Property:Link

From Botnets.fr

Jump to navigation Jump to search

This is a property of type URL.

Usage807

previous 500 20 50 100 250 500 next 500

Filter<p>The <a target="_blank" rel="nofollow noreferrer noopener" class="external text" href="https://www.semantic-mediawiki.org/wiki/Help:Property_page/Filter">search filter</a> allows the inclusion of <a target="_blank" rel="nofollow noreferrer noopener" class="external text" href="https://www.semantic-mediawiki.org/wiki/Help:Query_expressions">query expressions</a> such as <code>~</code> or <code>!</code>. The selected <a target="_blank" rel="nofollow noreferrer noopener" class="external text" href="https://www.semantic-mediawiki.org/wiki/Query_engine">query engine</a> might also support case insensitive matching or other short expressions like:</p><ul><li><code>in:</code> result should include the term, e.g. '<code>in:Foo</code>'</li></ul><ul><li><code>not:</code> result should to not include the term, e.g. '<code>not:Bar</code>'</li></ul>

Showing 307 pages using this property.

P

PlugX: new tool for a not so new campaign +

http://blog.trendmicro.com/plugx-new-tool-for-a-not-so-new-campaign/ +

PlugX: some uncovered points +

http://blog.cassidiancybersecurity.com/2014/01/plugx-some-uncovered-points.html +

PoS RAM scraper malware; past, present and future +

http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-pos-ram-scraper-malware.pdf +

Poison Ivy 2.3.0 Documentation +

http://www.poisonivy-rat.com/dl.php?file=230docs +

Poison Ivy: assessing damage and extracting intelligence +

https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-poison-ivy.pdf +

PoisonIvy adapts to communicate through authentication proxies +

http://blog.jpcert.or.jp/2015/07/poisonivy-adapts-to-communicate-through-authentication-proxies.html +

Poisoned search results: How hackers have automated search engine poisoning attacks to distribute malware +

https://www.sophos.com/medialibrary/PDFs/technical papers/sophosseoinsights.pdf +

PokerAgent botnet stealing over 16,000 Facebook credentials +

http://blog.eset.com/2013/01/29/pokeragent-stealing-over-16000-facebook-credentials blog.eset.com +

Police Trojan crosses the Atlantic, now targets USA and Canada +

http://blog.trendmicro.com/police-trojan-crosses-the-atlantic-now-targets-usa-and-canada/ +

Ponmocup analysis +

http://security-research.dyndns.org/pub/botnet/ponmocup/ponmocup-analysis 2012-02-18.html +

Post-mortem of a zombie: Conficker cleanup after six years +

https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-asghari.pdf +

Pramro and Sality - two PEs in a pod +

http://blogs.technet.com/b/mmpc/archive/2012/02/21/pramro-and-sality-two-pes-in-a-pod.aspx +

Proactive detection of network security incidents +

http://www.enisa.europa.eu/activities/cert/support/proactive-detection/proactive-detection-report/at download/fullReport www.enisa.europa.eu (pdf) +

Proactive detection of security incidents II - Honeypots +

http://www.enisa.europa.eu/activities/cert/support/proactive-detection-of-security-incidents-II-honeypots www.enisa.europa.eu +

Proactive policy measures by Internet service providers against Botnets +

http://dx.doi.org/10.1787/5k98tq42t18w-en dx.doi.org +

Probing the Gozi-Prinimalka campaign +

http://blog.trendmicro.com/trendlabs-security-intelligence/probing-the-gozi-prinimalka-malware/ +

http://www.proofpoint.com +

Pushdo botnet gets DGA update, over 6,000 machines host new variant +

http://www.scmagazine.com/pushdo-botnet-gets-dga-update-over-6000-machines-host-new-variant/article/361253/ +

Q

Qadars: un nouveau malware bancaire avec un composant mobile +

http://www.lexsi-leblog.fr/cert/qadars-nouveau-malware-bancaire-composant-mobile.html +

Quervar – Induc.C reincarnate +

http://blog.eset.com/2012/08/21/quervar-induc-c-reincarnate blog.eset.com +

QuickPost: Flame & Volatility +

http://mnin.blogspot.fr/2012/06/quickpost-flame-volatility.html mnin.blogspot.com +

R

REVETON Ransomware Spreads with Old Tactics, New Infection Method +

http://blog.trendmicro.com/trendlabs-security-intelligence/reveton-ransomware-spreads-with-old-tactics-new-infection-method/ +

REvil ransomware gang's web sites mysteriously shut down +

https://www.bleepingcomputer.com/news/security/revil-ransomware-gangs-web-sites-mysteriously-shut-down/ +

RIG exploit kit strikes oil +

https://blogs.cisco.com/security/rig-exploit-kit-strikes-oil. blogs.cisco.com +

Ramnit goes social +

http://blog.seculert.com/2012/01/ramnit-goes-social.html +

Ransom.II - UGC payment for USA - Windows Genuine impersonation for DE +

http://malware.dontneedcoffee.com/2012/08/ransomii-ugc-payment-for-usa-windows.html +

Ransomware : Smile you're on camera - Reveton.C new landing pages +

http://malware.dontneedcoffee.com/2012/06/ransomware-smile-youre-on-camera.html +

Ransomware : la sulfureuse hypothèse sur la situation chez Norsk Hydro +

https://www.zdnet.fr/actualites/ransomware-la-sulfureuse-hypothese-sur-la-situation-chez-norsk-hydro-39882453.htm +

Ransomware Casier - Sharing Design with Lyposit - Gaelic & Persian ( +

http://malware.dontneedcoffee.com/2012/09/ransom-casier-sharing-design-with.html +

Ransomware Fake Microsoft Security Essentials +

http://www.malekal.com/2012/08/20/ransomware-fake-microsoft-security-essentials/ +

Ransomware and Silence Locker control panel +

http://www.symantec.com/connect/blogs/ransomware-and-silence-locker-control-panel +

Ransomware crimeware kits +

http://www.symantec.com/connect/blogs/ransomware-crimeware-kits +

Ransomware gets professional, targeting Switzerland, Germany and Austria +

http://www.abuse.ch/?p=3718 +

Ransomware or Wiper? LockerGoga Straddles the Line +

https://blog.talosintelligence.com/2019/03/lockergoga.html +

Ransomware report: the rise of BandarChor +

https://www.f-secure.com/weblog/archives/00002795.html +

Ransomware « Trojan.Casier » Panel +

http://www.malekal.com/2012/09/18/ransomware-trojan-casier-panel/ www.malekal.com +

Ransomware ‘Holds Up’ victims +

http://blogs.mcafee.com/mcafee-labs/ransomware-holds-up-victims +

Ransomware: playing on your fears +

http://blogs.technet.com/b/mmpc/archive/2012/03/16/ransomware-playing-on-your-fears.aspx blog.technet.com +

Redkit - one account = one color +

http://malware.dontneedcoffee.com/2012/06/redkit-one-account-one-color.html +

Redkit : No more money ! Traffic US, CA, GB, AU +

http://malware.dontneedcoffee.com/2012/09/redkitnomoremoney.html +

Relentless Zbot and anti-emulations +

http://www.symantec.com/connect/blogs/relentless-zbot-and-anti-emulations +

Research Win32/Slenfbot +

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Win32/Slenfbot +

Researchers: Bredolab still lurking, though severely injured +

http://www.thetechherald.com/articles/Researchers-Bredolab-still-lurking-though-severely-injured-(Update-3)/11757/ +

Reversing Andromeda-Gamarue botnet +

http://www.garage4hackers.com/content/154-reversing-andromeda-gamarue-botnet.html +

Reversing malware loaders - The Matsnu-A Case +

http://anti-reversing.com/Downloads/Sec Research/Reversing Malware Loaders - The Matsnu-A Case.pdf anti-reversing.com (PDF) +

Reversing the wrath of Khan +

http://ddos.arbornetworks.com/uploads/2012/03/Wrath-of-Khan1.pdf +

Reveton += HU, LV, SK, SI, TR (!), RO - So spreading accross Europe with 6 new Design +

http://malware.dontneedcoffee.com/2012/10/reveton-hu-lv-sk-sl-tr-ro-so-spreading.html +

Reveton Autumn Collection += AU,CZ, IE, NO & 17 new design +

http://malware.dontneedcoffee.com/2012/10/reveton-autumn-collection-aucz-ie-no-14.html +

Reveton can speak now ! +

http://malware.dontneedcoffee.com/2012/11/reveton-speaking.html +

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/Reveton.A#summary link +

Richard Clarke on who was behind the Stuxnet attack +

http://www.smithsonianmag.com/history-archaeology/Richard-Clarke-on-Who-Was-Behind-the-Stuxnet-Attack.html www.smithsonianmag.com +

Rmnet.12 created a million Windows computer botnet +

http://news.drweb.com/show/?i=2374&lng=en&c=9 news.drweb.com +

RootSmart Android malware +

http://resources.infosecinstitute.com/rootsmart-android-malware/ +

RootSmart malware utilizes GingerBreak root exploit +

http://www.csc.ncsu.edu/faculty/jiang/RootSmart/ +

Rovnix Reloaded: new step of evolution +

http://blog.eset.com/2012/02/22/rovnix-reloaded-new-step-of-evolution blog.eset.com +

Rovnix bootkit framework updated +

http://blog.eset.com/2012/07/13/rovnix-bootkit-framework-updated +

Rovnix.D: the code injection story +

http://blog.eset.com/2012/07/27/rovnix-d-the-code-injection-story blog.eset.com +

Russian service online to check the detection of malware +

http://malwareint.blogspot.fr/2009/11/russian-service-online-to-check.html +

Réflexions pour un plan d'action contre les botnets +

http://www.sstic.org/2010/presentation/Reflexions pour un plan d action contre les botnets/ +

S

SANS Institute +

http://www.sans.org +

https://www.scmagazine.com +

SDBot IRC botnet continues to make waves +

http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp sdbot irc botnet continues to make waves pub.pdf +

SGNET: a worldwide deployable framework to support the analysis of malware threat models +

http://www.eurecom.fr/fr/publication/2445 www.eurecom.fr +

SIM-ple: mobile handsets are weak link in latest online banking fraud scheme +

http://www.trusteer.com/blog/sim-ple-mobile-handsets-are-weak-link-latest-online-banking-fraud-scheme +

http://go.microsoft.com/?linkid=9807245 (PDF) +

SIRv12: the obstinacy of Conficker +

http://blogs.technet.com/b/mmpc/archive/2012/04/25/the-tenacity-of-conficker.aspx +

SKyWIper: A complex malware for targeted attacks +

http://www.crysys.hu/skywiper/skywiper.pdf www.crysys.hu +

SPL exploit kit – now with CVE-2013-0422 +

http://ondailybasis.com/blog/2013/01/14/spl-exploit-kit-now-with-cve-2013-0422/ +

SamSam Ransomware Evolves Its Tactics Towards Targeting Whole Companies +

https://threatpost.com/samsam-ransomware-evolves-its-tactics-towards-targeting-whole-companies/131519/ +

SamSam ransomware designed to inundate targeted networks with thousands of copies of itself +

https://www.scmagazine.com/samsam-ransomware-designed-to-inundate-targeted-networks-with-thousands-of-copies-of-itself/article/762178/ +

Saudi Aramco hit by computer virus +

http://www.guardian.co.uk/technology/2012/aug/16/saudi-aramco-computer-virus-hacking-claims www.guardian.co.uk +

Say hello to Tinba: world’s smallest trojan-banker +

http://www.csis.dk/en/csis/news/3566/ +

Scareware locks down computer due to child porn and terrorism +

http://www.abuse.ch/?p=3610 abuse.ch +

Secrets of the Comfoo masters +

http://www.secureworks.com/cyber-threat-intelligence/threats/secrets-of-the-comfoo-masters/ +

Security Intelligence +

https://securityintelligence.com/ +

Security Response Android.Counterclank +

http://www.symantec.com/security response/writeup.jsp?docid=2012-012709-4046-99 +

Security alert: SpamSoldier +

https://blog.lookout.com/blog/2012/12/17/security-alert-spamsoldier/ blog.lookout.com +

Security alert: new Android malware - TigerBot - identified in alternative markets +

http://research.nq.com/?p=402 research.nq.com +

Security alert: new TGLoader Android malware utilizes the exploid root exploit +

http://www.csc.ncsu.edu/faculty/jiang/TGLoader/ +

Security alert: new variants of Legacy Native (LeNa) identified +

http://blog.mylookout.com/blog/2012/04/03/security-alert-new-variants-of-legacy-native-lena-identified/ blog.mylookout.com +

Security experts detected new Twitter-controlled botnet +

http://www.spamfighter.com/News-15132-Security-Experts-Detected-New-Twitter-Controlled-Botnet.htm +

Shamoon the Wiper in details +

https://www.securelist.com/en/blog/208193795/Shamoon the Wiper in details +

Shamoon the Wiper: further details (Part II) +

http://www.securelist.com/en/blog/208193834/Shamoon The Wiper further details Part II +

Shamoon the wiper - copycats at work +

https://www.securelist.com/en/blog?weblogid=208193786 +

Shedding light on the NeoSploit Exploit Kit +

http://labs.m86security.com/2011/01/shedding-light-on-the-neosploit-exploit-kit/ +

Shylock financial malware back 'with a vengeance' +

http://www.csoonline.com/article/700368/shylock-financial-malware-back-with-a-vengeance- +

Sinowal analysis (Windows 7, 32-bit) +

http://www.evild3ad.com/?p=1556 www.evild3ad.com +

Sinowal: MBR rootkit never dies! (and it always brings some new clever features) +

http://www.itsec.it/2012/06/06/sinowal-mbr-rootkit-never-dies-and-it-always-brings-some-new-clever-features/ +

Sinowal: the evolution of MBR rootkit continues +

http://www.aall86.altervista.org/files/Sinowal new Analysis.pdf www.aall86.altervista.org +

Skunkx DDoS bot analysis +

https://asert.arbornetworks.com/skunkx-ddos-bot-analysis/ +

Skynet, a Tor-powered botnet straight from Reddit +

https://community.rapid7.com/community/infosec/blog/2012/12/06/skynet-a-tor-powered-botnet-straight-from-reddit +

Smartcard vulnerabilities in modern banking malware +

http://blog.eset.com/2012/06/05/smartcard-vulnerabilities-in-modern-banking-malware +

Social networks – A bonanza for cybercriminals +

https://securelist.com/blog/incidents/73204/social-networks-a-bonanza-for-cybercriminals/ +

Sony PlayStation's site SQL injected, redirecting to rogue security software +

http://www.zdnet.com/blog/security/sony-playstations-site-sql-injected-redirecting-to-rogue-security-software/1394 www.zdnet.com +

Sony/Destover: mystery North Korean actor’s destructive and past network activity +

https://securelist.com/blog/research/67985/destover/ +

Sopelka Botnet: three banking trojans and one banking panel +

http://securityblog.s21sec.com/2012/10/sopelka-botnet-three-banking-trojans.html +

Source Code for IoT Botnet ‘Mirai’ Released +

http://krebsonsecurity.com/2016/10/source-code-for-iot-botnet-mirai-released/ +

Spam botnets: The fall of Grum and the rise of Festi +

http://www.spamhaus.org/news/article/685/ +

Spambot evolution 2011 +

http://www.secureworks.com/cyber-threat-intelligence/threats/spambot-evolution/ +

Spread of Darkness...Details on the public release of the Darkness DDoS bot +

http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20110123 +

SpyEye being kicked to the curb by its customers? +

http://blog.damballa.com/?p=1494 blog.damballa.com +

Stamp EK (aka SofosFO) now showing "Blackhole 2.0 Like" landing pages +

http://malware.dontneedcoffee.com/2012/10/neosploit-now-showing-bh-ek-20-like.html +

Static analysis of Dalvik bytecode and reflection in Android +

http://projekter.aau.dk/projekter/en/studentthesis/static-analysis-of-dalvik-bytecode-and-reflection-in-android(4dd9e717-c5d2-4603-a2d7-0f043fe9ea1f).html projecter.aau.dk +

Stealing money from ATMs with malware +

https://events.ccc.de/congress/2013/Fahrplan/events/5476.html +

Stealthy peer-to-peer C&C over SMB pipes +

http://blog.cobaltstrike.com/2013/12/06/stealthy-peer-to-peer-cc-over-smb-pipes/ blog.cobaltstrike.com +

Stealthy router-based botnet worm squirming +

http://www.zdnet.com/blog/security/stealthy-router-based-botnet-worm-squirming/2972 +

Step-by-step reverse engineering malware: ZeroAccess / Max++ / Smiscer crimeware rootkit +

http://resources.infosecinstitute.com/step-by-step-tutorial-on-reverse-engineering-malware-the-zeroaccessmaxsmiscer-crimeware-rootkit/ resources.infosecinstitute.com +

Stolen passwords allowed hackers to steal over one billion rubles +

https://www.duosecurity.com/blog/stolen-passwords-allowed-hackers-to-steal-over-one-billion-rubles +

Study of malware obfuscation techniques +

http://zerosecurity.org/media/study-of-malware-obfuscation-techniques/ zerosecurity.org +

http://www.symantec.com/ +

Symantec/Android.Ackposts +

http://www.symantec.com/security response/writeup.jsp?docid=2012-072302-3943-99 +

Symantec/Android.Maistealer +

http://www.symantec.com/security response/writeup.jsp?docid=2012-072411-4350-99 +

Symantec/Backdoor.Arcomrat +

http://www.symantec.com/security response/writeup.jsp?docid=2012-112912-5237-99 +

Symantec/W32.Zorenium +

http://www.symantec.com/security response/writeup.jsp?docid=2014-061611-1223-99 +

T

TDI - a new element in old TDSS story +

http://artemonsecurity.blogspot.fr/2012/10/tdi-new-element-in-old-tdss-story.html artemonsecurity.blogspot.fr +

TDL3 : The rootkit of all evil +

http://go.eset.com/us/resources/white-papers/TDL3-Analysis.pdf +

TDL3 : Why so serious +

http://virusvn.com/download/video-tutorial/tdl3 analysis paper.pdf +

TDL4 - Top Bot +

http://www.securelist.com/en/analysis/204792180/TDL4 Top Bot +

TDL4 reloaded: Purple Haze all in my brain +

http://blog.eset.com/2012/02/02/tdl4-reloaded-purple-haze-all-in-my-brain blog.eset.com +

TDSS botnet: full disclosure +

http://nobunkum.ru/analytics/en-tdss-botnet nobunkum.ru +

TR-24 analysis - Destory RAT family +

http://www.circl.lu/pub/tr-24/ +

Takeover of Virut domains +

http://www.cert.pl/news/6744/langswitch lang/en +

Taking down botnets: Microsoft and the Rustock botnet +

http://blogs.technet.com/b/microsoft blog/archive/2011/03/18/taking-down-botnets-microsoft-and-the-rustock-botnet.aspx +

Tales from Crisis, Chapter 1: The dropper’s box of tricks +

http://reverse.put.as/2012/08/06/tales-from-crisis-chapter-1-the-droppers-box-of-tricks/ reverse.put.as +

Tales from Crisis, Chapter 2: Backdoor’s first steps +

http://reverse.put.as/2012/08/20/tales-from-crisis-chapter-2-backdoors-first-steps/ reverse.put.as +

Tales from Crisis, Chapter 3: The Italian rootkit job +

http://reverse.put.as/2012/08/21/tales-from-crisis-chapter-3-the-italian-rootkit-job/ reverse.put.as +

Tales from Crisis, Chapter 4: a ghost in the network +

http://reverse.put.as/2012/08/26/tales-from-crisis-chapter-4-a-ghost-in-the-network/ reverse.put.as +

Targeted attacks and Ukraine +

http://www.f-secure.com/weblog/archives/00002688.html +

Targeted destructive malware explained: Troj/Mdrop-ELD +

http://nakedsecurity.sophos.com/2012/08/17/targeted-destructive-malware-explained-trojmdrop-eld/ +

Targeted information stealing attacks in South Asia use email, signed binaries +

http://www.welivesecurity.com/2013/05/16/targeted-threat-pakistan-india/ +

Tatanga attack exposes chipTAN weaknesses +

http://www.trusteer.com/blog/tatanga-attack-exposes-chiptan-weaknesses +

Tatanga: a new banking trojan with MitB functions +

http://securityblog.s21sec.com/2011/02/tatanga-new-banking-trojan-with-mitb.html +

Tequila botnet leads to phishing attack +

http://www.trendmicro.com/vinfo/us/threat-encyclopedia/web-attack/48/tequila-botnet-leads-to-phishing-attack +

The "Red October" campaign - An advanced cyber espionage network targeting diplomatic and government agencies +

http://www.securelist.com/en/blog/785/The Red October Campaign An Advanced Cyber Espionage Network Targeting Diplomatic and Government Agencies +

The 'Penquin' Turla +

http://securelist.com/blog/research/67962/the-penquin-turla-2/ +

The ACCDFISA malware family – Ransomware targeting Windows servers +

http://blog.emsisoft.com/2012/04/11/the-accdfisa-malware-family-ransomware-targetting-windows-servers/ +

The ACCDFISA malware family – Ransomware targetting Windows servers +

http://blog.emsisoft.com/2012/04/11/the-accdfisa-malware-family-ransomware-targetting-windows-servers/ blog.emsisoft.com +

The Andromeda/Gamarue botnet is on the rise again +

https://blog.gdatasoftware.com/blog/article/the-andromedagamarue-botnet-is-on-the-rise-again.html +

The Coreflood report +

http://www.secureworks.com/research/threats/coreflood-report/ +

The Cridex trojan targets 137 financial organizations in one go +

http://labs.m86security.com/2012/03/the-cridex-trojan-targets-137-financial-organizations-in-one-go/ +

The DGA of Symmi +

http://www.johannesbader.ch/2015/01/the-dga-of-symmi/ +

The Dark Alleys of Madison Avenue: Understanding Malicious Advertisements +

http://cs.ucsb.edu/~kapravel/publications/imc14 zarras.pdf +

The Dorkbot rises +

http://blog.trendmicro.com/trendlabs-security-intelligence/the-dorkbot-rises +

The Elderwood project (infographic) +

http://www.symantec.com/connect/blogs/elderwood-project-infographic +

The Epic Turla operation +

https://securelist.com/analysis/publications/65545/the-epic-turla-operation/ +

The Flame: questions and answers +

http://www.securelist.com/en/blog/208193522/The Flame Questions and Answers +

The IMDDOS botnet: discovery and analysis +

https://www.damballa.com/downloads/r pubs/Damballa Report IMDDOS.pdf +

The Madi campaign - Part II +

http://www.securelist.com/en/blog/208193691/The Madi Campaign Part II +

The Miner botnet: Bitcoin mining goes peer-to-peer +

https://securelist.com/blog/incidents/30863/the-miner-botnet-bitcoin-mining-goes-peer-to-peer-33/ +

The MiniDuke mystery: PDF 0-day government spy assembler 0x29A micro backdoor +

http://www.securelist.com/en/blog/208194129/The MiniDuke Mystery PDF 0 day Government Spy Assembler 0x29A Micro Backdoor +

The Mirage campaign +

http://www.secureworks.com/cyber-threat-intelligence/threats/the-mirage-campaign/ +

The Pobelka botnet - a command and control case study +

http://check.botnet.nu/technical.html check.botnet.net +

The Sality botnet +

http://www.symantec.com/connect/blogs/sality-botnet +

The Target breach by the numbers +

http://krebsonsecurity.com/2014/05/the-target-breach-by-the-numbers/ +

The ZeroAccess botnet revealed +

http://resources.infosecinstitute.com/the-zeroaccess-botnet-revealed/ resources.infosecinstitute.com +

The ZeroAccess botnet: mining and fraud for massive financial gain +

http://www.sophos.com/en-us/why-sophos/our-people/technical-papers/zeroaccess-botnet.aspx www.sophos.com +

The ZeroAccess rootkit +

http://www.sophos.com/en-us/why-sophos/our-people/technical-papers/zeroaccess.aspx www.sophos.com +

The anatomy of a botnet +

http://www.arbornetworks.com/index.php?option=com docman&task=doc download&gid=494&Itemid=615 www.arbornetworks.com +

The case for in-the-lab botnet experimentation: creating and taking down a 3000-node botnet +

http://www.acsac.org/2010/openconf/modules/request.php?module=oc program&action=summary.php&id=221 www.acsac.org +

The case of TDL3 +

http://www.f-secure.com/weblog/archives/The Case of TDL3.pdf +

The evolution of TDL: conquering x64 +

http://www.eset.com/us/resources/white-papers/The Evolution of TDL.pdf +

The evolution of webinjects +

https://www.virusbtn.com/pdf/conference/vb2014/VB2014-Boutin.pdf +

The first trojan in history to steal Linux and Mac OS X passwords +

http://news.drweb.com/show/?i=2679&lng=en&c=14 news.drweb.com +

The good , the bad and the unknown online scanners +

https://isc.sans.edu/forums/diary/The+Good+the+Bad+and+the+Unknown+Online+Scanners/10366/ +

The graphic design of "Maktub Locker" ransomware +

https://labsblog.f-secure.com/2016/03/21/the-graphic-design-of-maktub-locker-ransomware/ +

The growing threat to business banking online +

http://voices.washingtonpost.com/securityfix/2009/07/the pitfalls of business banki.html voices.washingtonpost.com +

The life cycle of web server botnet recruitment +

http://blog.spiderlabs.com/2013/03/the-life-cycle-of-web-server-botnet-recruitment.html blog.spiderlabs.com +

The lifecycle of peer-to-peer (Gameover) ZeuS +

http://www.secureworks.com/cyber-threat-intelligence/threats/The Lifecycle of Peer to Peer Gameover ZeuS/ +

The most sophisticated Android trojan +

http://www.securelist.com/en/blog/8106/The most sophisticated Android Trojan +

The mystery of Duqu framework solved +

http://www.securelist.com/en/blog/677/The mystery of Duqu Framework solved +

The mystery of Duqu: part five +

http://www.securelist.com/en/blog/606/The Mystery of Duqu Part Five +

The mystery of Duqu: part one +

http://www.securelist.com/en/blog/208193182/The Mystery of Duqu Part One +

The mystery of Duqu: part six (the command and control servers) +

http://www.securelist.com/en/blog/625/The Mystery of Duqu Part Six The Command and Control servers +

The mystery of Duqu: part ten +

http://www.securelist.com/en/blog/208193425/The mystery of Duqu Part Ten +

The mystery of Duqu: part three +

http://www.securelist.com/en/blog/208193206/The Mystery of Duqu Part Three +

The mystery of Duqu: part two +

http://www.securelist.com/en/blog/208193197/The Mystery of Duqu Part Two +

The mystery of the Duqu framework +

http://www.securelist.com/en/blog/667/The Mystery of the Duqu Framework +

The real face of Koobface: the largest web 2.0 botnet explained +

http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp the-real-face-of-koobface.pdf www.trendmicro.com +

The resurrection of RedKit +

http://www.kahusecurity.com/2014/the-resurrection-of-redkit/ +

The rise of TOR-based botnets +

http://www.welivesecurity.com/2013/07/24/the-rise-of-tor-based-botnets/ +

The tigger trojan: icky, sticky stuff +

http://voices.washingtonpost.com/securityfix/2009/02/the t-i-double-guh-r trojan ic.html voices.washingtonpost.com +

The underground economy of spam: a botmaster's perspective of coordinating large-scale spam campaigns +

http://iseclab.org/papers/cutwail-LEET11.pdf +

The where and why of Hlux +

http://www.securelist.com/en/blog/663/The where and why of HLUX +

The world's biggest botnets +

http://www.darkreading.com/the-worlds-biggest-botnets-/d/d-id/1129117 +

The ‘Madi’ infostealers - a detailed analysis +

http://www.securelist.com/en/analysis/204792237/The Madi infostealers a detailed analysis +

The ‘advertising’ botnet +

https://www.securelist.com/en/analysis/204792172/The Advertising Botnet +

The “Hikit” rootkit: advanced and persistent attack techniques (part 1) +

https://blog.mandiant.com/archives/3155 blog.mandiant.com +

The “Hikit” rootkit: advanced and persistent attack techniques (part 2) +

https://blog.mandiant.com/archives/3189 blog.mandiant.com +

Threat spotlight: Angler lurking in the domain shadows +

http://blogs.cisco.com/security/talos/angler-domain-shadowing +

https://threatpost.com/ +

Three month FrameworkPOS malware campaign nabs ~43,000 credit cards from point of sale systems +

https://blog.anomali.com/three-month-frameworkpos-malware-campaign-nabs-43000-credits-cards-from-poi +

Tilon-son of Silon +

http://www.trusteer.com/blog/tilon-son-of-silon +

Tilon/SpyEye2 intelligence report +

https://foxitsecurity.files.wordpress.com/2014/02/spyeye2 tilon 20140225.pdf +

TinyNuke may be a ticking time bomb +

https://securingtomorrow.mcafee.com/business/tinynuke-may-ticking-time-bomb/ +

Tis the season for shipping and phishing +

https://securelist.com/blog/phishing/73174/tis-the-season-for-shipping-and-phishing/ +

Top 50 bad hosts & networks 2011 Q4 +

http://hostexploit.com/downloads/viewdownload/7/35.html hostexploit.com +

Top spam botnets exposed +

http://www.secureworks.com/cyber-threat-intelligence/threats/topbotnets/ +

Torpig - Back to the future or how the most sophisticated trojan in 2008 reinvents itself +

http://www.tidos-group.com/blog/?p=362 tidos-group.com (Trustdefender) +

TorrentLocker ransomware uses email authentication to refine spam runs +

http://blog.trendmicro.com/trendlabs-security-intelligence/torrentlocker-ransomware-uses-email-authentication-to-refine-spam-runs/ +

Tracking down the author of the PlugX RAT +

http://labs.alienvault.com/labs/index.php/2012/tracking-down-the-author-of-the-plugx-rat/ labs.alienvault.com +

Traffic direction systems as malware distribution tools +

http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/reports/rpt malware-distribution-tools.pdf +

Travnet botnet steals huge amount of sensitive data +

http://blogs.mcafee.com/mcafee-labs/travnet-botnet-steals-huge-amount-of-sensitive-data +

Travnet trojan could be part of APT campaign +

http://blogs.mcafee.com/mcafee-labs/travnet-trojan-could-be-part-of-apt-campaign +

TreasureHunt: a custom POS malware tool +

https://www.fireeye.com/blog/threat-research/2016/03/treasurehunt a cust.html +

Trend Micro discovers MalumPoS; malware targeting hotels and other US industries +

http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-malumpos-targets-hotels-and-other-us-industries/ +

TrendLabs Security Intelligence Blog +

http://blog.trendmicro.com/trendlabs-security-intelligence +

Trojan ChePro, the CPL storm +

https://securelist.com/blog/incidents/58203/trojan-chepro-the-cpl-storm/ +

Trojan Nap aka Kelihos/Hlux - Feb. 2013 status update +

http://www.deependresearch.org/2013/02/trojan-nap-aka-kelihoshlux-feb-2013.html +

Trojan downloaders on the rise: don’t let Locky or TeslaCrypt ruin your day +

http://www.welivesecurity.com/2016/03/18/trojan-downloaders-rise-dont-let-locky-teslacrypt-ruin-day/ +

Trojan horse using sender policy framework +

http://www.symantec.com/connect/blogs/trojan-horse-using-sender-policy-framework +

Trojan moves its configuration to Twitter, LinkedIn, MSDN and Baidu +

http://blogs.norman.com/2012/security-research/trojan-moves-its-configuration-to-twitter-linkedin-msdn-and-baidu blogs.norman.com +

Trojan on the loose: an in-depth analysis of police trojan +

http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp police trojan.pdf +

Trojan.Prinimalka: bits and pieces +

http://ddos.arbornetworks.com/2012/10/trojan-prinimalka-bits-and-pieces/ +

Trojan.Ransomgerpo criminal arrested +

http://www.symantec.com/connect/blogs/trojanransomgerpo-criminal-arrested +

Trojan.Taidoor takes aim at policy think tanks +

http://www.symantec.com/content/en/us/enterprise/media/security response/whitepapers/trojan taidoor-targeting think tanks.pdf symantec.com (PDF) +

Trojan.Tatanarg.B careful! +

http://www.symantec.com/connect/blogs/trojantatanargb-careful +

Trojan.Whitewell: what’s your (bot) Facebook status today? +

http://www.symantec.com/connect/blogs/trojanwhitewell-what-s-your-bot-facebook-status-today +

Trojan.ZeroAccess infection analysis +

http://www.symantec.com/content/en/us/enterprise/media/security response/whitepapers/trojan zeroaccess infection analysis.pdf +

Trusteer warns of new two headed trojan attack against online banks +

http://www.trusteer.com/news/press-release/trusteer-warns-of-new-two-headed-trojan-attack-against-online-banks +

https://www.trustwave.com/ +

Twitter + Pastebin = malware update +

http://www.symantec.com/connect/blogs/twitter-pastebin-malware-update +

U

Un WOMBAT pour évaluer la cybercriminalité +

https://www.sstic.org/2009/presentation/Le point de vue d un WOMBAT sur les attaques Internet/ +

Under the hood of Carberp: Malware & configuration analysis +

http://www.trusteer.com/sites/default/files/Carberp Analysis.pdf +

Under the hood of the cyber attack on U.S. banks +

http://www.incapsula.com/the-incapsula-blog/item/603-cyber-attack-us-banks www.incapsula.com +

Unexpected reboot: Necurs +

http://blogs.technet.com/b/mmpc/archive/2012/12/06/unexpected-reboot-necurs.aspx +

Unveiling an Indian cyberattack infrastructure - a special report +

http://enterprise.norman.com/resource center/unveiling an indian cyberattack infrastructure-a special report entreprise.norman.com +

Unveiling the network criminal infrastructure of TDSS/TDL4 - DGAv14: a case study on a new TDSS/TDL4 variant +

https://www.damballa.com/downloads/r pubs/Damballa tdss tdl4 case study public.pdf +

Upas Kit (aka Rombrast) integrates webinjects +

http://malware.dontneedcoffee.com/2012/11/upas-kit-aka-rombrast-integrates.html +

Upatre, Dyre used in Univ. of Florida attack +

http://www.scmagazine.com/multi-malware-multistage-attack-infects-uf-users-computers/article/395279/ +

Update to Citadel : 1.3.5.1 Rain Edition. +

http://malware.dontneedcoffee.com/2012/10/citadelupdate1.3.5.1.html +

Update to Citadel : v.1.3.4.5 +

http://malware.dontneedcoffee.com/2012/06/update-to-citadel-v1345.html +

Updated Sundown Exploit Kit Uses Steganography +

http://blog.trendmicro.com/trendlabs-security-intelligence/updated-sundown-exploit-kit-uses-steganography/ +

Urausy has big plan for Europe - Targeting 3 new countries among which Norway ! +

http://malware.dontneedcoffee.com/2012/09/urausy-is-invading-europe-targeting-3.html +

Urausy improving its localization - A (the\?) Gaelic Ransomware with Interpol impersonation as default landing +

http://malware.dontneedcoffee.com/2012/09/UrausyGaelicInterpol.html +

Urausy ransomware - July 2013 design refresh - "Summer 2013 collection" +

http://malware.dontneedcoffee.com/2013/07/urausy-ransomware-july-2013-design.html +

Urausy: Colorfull design refresh (+HR) & EC3 Logo +

http://malware.dontneedcoffee.com/2013/02/urausy-colorfull-designrefresh.html +

Uroburos: the snake rootkit +

http://artemonsecurity.com/uroburos.pdf artemonsecurity.com +

Using libemu to create malware flow graph +

http://lists.foss.org.my/pipermail/general/attachments/20100426/3c4480ff/attachment-0001.pdf +

V

VOlk-botnet takes over Latin America +

http://news.softpedia.com/news/VOlk-Botnet-Takes-Over-Latin-America-227254.shtml +

Vawtrak gains momentum and expands targets +

http://blog.phishlabs.com/vawtrak-gains-momentum-and-expands-targets +

Versatile and infectious: Win64/Expiro is a cross-platform file infector +

http://www.welivesecurity.com/2013/07/30/versatile-and-infectious-win64expiro-is-a-cross-platform-file-infector/ +

VinSelf - A new backdoor in town +

http://blog.fireeye.com/research/2010/11/winself-a-new-backdoor-in-town.html +

ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar +

https://blog.lookout.com/blog/2017/02/16/viperrat-mobile-apt/ +

Virus Gendarmerie : variante Office Centrale de Luttre contre la criminalité – controle informationnel +

http://www.malekal.com/2012/09/03/virus-gendarmerie-variante-office-centrale-de-luttre-contre-la-criminalite-controle-informationnel/ +

Virus scanners for virus authors +

http://www.krebsonsecurity.com/2009/12/virus-scanners-for-virus-authors/ +

Virus scanners for virus authors, part II +

http://krebsonsecurity.com/2010/04/virus-scanners-for-virus-authors-part-ii/ +

Virut malware fuels Waledac botnet resurgence +

http://www.scmagazine.com/virut-malware-fuels-waledac-botnet-resurgence/article/276183/ +

W

W32.Changeup: how the worm was created +

http://www.symantec.com/content/en/us/enterprise/media/security response/whitepapers/w32 changeup how the worm was created.pdf +

W32.Duqu, the precursor to the next Stuxnet +

http://www.symantec.com/content/en/us/enterprise/media/security response/whitepapers/w32 duqu the precursor to the next stuxnet.pdf +

W32.Flamer: spreading mechanism tricks and exploits +

http://www.symantec.com/connect/ko/blogs/w32flamer-spreading-mechanism-tricks-and-exploits +

W32.Qakbot in detail +

http://www.symantec.com/content/en/us/enterprise/media/security response/whitepapers/w32 qakbot in detail.pdf symantec.com (pdf) +

W32.Shadesrat (Blackshades) author arrested +

http://www.symantec.com/connect/blogs/w32shadesrat-blackshades-author-arrested +

W32.Stuxnet dossier +

https://www.symantec.com/content/en/us/enterprise/media/security response/whitepapers/w32 stuxnet dossier.pdf +

W32.Tinba (Tinybanker) The turkish incident +

http://www.csis.dk/downloads/Tinba White Paper.pdf www.csis.dk +

W32.Xpaj.B: making easy money from complex code +

http://www.symantec.com/content/en/us/enterprise/media/security response/whitepapers/w32 xpaj b.pdf (PDF) +

Waledac Botnet - Deployment and Communication Analysis +

http://www.fortiguard.com/analysis/waledacanalysis.html Fortinet Article +

Waledac gets cozy with Virut +

http://www.symantec.com/connect/blogs/waledac-gets-cozy-virut +

Walking through Win32/Jabberbot.A instant messaging C&C +

http://www.welivesecurity.com/2013/01/30/walking-through-win32jabberbot-a-instant-messaging-cc/ +

Watch out for CoreBot, new stealer in the wild +

https://securityintelligence.com/watch-out-for-corebot-new-stealer-in-the-wild/ +

Weelsof use SSL C&C +

http://www.xylibox.com/2012/09/weelsof-use-ssl-c.html www.xylibox.com +

What was that Wiper thing? +

http://www.securelist.com/en/blog/208193808/What was that Wiper thing +

What’s the buzz with Bafruz +

http://blogs.technet.com/b/mmpc/archive/2012/08/14/msrt-august-12-what-s-the-buzz-with-bafruz.aspx +

Where Are They Today? Cybercrime Trojans That No One Misses: Shifu Malware +

http://securityintelligence.com/where-are-they-today-cybercrime-trojans-that-no-one-misses-shifu-malware/ +

Who's behind the Koobface botnet? - An OSINT analysis +

http://ddanchev.blogspot.com/2012/01/whos-behind-koobface-botnet-osint.html ddanchev.blogspot.com +

Who's behind the world's largest spam botnet? +

http://krebsonsecurity.com/2012/02/whos-behind-the-worlds-largest-spam-botnet/ +

Why forums? An empirical analysis into the facilitating factors of carding forums +

http://www.websci13.org/ +

Win32/64:Napolar: New trojan shines on the cyber crime-scene +

https://blog.avast.com/2013/09/25/win3264napolar-new-trojan-shines-on-the-cyber-crime-scene/ blog.avast.com +

Win32/Gataka - or should we say Zutick? +

http://www.welivesecurity.com/2012/11/30/win32gataka-or-should-we-say-zutick/ +

Win32/Gataka banking Trojan - Detailed analysis +

http://blog.eset.com/2012/08/13/win32gataka-banking-trojan-detailed-analysis blog.eset.com +

Win32/Gataka: a banking Trojan ready to take off +

http://blog.eset.com/2012/06/28/win32gataka-a-banking-trojan-ready-to-take-off blog.eset.com +

Win32/Sality newest component: a router’s primary DNS changer named Win32/RBrute +

http://www.welivesecurity.com/2014/04/02/win32sality-newest-component-a-routers-primary-dns-changer-named-win32rbrute/ +

Win32/Spy.Ranbyus modifying Java code in RBS Ukraine systems +

http://blog.eset.com/2012/12/19/win32spy-ranbyus-modifying-java-code-in-rbs blog.eset.com +

Win32/Virlock: First Self-Reproducing Ransomware is also a Shape Shifter +

http://www.welivesecurity.com/2014/12/22/win32virlock-first-self-reproducing-ransomware-also-shape-shifter/ +

http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=Win32/Vundo +

Winlock affiliate +

http://www.xylibox.com/2012/08/winlock-affiliate.html www.xylibox.com +

Wire Transfer Spam Spreads Upatre +

http://blogs.technet.com/b/mmpc/archive/2014/12/11/wire-transfer-spam-spreads-upatre.aspx +

Wired Business Media +

http://www.securityweek.com/ +

Worm:VBS/Jenxcus +

http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Worm:VBS/Jenxcus +

X

XPAJ: reversing a Windows x64 bootkit +

https://www.securelist.com/en/analysis/204792235/XPAJ Reversing a Windows x64 Bootkit +

Xarvester, the new Srizbi? +

http://labs.m86security.com/2009/01/xarvester-the-new-srizbi/ +

Xpaj Botnet intercepts up to 87 million searches per year +

http://www.symantec.com/connect/blogs/xpaj-botnet-intercepts-87-million-searches-year +

Y

You can’t be invulnerable, but you can be well protected +

https://securelist.com/blog/opinions/73160/you-cant-be-invulnerable-but-you-can-be-well-protected/ +

You dirty RAT! Part 1 – DarkComet +

http://blog.malwarebytes.org/intelligence/2012/06/you-dirty-rat-part-1-darkcomet/ +

You dirty RAT! part 2 – BlackShades NET +

http://blog.malwarebytes.org/intelligence/2012/06/you-dirty-rat-part-2-blackshades-net/ +

Your botnet is my botnet: analysis of a botnet takeover +

https://seclab.cs.ucsb.edu/media/uploads/papers/torpig.pdf +

Your files are encrypted with a “Windows 10 Upgrade” +

http://blogs.cisco.com/security/talos/ctb-locker-win10 +

Z

ZACCESS/SIREFEF arrives with new infection technique +

http://blog.trendmicro.com/zaccesssirefef-arrives-with-new-infection-technique/ +

ZeroAccess - new steps in evolution +

http://artemonsecurity.blogspot.fr/2012/06/zeroaccess-new-steps-in-evolution.html artemonsecurity.blogspot.fr +

ZeroAccess anti-debug uses debugger +

http://blog.malwarebytes.org/intelligence/2013/07/zeroaccess-anti-debug-uses-debugger/ +

ZeroAccess rootkit launched by signed installers +

http://blogs.mcafee.com/mcafee-labs/zeroaccess-rootkit-launched-by-signed-installers +

ZeroAccess's way of self-deletion +

http://www.f-secure.com/weblog/archives/00002385.html +

ZeroAccess: code injection chronicles +

http://blog.eset.com/2012/06/25/zeroaccess-code-injection-chronicles blog.eset.com +

ZeroLocker won't come to your rescue +

http://securelist.com/blog/incidents/66135/zerolocker-wont-come-to-your-rescue/ +

Zeroing in on malware propagation methods +

http://download.microsoft.com/download/0/3/3/0331766E-3FC4-44E5-B1CA-2BDEB58211B8/Microsoft Security Intelligence Report volume 11 Zeroing in on Malware Propagation Methods English.pdf +

ZeuS Gameover overview +

http://blog.mindedsecurity.com/2012/09/zeus-gameover-overview.html +

ZeuS ransomware feature: win unlock +

http://www.f-secure.com/weblog/archives/00002367.html +

ZeuS v2 Malware Analysis - Part II +

http://www.sysforensics.org/2012/04/zeus-v2-malware-analysis-part-ii.html www.sysforensics.org +

ZeuS – P2P+DGA variant – mapping out and understanding the threat +

http://www.cert.pl/news/4711/langswitch lang/en +

ZeuS-P2P monitoring and analysis +

http://www.cert.pl/PDF/2013-06-P2P-rap en.pdf +

ZeuS: me talk pretty Finnish one day +

http://www.f-secure.com/weblog/archives/00002331.html +

ZeuSbot/Spyeye P2P updated, fortifying the botnet +

http://www.symantec.com/connect/blogs/zeusbotspyeye-P2P-updated-fortifying-botnet +

Zeus variant Floki bot targets PoS data +

https://threatpost.com/zeus-variant-floki-bot-targets-pos-data/122310/ +

Zorenium bot not half the threat it claims to be +

http://www.symantec.com/connect/blogs/zorenium-bot-not-half-threat-it-claims-be +

Н

Новый сэмпл Pandora DDoS Bot +

http://onthar.in/articles/new-pandora-bot-sample/ onthar.in +

‘

‘Dexter’ virus targets point-of-sale terminals +

http://www.ottawacitizen.com/business/Dexter+virus+targets+point+sale+terminals/7702029/story.html www.ottawacitizen.com +

‘Project Blitzkrieg’ promises more aggressive cyberheists against U.S. banks +

http://krebsonsecurity.com/2012/10/project-blitzkrieg-promises-more-aggressive-cyberheists-against-u-s-banks/ +

“

“Nemanja” botnet identified by IntelCrawler – Over a thousand point-of-sales, grocery management and accounting systems are compromised all over the world +

http://intelcrawler.com/news-18 intelcrawler.com +

Retrieved from "https://www.botnets.fr/index.php?title=Property:Link&oldid=26"