uploads/2012/03/Crypto-Armageddon-Blog.pdf arbornetworks.com (pdf)
+
It’s not the end of the world: DarkComet misses by a mile
+
http://ddos.arbornetworks.com/2012/03/its-not-the-end-of-the-world-darkcomet-misses-by-a-mile/
+
J
Java Runtime Environment 1.7 Zero-Day Exploit Delivers Backdoor
+
http://blog.trendmicro.com/java-runtime-environment-1-7-zero-day-exploit-delivers-backdoor/
+
Java Signed Applet Social Engineering Code Execution
+
http://www.rapid7.com/db/modules/exploit/multi/browser/java signed applet
+
Java Zero-Days and the Blackhole Exploit Kit
+
http://blog.trendmicro.com/java-zero-days-and-the-blackhole-exploit-kit/
+
Joint strike force against Dorifel
+
http://hitmanpro.wordpress.com/2012/08/11/joint-strike-force-against-dorifel/ hitmanpro.wordpress.com
+
K
Kaptoxa point-of-sale compromise
+
http://www.isightpartners.com/2014/01/kaptoxa-pos-report-faq/
+
Karagny.L unpack
+
http://code.google.com/p/malware-lu/wiki/en unpack Karagny L
+
Kaspersky Lab et Seculert annoncent la récente découverte de « Madi », une nouvelle attaque de cyberespionnage au Moyen‑Orient
+
http://www.globalsecuritymag.fr/Kaspersky-Lab-et-Seculert,20120717,31426.html www.globalsecuritymag.fr
+
Kaspersky Securelist
+
https://securelist.com/
+
Kaspersky security bulletin 2015. Overall statistics for 2015
+
https://securelist.com/analysis/kaspersky-security-bulletin/73038/kaspersky-security-bulletin-2015-overall-statistics-for-2015/
+
Kelihos back in town using Fast Flux
+
http://www.abuse.ch/?p=3658 abuse.ch
+
Kelihos botnet appears again with new variant
+
http://secureconnexion.wordpress.com/2013/02/11/kelihos-botnet-appears-again-with-new-variant/ secureconnexion.wordpress.com
+
Kelihos botnet trying to expand by harnessing Russian national sentiments
+
http://community.websense.com/blogs/securitylabs/archive/2014/08/22/kelihos-botnet-trying-to-expand-by-harnessing-russian-national-sentiments.aspx community.websense.com
+
Kelihos is dead. Long live Kelihos
+
http://blog.damballa.com/?p=1571 blog.damballa.com
+
Kelihos is dead… No wait… Long live Kelihos! Again!
+
http://blog.spiderlabs.com/2013/03/kelihos-is-dead-no-wait-long-live-kelihos-again.html blog.spiderlabs.com
+
Kelihos/Hlux botnet returns with new techniques
+
http://www.securelist.com/en/blog/655/Kelihos Hlux botnet returns with new techniques
+
Kelihos: not alien resurrection, more attack of the clones
+
http://blog.eset.com/2012/03/10/kelihos-not-alien-resurrection-more-attack-of-the-clones blog.eset.com
+
King of spam:Festi botnet analysis
+
http://blog.eset.com/wp-content/media files/king-of-spam-festi-botnet-analysis.pdf blog.eset.com (PDF)
+
Know your enemy: tracking botnets
+
http://www.honeynet.org/papers/bots/
+
Koobface botnet master KrotReal back in business, distributes ransomware and promotes BHSEO service/product
+
http://ddanchev.blogspot.fr/2012/11/koobface-botnet-master-krotreal-back-in.html ddanchev.blogspot.fr
+
Koobface, un écosystème cybercriminel ou le conte des Mille et une nuits ?
+
http://blog.crimenumerique.fr/2010/02/24/koobface-un-ecosysteme-cybercriminel-ou-le-conte-des-mille-et-une-nuits/
+
Kore exploit kit
+
http://www.kahusecurity.com/2013/kore-exploit-kit/
+
Kraken botnet infiltration
+
http://dvlabs.tippingpoint.com/blog/2008/04/28/kraken-botnet-infiltration dvlabs.tippingpoint.com
+
Krebs on Security
+
http://krebsonsecurity.com/
+
L
Large-scale analysis of malware downloaders
+
http://www.christian-rossow.de/publications/downloaders-dimva12.pdf
+
Latest Kelihos botnet shut down live at RSA Conference 2013
+
http://threatpost.com/en us/blogs/latest-kelihos-botnet-shut-down-live-rsa-conference-2013-022613
+
Latest SpyEye botnet active and cheaper
+
http://blogs.mcafee.com/mcafee-labs/latest-spyeye-botnet-active-and-cheaper
+
Latin American banks under fire from the Mexican VOlk-botnet
+
http://www.securelist.com/en/blog/208193160/Latin American banks under fire from the Mexican VOlk Botnet
+
Le dropper de CTB-Locker
+
http://christophe.rieunier.name/securite/CTB-Locker/CTB-Locker analysis.php
+
Learning stateful models for network honeypots
+
http://user.informatik.uni-goettingen.de/~krieck/docs/2012a-aisec.pdf user.informatik.uni-goettingen.de
+
Legal implications of countering botnets
+
http://www.ccdcoe.org/articles/2012/LegalImplicationsOfCounteringBotnets.pdf www.ccdcoe.org
+
Leouncia - Yet another backdoor
+
http://blog.fireeye.com/research/2010/12/leouncia-yet-another-backdoor.html
+
Leouncia - Yet another backdoor - Part 2
+
http://blog.fireeye.com/research/2010/12/leouncia-yet-another-backdoor-part-2.html
+
Library file in certain Android apps connects to C&C servers
+
http://blog.trendmicro.com/library-file-in-certain-android-apps-connects-to-cc-servers/
+
Lifting the lid on the Redkit exploit kit (Part 1)
+
http://nakedsecurity.sophos.com/2013/05/03/lifting-the-lid-on-the-redkit-exploit-kit-part-1/
+
Lights Out: Dragonfly is on the move
+
http://www.cyactive.com/lights-dragonfly-move/
+
Linux/Cdorked.A: New Apache backdoor being used in the wild to serve Blackhole
+
http://www.welivesecurity.com/2013/04/26/linuxcdorked-new-apache-backdoor-in-the-wild-serves-blackhole/
+
Live Coronavirus Map Used to Spread Malware
+
https://krebsonsecurity.com/2020/03/live-coronavirus-map-used-to-spread-malware/
+
Locky Ransomware switches to the Lukitus extension for Encrypted Files
+
https://www.bleepingcomputer.com/news/security/locky-ransomware-switches-to-the-lukitus-extension-for-encrypted-files/
+
LogPOS - new point of sale malware using mailslots
+
http://morphick.com/blog/2015/2/27/mailslot-pos
+
Long life to Kelihos!
+
http://community.websense.com/blogs/securitylabs/archive/2012/02/17/long-life-to-kelihos.aspx
+
Look what I found: it's a Pony!
+
http://blog.spiderlabs.com/2013/06/look-what-i-found-its-a-pony-1.html blog.spiderlabs.com
+
M
MDK: the largest mobile botnet in China
+
http://www.symantec.com/connect/ko/blogs/mdk-largest-mobile-botnet-china
+
MMD-0056-2016 - Linux/Mirai, how an old ELF malcode is recycled
+
http://blog.malwaremustdie.org/2016/08/mmd-0056-2016-linuxmirai-just.html
+
MP-DDoser: A rapidly improving DDoS threat
+
https://asert.arbornetworks.com/mp-ddoser-a-rapidly-improving-ddos-threat/
+
MP-DDoser:Monitoring a rapidly improving DDoS threat
+
https://asert.arbornetworks.com/wp-content/uploads/2012/06/Crypto-MPDDOS-Report1.pdf
+
MSIE 0-day exploit CVE-2014-0322 - Possibly targeting French aerospace association
+
http://community.websense.com/blogs/securitylabs/archive/2014/02/13/msie-0-day-exploit-cve-2014-0322-possibly-targeting-french-aerospace-organization.aspx community.websense.com
+
MSRT April 2012: Win32/Claretore
+
http://blogs.technet.com/b/mmpc/archive/2012/04/10/msrt-april-2012-win32-claretore.aspx blog.technet.com
+
MSRT April 2014 – Ramdo
+
http://blogs.technet.com/b/mmpc/archive/2014/04/08/msrt-april-2014-ramdo.aspx
+
MSRT June '12 - cleanup on aisle one
+
http://blogs.technet.com/b/mmpc/archive/2012/06/12/msrt-june-12-cleanup-on-aisle-one.aspx
+
MSRT March 2012: breaking bad
+
http://blogs.technet.com/b/mmpc/archive/2012/03/13/msrt-march-2012-breaking-bad.aspx
+
MSRT November '12 - Weelsof around the world
+
http://blogs.technet.com/b/mmpc/archive/2012/12/04/msrt-november-12-weelsof-around-the-world.aspx
+
MSRT September '12 - Medfos, hijacking your daily search
+
http://blogs.technet.com/b/mmpc/archive/2012/09/10/msrt-september-12-medfos-hijacking-your-daily-search.aspx
+
MSRT march: three hioles in one
+
http://blogs.technet.com/b/mmpc/archive/2012/03/15/msrt-march-three-hioles-in-one.aspx
+
Maazben: best of both worlds
+
http://www.m86security.com/labs/i/Maazben-Best-of-Both-Worlds,trace.1090~.asp www.m86security.com
+
Mac BackDoor.Wirenet.1 config extractor
+
http://code.google.com/p/malware-lu/wiki/en malware wirenet
+
Mac Flashback exploiting unpatched Java vulnerability
+
https://www.f-secure.com/weblog/archives/00002341.html
+
Mac spyware found at Oslo Freedom Forum
+
http://www.f-secure.com/weblog/archives/00002554.html
+
Madi is back - New Tricks and a new Command&Control server
+
http://www.securelist.com/en/blog/208193696/Madi is back New Tricks and a New Command Control Server
+
Mahdi malware finds 150 new targets including U.S. and Germany, gets more evasive
+
http://www.securityweek.com/mahdi-malware-finds-150-new-targets-including-us-and-germany-gets-more-evasive
+
Major shift in strategy for ZeroAccess rootkit malware, as it shifts to user-mode
+
http://nakedsecurity.sophos.com/2012/06/06/zeroaccess-rootkit-usermode/
+
Malicious Apache module injects Iframes
+
http://blog.unmaskparasites.com/2012/09/10/malicious-apache-module-injects-iframes/ blog.unmaskparasites.com
+
Malicious Apache module used for content injection: Linux/Chapro.A
+
http://blog.eset.com/2012/12/18/malicious-apache-module-used-for-content-injection-linuxchapro-a blog.eset.com
+
Malware 2 - from infection to persistence
+
http://www.contextis.com/research/blog/malware2/
+
Malware Memory Analysis - Volatility
+
http://blog.basementpctech.com/2012/04/in-acquiring-memory-blog-list-of-tools.html blog.basementpctech.com
+
Malware Uses Google Go Language
+
http://www.symantec.com/connect/blogs/malware-uses-google-go-language
+
Malware analysis Rannoh/Matsnu
+
http://malware.lu/Pro/RAP001 malware rannoh matsnu 1.1.pdf (PDF)
+
Malware analysis of the Lurk downloader
+
http://www.secureworks.com/cyber-threat-intelligence/threats/malware-analysis-of-the-lurk-downloader/
+
Malware analysis tutorial 32: exploration of botnet client
+
http://fumalwareanalysis.blogspot.kr/2012/08/malware-analysis-tutorial-32.html fumalwareanalysis.blogspot.kr
+
Malware attacking POS systems
+
http://www.hexacorn.com/blog/2012/12/19/malware-attacking-pos-systems/
+
Malware discovered developed with Google's "Go" programming language
+
http://www.securityweek.com/malware-discovered-developed-googles-go-programming-language
+
Malware evolving to defeat anti-DDoS services like CloudFlare?
+
http://www.welivesecurity.com/2013/02/13/malware-evolving-to-defeat-anti-ddos-services-like-cloudflare/
+
Malware for everyone - Aldi Bot at a discount price
+
http://www.h-online.com/security/news/item/Malware-for-everyone-Aldi-Bot-at-a-discount-price-1346594.html www.h-online.com
+
Malware hunting with the Sysinternals tools
+
http://channel9.msdn.com/Events/TechEd/NorthAmerica/2012/SIA302 channel9.msdn.com
+
Malware pandemics
+
http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA531166
+
Malware targeting Windows 8 uses Google Docs
+
http://www.symantec.com/connect/blogs/malware-targeting-windows-8-uses-google-docs
+
Malwarebytes
+
https://blog.malwarebytes.com
+
Mariposa botnet 'mastermind' jailed in Slovenia
+
http://www.bbc.co.uk/news/technology-25506016 www.bbc.co.uk
+
Massive Drop in number of active Zeus C&C servers
+
https://www.abuse.ch/?p=2417
+
Massive search fraud botnet seized by Microsoft and Symantec
+
http://arstechnica.com/security/2013/02/massive-search-fraud-botnet-siezed-by-microsoft-and-symantec/
+
Mastermind behind Gozi bank malware charged along with two others
+
http://www.wired.com/threatlevel/2013/01/mastermind-behind-gozi-charged/
+
McAfee Labs threat advisory : W32.Pinkslipbot
+
https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT DOCUMENTATION/22000/PD22960/en US/McAfee-Labs-ThreatAdvisory-Pinkslipbot.pdf
+
Measuring and detecting Fast-Flux service networks
+
http://pi1.informatik.uni-mannheim.de/filepool/publications/fast-flux-ndss08.pdf uni-mannheim.de (pdf)
+
Measuring and detecting malware downloads in live network traffic
+
http://www.perdisci.com/publications/publication-files/amico.pdf
+
Measuring botnet populations
+
https://asert.arbornetworks.com/measuring-botnet-populations/
+
Meet "Red Dot exploit toolkit"
+
http://malware.dontneedcoffee.com/2013/01/meet-red-dot-exploit-toolkit.html
+
Meet CritXPack (Previously Vintage Pack)
+
http://malware.dontneedcoffee.com/2012/11/meet-critxpack-previously-vintage-pack.html
+
Meet ProPack Exploit Pack - yes that's a lot of pack
+
http://malware.dontneedcoffee.com/2012/11/meet-propack-exploit-pack.html
+
Meet ‘Flame’, the massive spy malware infiltrating Iranian computers
+
http://www.wired.com/threatlevel/2012/05/flame/
+
Members of the largest criminal group engaged in online banking fraud are detained
+
http://group-ib.com/news 2012 03 20.html group-ib.com
+
Mexican Twitter-controlled botnet unpicked
+
http://www.theregister.co.uk/2010/09/15/mexican twitter botnet/
+
Microsoft
+
https://www.microsoft.com
+
Microsoft and Symantec take down Bamital botnet that hijacks online searches
+
http://blogs.technet.com/b/microsoft blog/archive/2013/02/06/microsoft-and-symantec-take-down-bamital-botnet-that-hijacks-online-searches.aspx
+
Microsoft and financial services industry leaders target cybercriminal operations from ZeuS botnets
+
http://blogs.technet.com/b/microsoft blog/archive/2012/03/25/microsoft-and-financial-services-industry-leaders-target-cybercriminal-operations-from-zeus-botnets.aspx
+
Microsoft disrupts the emerging Nitol botnet being spread through an unsecure supply chain
+
http://blogs.technet.com/b/microsoft blog/archive/2012/09/13/microsoft-disrupts-the-emerging-nitol-botnet-being-spread-through-an-unsecure-supply-chain.aspx
+
Microsoft neutralizes Kelihos botnet, names defendant in case
+
http://blogs.technet.com/b/microsoft blog/archive/2011/09/27/microsoft-neutralizes-kelihos-botnet-names-defendant-in-case.aspx blog.technet.com
+
Microsoft partners with Interpol, industry to disrupt global malware attack affecting more than 770,000 PCs in past six months
+
http://blogs.technet.com/b/mmpc/archive/2015/04/12/microsoft-partners-with-interpol-industry-to-disrupt-global-malware-attack-affecting-more-than-770-000-pcs-in-past-six-months-39-simda-at-39-designed-to-divert-internet-traffic-to-disseminate-other-types-of-malware.aspx
+
Microsoft security updates January 2016
+
https://securelist.com/blog/software/73284/microsoft-security-updates-january-2016/
+
Miniduke
+
http://blog.crysys.hu/2013/02/miniduke/ blog.crysys.hu
+
MoVP 1.3 Desktops, heaps, and ransomware
+
http://volatility-labs.blogspot.com.es/2012/09/movp-13-desktops-heaps-and-ransomware.html
+
Mocbot spam analysis
+
http://www.secureworks.com/cyber-threat-intelligence/threats/mocbot-spam/
+
Monkif botnet hides commands in JPEGs
+
http://blogs.mcafee.com/mcafee-labs/monkif-botnet-hides-commands-in-jpegs
+
More Flame/Skywiper CNC behavior uncovered
+
http://blog.fireeye.com/research/2012/06/flame-skywiper-cnc-update.html
+
More details of the Dorifel servers
+
http://rickey-g.blogspot.nl/2012/08/more-details-of-dorifel-servers.html blogspot.com
+
Morto worm sets a (DNS) record
+
http://www.symantec.com/connect/blogs/morto-worm-sets-dns-record
+
Mpack installs ultra-invisible trojan
+
http://www.computerworld.com/s/article/9026323/Mpack installs ultra invisible Trojan www.computerworld.com
+
Multitenancy Botnets thwart threat analysis
+
http://ossectools.blogspot.fr/2012/05/multitenancy-botnets-thwart-threat.html ossectools.blogspot.fr
+
Mysterious Avatar rootkit with API, SDK, and Yahoo Groups for C&C communication
+
http://www.welivesecurity.com/2013/05/01/mysterious-avatar-rootkit-with-api-sdk-and-yahoo-groups-for-cc-communication/
+
N
NASK shuts down dangerous Virut botnet domains
+
https://www.cert.pl/news/6666/langswitch lang/en
+
NGRBot spreads via chat
+
http://blogs.mcafee.com/mcafee-labs/ngrbot-spreads-via-chat
+
Necurs Quick Analysis
+
http://code.google.com/p/malware-lu/wiki/en necurs analysis
+
Neosploit gets Java 0-Day
+
http://www.kahusecurity.com/2012/neosploit-gets-java-0-day/
+
Nepalese government websites compromised to serve Zegost RAT
+
http://community.websense.com/blogs/securitylabs/archive/2012/08/08/nepalese-government-websites-compromised-to-serve-zegost-backdoor.aspx community.websense.com
+
NetTraveler APT gets a makeover for 10th birthday
+
http://securelist.com/blog/research/66272/nettraveler-apt-gets-a-makeover-for-10th-birthday/
+
NetTraveler is back: the 'Red Star' APT returns with new tricks
+
http://securelist.com/blog/incidents/57455/nettraveler-is-back-the-red-star-apt-returns-with-new-tricks/
+
New Apple Mac trojan called OSX/Crisis discovered
+
http://www.intego.com/mac-security-blog/new-apple-mac-trojan-called-osxcrisis-discovered-by-intego-virus-team/
+
New Chinese exploit pack
+
http://www.kahusecurity.com/2012/new-chinese-exploit-pack/
+
New CryptoLocker spreads via removable drives
+
http://blog.trendmicro.com/trendlabs-security-intelligence/new-cryptolocker-spreads-via-removable-drives/
+
New Duqu sample found in the wild
+
http://www.symantec.com/connect/blogs/new-duqu-sample-found-wild
+
New GamaPoS malware piggybacks on Andromeda botnet; spreads in 13 US states
+
http://blog.trendmicro.com/trendlabs-security-intelligence/new-gamapos-threat-spreads-in-the-us-via-andromeda-botnet/
+
New IE Zero-Day used in targeted attacks
+
http://www.symantec.com/connect/blogs/new-ie-zero-day-used-targeted-attacks
+
New IceIX (ZeuS variant) changes its encryption method (again)
+
http://www.tidos-group.com/blog/?p=447 www.tidos-group.com
+
New Mac malware discovered on attendee computer at anti-surveillance workshop
+
http://threatpost.com/new-mac-malware-discovered-on-attendee-computer-at-anti-surveillance-workshop/
+
New Mahdi updates, new C2 server
+
http://blog.seculert.com/2012/08/new-mahdi-updates.html
+
New POS malware emerges - Punkey
+
https://www.trustwave.com/Resources/SpiderLabs-Blog/New-POS-Malware-Emerges---Punkey/
+
New PoS malware “Backoff” targets US
+
http://blog.trendmicro.com/trendlabs-security-intelligence/new-pos-malware-backoff-targets-us/
+
New RATs emerge from leaked Njw0rm source code
+
http://blog.trendmicro.com/trendlabs-security-intelligence/new-rats-emerge-from-leaked-njw0rm-source-code/
+
New Thor botnet nearly ready to be sold, price $8,000
+
http://www.spamfighter.com/News-17520-New-THOR-Botnet-Nearly-Ready-to-be-Sold-Price-$8000.htm spamfighter.com
+
New Xtreme RAT attacks US, Israel, and other foreign governments
+
http://blog.trendmicro.com/trendlabs-security-intelligence/new-xtreme-rat-attacks-on-usisrael-and-other-foreign-governments/
+
New crimeware attacks LatAm bank users
+
http://www.securelist.com/en/blog/208194103/New crimeware attacks LatAm bank users
+
New crypto-ransomware JIGSAW plays nasty games
+
http://blog.trendmicro.com/trendlabs-security-intelligence/jigsaw-ransomware-plays-games-victims/
+
New crypto-ransomware emerge in the wild
+
http://blog.trendmicro.com/trendlabs-security-intelligence/new-crypto-ransomware-emerge-in-the-wild/
+
New point-of-sale malware distributed by Andromeda botnet
+
http://www.cio.com/article/2949334/new-pointofsale-malware-distributed-by-andromeda-botnet.html
+
New ransomware plays its victims an audio file, over and over and over…
+
http://blog.trendmicro.com/trendlabs-security-intelligence/new-ransomware-plays-its-victims-an-audio-file-over-and-over-and-over/
+
New trojan found: Admin.HLP leaks organizations data
+
http://blog.radware.com/security/2012/08/ert-threat-alert-new-trojan-found-admin-hlp-attacks-organization-data/
+
New virus SMSZombie.A discovered by TrustGo Security Labs
+
http://blog.trustgo.com/SMSZombie/
+
NewPosThings has new PoS things
+
http://blog.trendmicro.com/trendlabs-security-intelligence/newposthings-has-new-pos-things/
+
Newly detected Crisis virus infects Windows, Macs and virtual machines
+
http://www.eweek.com/c/a/Security/Newly-Detected-Crisis-Virus-Infects-Windows-Macs-and-Virtual-Machines-217207 www.eweek.com
+
Newly launched ‘HTTP-based botnet setup as a service’ empowers novice cybercriminals with bulletproof hosting capabilities
+
http://www.webroot.com/blog/2013/07/24/newly-launched-http-based-botnet-setup-as-a-service-empowers-novice-cybercriminals-with-bulletproof-hosting-capabilities/
+
Ngrbot steals information and mine Bitcoins
+
https://www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=391 www.mysonicwall.com
+
NitlovePOS: another new POS malware
+
https://www.fireeye.com/blog/threat-research/2015/05/nitlovepos another.html
+
Nitol DDoS botnet discovered in China
+
http://www.infosecurity-magazine.com/view/25296/nitol-ddos-botnet-discovered-in-china/
+
NjRAT & H-Worm variant infections continue to rise
+
http://research.zscaler.com/2015/03/njrat-h-worm-variant-infections.html
+
Not just a one-trick PonyDOS
+
http://ddos.arbornetworks.com/uploads/2012/03/PonyDOS.pdf arbornetworks.com (pdf)
+
Now you Z-(eus) it, now you don’t: ZeuS bots silently upgraded to Citadel
+
http://blogs.rsa.com/rsafarl/now-you-z-eus-it-now-you-don’t-zeus-bots-silently-upgraded-to-citadel/
+
Nuevo botnet contra Mexico: Karn!v0r3x
+
http://laboratoriomalware.blogspot.com/2012/01/nuevo-botnet-contra-mexico-karnv0r3x.html
+
Nymaim - obfuscation chronicles
+
http://www.welivesecurity.com/2013/08/26/nymaim-obfuscation-chronicles/
+
O
OSX Kitmos analysis
+
http://blog.sbarbeau.fr/2013/05/osx-kitmos-analysis.html blog.sbarbeau.fr
+
OSX.Iservice technical details
+
http://www.symantec.com/security response/writeup.jsp?docid=2009-012216-4245-99&tabid=2
+
OSX.iService its not going to iWork for you
+
http://www.symantec.com/connect/blogs/osxiservice-it-s-not-going-iwork-you
+
OSX/Crisis has been used as part of a targeted attack
+
http://www.intego.com/mac-security-blog/osxcrisis-has-been-used-as-part-of-a-targeted-attack/
+
OSX/Flashback - The first malware to infect hundreds of thousands of Apple Mac
+
http://www.eset.com/us/resources/white-papers/osx flashback.pdf
+
Obama order sped up wave of cyberattacks against Iran
+
http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html? r=1 www.nytimes.com
+
Olmasco bootkit: next circle of TDL4 evolution (or not)
+
http://blog.eset.com/2012/10/18/olmasco-bootkit-next-circle-of-tdl4-evolution-or-not blog.eset.com
+
On botnets that use DNS for command and control
+
http://www.cj2s.de/On-Botnets-that-use-DNS-for-Command-and-Control.pdf
+
On the analysis of the ZeuS botnet crimeware toolkit
+
http://www.ncfta.ca/papers/On the Analysis of the ZeuS Botnet Crimeware.pdf www.ncfta.ca
+
One Sinowal trojan + one gang = hundreds of thousands of compromised accountS
+
http://www.rsa.com/blog/blog entry.aspx?id=1378
+
One bot to rule them all
+
http://press.pandasecurity.com/news/one-bot-to-dominate-them-all/ press.pandasecurity.com
+
One-man PoS malware operation captures 22,000 credit card details in Brazil
+
http://blog.trendmicro.com/trendlabs-security-intelligence/fighterpos-fighting-a-new-pos-malware-family/
+
Operation Bot Roast II
+
http://www.fbi.gov/news/stories/2007/november/botnet 112907
+
Operation SnowMan: DeputyDog actor compromises US veterans of foreign wars website
+
http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html www.fireeye.com
+
Operation Socialist The Inside Story Of How British Spies Hacked Belgium’s Largest Telco
+
https://firstlook.org/theintercept/2014/12/13/belgacom-hack-gchq-inside-story/
+
OphionLocker: Joining in the Ransomware Race
+
https://www.f-secure.com/weblog/archives/00002777.html
+
Over 9 million PCs infected - ZeroAccess botnet uncovered
+
http://nakedsecurity.sophos.com/2012/09/19/zeroaccess-botnet-uncovered/
+
Overcoming reputation and proof-of-work systems in botnets
+
http://eprints.qut.edu.au/35657/ eprints.qut.edu.au
+
Overview: inside the ZeuS trojan’s source code
+
http://www.thetechherald.com/articles/Overview-Inside-the-ZeuS-Trojans-source-code www.thetechherald.com
+
Owning Kraken zombies
+
http://dvlabs.tippingpoint.com/blog/2008/04/28/owning-kraken-zombies
+
P
P2P botnet Kelihos.B with 100.000 nodes sinkholed
+
http://blog.crowdstrike.com/2012/03/P2P-botnet-kelihosb-with-100000-nodes.html blog.crowdstrike.com
+
PETYA crypto-ransomware overwrites MBR to lock users out of their computers
+
http://blog.trendmicro.com/trendlabs-security-intelligence/petya-crypto-ransomware-overwrites-mbr-lock-users-computers/
+
Panda Security uncovers bot-killing malware
+
http://www.securityweek.com/panda-security-uncovers-bot-killing-malware
+
Panel Gendarmerie
+
http://www.malekal.com/2012/09/03/panel-gendarmerie/
+
Panel Supern0va et virus gendarmerie
+
http://www.malekal.com/2012/06/05/panel-supern0va-et-virus-gendarmerie/
+
Panel Virus Gendarmerie : Ratio 0.36%
+
http://www.malekal.com/2012/04/18/panel-virus-gendarmerie-ratio-0-36/
+
Part virus, part botnet, spreading fast: Ramnit moves past Facebook passwords
+
http://arstechnica.com/business/news/2012/01/part-virus-part-botnet-spreading-fast-ramnit-moves-past-facebook-passwords.ars
+
Peer-to-peer botnets: overview and case study
+
http://static.usenix.org/event/hotbots07/tech/full papers/grizzard/grizzard.pdf usenix.org
+
PeerRush: mining for unwanted P2P traffic
+
http://www.cs.uga.edu/~kangli/src/dimva2013.pdf www.cs.uga.edu
+
Petya ransomware skips the files and encrypts your hard drive instead
+
http://www.bleepingcomputer.com/news/security/petya-ransomware-skips-the-files-and-encrypts-your-hard-drive-instead/
+
Pitou, The “silent” resurrection of the PITOU notorious Srizbi kernel spambot
+
http://www.f-secure.com/static/doc/labs global/Whitepapers/pitou whitepaper.pdf
+
Playing cops & robbers with banks & browsers
+
http://www.symantec.com/connect/blogs/playing-cops-robbers-banks-browsers
+
PlugX malware: A good hacker is an apologetic hacker
+
https://securelist.com/blog/virus-watch/74150/plugx-malware-a-good-hacker-is-an-apologetic-hacker/
+
Navigation menu
Personal tools
Log in
Namespaces
Property
Discussion
Variants
Views
Read
View source
View history
More
Search
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Tools
What links here
Related changes
Upload file
Special pages
Printable version
Permanent link
Page information
Browse properties