Property:Link
From Botnets.fr
Jump to navigation
Jump to search
This is a property of type
URL
.
Usage
807
previous 500
20
50
100
250
500
next 500
Filter
<p>The <a target="_blank" rel="nofollow noreferrer noopener" class="external text" href="https://www.semantic-mediawiki.org/wiki/Help:Property_page/Filter">search filter</a> allows the inclusion of <a target="_blank" rel="nofollow noreferrer noopener" class="external text" href="https://www.semantic-mediawiki.org/wiki/Help:Query_expressions">query expressions</a> such as <code>~</code> or <code>!</code>. The selected <a target="_blank" rel="nofollow noreferrer noopener" class="external text" href="https://www.semantic-mediawiki.org/wiki/Query_engine">query engine</a> might also support case insensitive matching or other short expressions like:</p><ul><li><code>in:</code> result should include the term, e.g. '<code>in:Foo</code>'</li></ul><ul><li><code>not:</code> result should to not include the term, e.g. '<code>not:Bar</code>'</li></ul>
Showing 307 pages using this property.
P
PlugX: new tool for a not so new campaign
+
http://blog.trendmicro.com/plugx-new-tool-for-a-not-so-new-campaign/
+
PlugX: some uncovered points
+
http://blog.cassidiancybersecurity.com/2014/01/plugx-some-uncovered-points.html
+
PoS RAM scraper malware; past, present and future
+
http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-pos-ram-scraper-malware.pdf
+
Poison Ivy 2.3.0 Documentation
+
http://www.poisonivy-rat.com/dl.php?file=230docs
+
Poison Ivy: assessing damage and extracting intelligence
+
https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-poison-ivy.pdf
+
PoisonIvy adapts to communicate through authentication proxies
+
http://blog.jpcert.or.jp/2015/07/poisonivy-adapts-to-communicate-through-authentication-proxies.html
+
Poisoned search results: How hackers have automated search engine poisoning attacks to distribute malware
+
https://www.sophos.com/medialibrary/PDFs/technical papers/sophosseoinsights.pdf
+
PokerAgent botnet stealing over 16,000 Facebook credentials
+
http://blog.eset.com/2013/01/29/pokeragent-stealing-over-16000-facebook-credentials blog.eset.com
+
Police Trojan crosses the Atlantic, now targets USA and Canada
+
http://blog.trendmicro.com/police-trojan-crosses-the-atlantic-now-targets-usa-and-canada/
+
Ponmocup analysis
+
http://security-research.dyndns.org/pub/botnet/ponmocup/ponmocup-analysis 2012-02-18.html
+
Post-mortem of a zombie: Conficker cleanup after six years
+
https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-asghari.pdf
+
Pramro and Sality - two PEs in a pod
+
http://blogs.technet.com/b/mmpc/archive/2012/02/21/pramro-and-sality-two-pes-in-a-pod.aspx
+
Proactive detection of network security incidents
+
http://www.enisa.europa.eu/activities/cert/support/proactive-detection/proactive-detection-report/at download/fullReport www.enisa.europa.eu (pdf)
+
Proactive detection of security incidents II - Honeypots
+
http://www.enisa.europa.eu/activities/cert/support/proactive-detection-of-security-incidents-II-honeypots www.enisa.europa.eu
+
Proactive policy measures by Internet service providers against Botnets
+
http://dx.doi.org/10.1787/5k98tq42t18w-en dx.doi.org
+
Probing the Gozi-Prinimalka campaign
+
http://blog.trendmicro.com/trendlabs-security-intelligence/probing-the-gozi-prinimalka-malware/
+
Proofpoint
+
http://www.proofpoint.com
+
Pushdo botnet gets DGA update, over 6,000 machines host new variant
+
http://www.scmagazine.com/pushdo-botnet-gets-dga-update-over-6000-machines-host-new-variant/article/361253/
+
Q
Qadars: un nouveau malware bancaire avec un composant mobile
+
http://www.lexsi-leblog.fr/cert/qadars-nouveau-malware-bancaire-composant-mobile.html
+
Quervar – Induc.C reincarnate
+
http://blog.eset.com/2012/08/21/quervar-induc-c-reincarnate blog.eset.com
+
QuickPost: Flame & Volatility
+
http://mnin.blogspot.fr/2012/06/quickpost-flame-volatility.html mnin.blogspot.com
+
R
REVETON Ransomware Spreads with Old Tactics, New Infection Method
+
http://blog.trendmicro.com/trendlabs-security-intelligence/reveton-ransomware-spreads-with-old-tactics-new-infection-method/
+
REvil ransomware gang's web sites mysteriously shut down
+
https://www.bleepingcomputer.com/news/security/revil-ransomware-gangs-web-sites-mysteriously-shut-down/
+
RIG exploit kit strikes oil
+
https://blogs.cisco.com/security/rig-exploit-kit-strikes-oil. blogs.cisco.com
+
Ramnit goes social
+
http://blog.seculert.com/2012/01/ramnit-goes-social.html
+
Ransom.II - UGC payment for USA - Windows Genuine impersonation for DE
+
http://malware.dontneedcoffee.com/2012/08/ransomii-ugc-payment-for-usa-windows.html
+
Ransomware : Smile you're on camera - Reveton.C new landing pages
+
http://malware.dontneedcoffee.com/2012/06/ransomware-smile-youre-on-camera.html
+
Ransomware : la sulfureuse hypothèse sur la situation chez Norsk Hydro
+
https://www.zdnet.fr/actualites/ransomware-la-sulfureuse-hypothese-sur-la-situation-chez-norsk-hydro-39882453.htm
+
Ransomware Casier - Sharing Design with Lyposit - Gaelic & Persian (
+
http://malware.dontneedcoffee.com/2012/09/ransom-casier-sharing-design-with.html
+
Ransomware Fake Microsoft Security Essentials
+
http://www.malekal.com/2012/08/20/ransomware-fake-microsoft-security-essentials/
+
Ransomware and Silence Locker control panel
+
http://www.symantec.com/connect/blogs/ransomware-and-silence-locker-control-panel
+
Ransomware crimeware kits
+
http://www.symantec.com/connect/blogs/ransomware-crimeware-kits
+
Ransomware gets professional, targeting Switzerland, Germany and Austria
+
http://www.abuse.ch/?p=3718
+
Ransomware or Wiper? LockerGoga Straddles the Line
+
https://blog.talosintelligence.com/2019/03/lockergoga.html
+
Ransomware report: the rise of BandarChor
+
https://www.f-secure.com/weblog/archives/00002795.html
+
Ransomware « Trojan.Casier » Panel
+
http://www.malekal.com/2012/09/18/ransomware-trojan-casier-panel/ www.malekal.com
+
Ransomware ‘Holds Up’ victims
+
http://blogs.mcafee.com/mcafee-labs/ransomware-holds-up-victims
+
Ransomware: playing on your fears
+
http://blogs.technet.com/b/mmpc/archive/2012/03/16/ransomware-playing-on-your-fears.aspx blog.technet.com
+
Redkit - one account = one color
+
http://malware.dontneedcoffee.com/2012/06/redkit-one-account-one-color.html
+
Redkit : No more money ! Traffic US, CA, GB, AU
+
http://malware.dontneedcoffee.com/2012/09/redkitnomoremoney.html
+
Relentless Zbot and anti-emulations
+
http://www.symantec.com/connect/blogs/relentless-zbot-and-anti-emulations
+
Research Win32/Slenfbot
+
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Win32/Slenfbot
+
Researchers: Bredolab still lurking, though severely injured
+
http://www.thetechherald.com/articles/Researchers-Bredolab-still-lurking-though-severely-injured-(Update-3)/11757/
+
Reversing Andromeda-Gamarue botnet
+
http://www.garage4hackers.com/content/154-reversing-andromeda-gamarue-botnet.html
+
Reversing malware loaders - The Matsnu-A Case
+
http://anti-reversing.com/Downloads/Sec Research/Reversing Malware Loaders - The Matsnu-A Case.pdf anti-reversing.com (PDF)
+
Reversing the wrath of Khan
+
http://ddos.arbornetworks.com/uploads/2012/03/Wrath-of-Khan1.pdf
+
Reveton += HU, LV, SK, SI, TR (!), RO - So spreading accross Europe with 6 new Design
+
http://malware.dontneedcoffee.com/2012/10/reveton-hu-lv-sk-sl-tr-ro-so-spreading.html
+
Reveton Autumn Collection += AU,CZ, IE, NO & 17 new design
+
http://malware.dontneedcoffee.com/2012/10/reveton-autumn-collection-aucz-ie-no-14.html
+
Reveton can speak now !
+
http://malware.dontneedcoffee.com/2012/11/reveton-speaking.html
+
Reveton.A
+
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/Reveton.A#summary link
+
Richard Clarke on who was behind the Stuxnet attack
+
http://www.smithsonianmag.com/history-archaeology/Richard-Clarke-on-Who-Was-Behind-the-Stuxnet-Attack.html www.smithsonianmag.com
+
Rmnet.12 created a million Windows computer botnet
+
http://news.drweb.com/show/?i=2374&lng=en&c=9 news.drweb.com
+
RootSmart Android malware
+
http://resources.infosecinstitute.com/rootsmart-android-malware/
+
RootSmart malware utilizes GingerBreak root exploit
+
http://www.csc.ncsu.edu/faculty/jiang/RootSmart/
+
Rovnix Reloaded: new step of evolution
+
http://blog.eset.com/2012/02/22/rovnix-reloaded-new-step-of-evolution blog.eset.com
+
Rovnix bootkit framework updated
+
http://blog.eset.com/2012/07/13/rovnix-bootkit-framework-updated
+
Rovnix.D: the code injection story
+
http://blog.eset.com/2012/07/27/rovnix-d-the-code-injection-story blog.eset.com
+
Russian service online to check the detection of malware
+
http://malwareint.blogspot.fr/2009/11/russian-service-online-to-check.html
+
Réflexions pour un plan d'action contre les botnets
+
http://www.sstic.org/2010/presentation/Reflexions pour un plan d action contre les botnets/
+
S
SANS Institute
+
http://www.sans.org
+
SC Magazine
+
https://www.scmagazine.com
+
SDBot IRC botnet continues to make waves
+
http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp sdbot irc botnet continues to make waves pub.pdf
+
SGNET: a worldwide deployable framework to support the analysis of malware threat models
+
http://www.eurecom.fr/fr/publication/2445 www.eurecom.fr
+
SIM-ple: mobile handsets are weak link in latest online banking fraud scheme
+
http://www.trusteer.com/blog/sim-ple-mobile-handsets-are-weak-link-latest-online-banking-fraud-scheme
+
SIRv12
+
http://go.microsoft.com/?linkid=9807245 (PDF)
+
SIRv12: the obstinacy of Conficker
+
http://blogs.technet.com/b/mmpc/archive/2012/04/25/the-tenacity-of-conficker.aspx
+
SKyWIper: A complex malware for targeted attacks
+
http://www.crysys.hu/skywiper/skywiper.pdf www.crysys.hu
+
SPL exploit kit – now with CVE-2013-0422
+
http://ondailybasis.com/blog/2013/01/14/spl-exploit-kit-now-with-cve-2013-0422/
+
SamSam Ransomware Evolves Its Tactics Towards Targeting Whole Companies
+
https://threatpost.com/samsam-ransomware-evolves-its-tactics-towards-targeting-whole-companies/131519/
+
SamSam ransomware designed to inundate targeted networks with thousands of copies of itself
+
https://www.scmagazine.com/samsam-ransomware-designed-to-inundate-targeted-networks-with-thousands-of-copies-of-itself/article/762178/
+
Saudi Aramco hit by computer virus
+
http://www.guardian.co.uk/technology/2012/aug/16/saudi-aramco-computer-virus-hacking-claims www.guardian.co.uk
+
Say hello to Tinba: world’s smallest trojan-banker
+
http://www.csis.dk/en/csis/news/3566/
+
Scareware locks down computer due to child porn and terrorism
+
http://www.abuse.ch/?p=3610 abuse.ch
+
Secrets of the Comfoo masters
+
http://www.secureworks.com/cyber-threat-intelligence/threats/secrets-of-the-comfoo-masters/
+
Security Intelligence
+
https://securityintelligence.com/
+
Security Response Android.Counterclank
+
http://www.symantec.com/security response/writeup.jsp?docid=2012-012709-4046-99
+
Security alert: SpamSoldier
+
https://blog.lookout.com/blog/2012/12/17/security-alert-spamsoldier/ blog.lookout.com
+
Security alert: new Android malware - TigerBot - identified in alternative markets
+
http://research.nq.com/?p=402 research.nq.com
+
Security alert: new TGLoader Android malware utilizes the exploid root exploit
+
http://www.csc.ncsu.edu/faculty/jiang/TGLoader/
+
Security alert: new variants of Legacy Native (LeNa) identified
+
http://blog.mylookout.com/blog/2012/04/03/security-alert-new-variants-of-legacy-native-lena-identified/ blog.mylookout.com
+
Security experts detected new Twitter-controlled botnet
+
http://www.spamfighter.com/News-15132-Security-Experts-Detected-New-Twitter-Controlled-Botnet.htm
+
Shamoon the Wiper in details
+
https://www.securelist.com/en/blog/208193795/Shamoon the Wiper in details
+
Shamoon the Wiper: further details (Part II)
+
http://www.securelist.com/en/blog/208193834/Shamoon The Wiper further details Part II
+
Shamoon the wiper - copycats at work
+
https://www.securelist.com/en/blog?weblogid=208193786
+
Shedding light on the NeoSploit Exploit Kit
+
http://labs.m86security.com/2011/01/shedding-light-on-the-neosploit-exploit-kit/
+
Shylock financial malware back 'with a vengeance'
+
http://www.csoonline.com/article/700368/shylock-financial-malware-back-with-a-vengeance-
+
Sinowal analysis (Windows 7, 32-bit)
+
http://www.evild3ad.com/?p=1556 www.evild3ad.com
+
Sinowal: MBR rootkit never dies! (and it always brings some new clever features)
+
http://www.itsec.it/2012/06/06/sinowal-mbr-rootkit-never-dies-and-it-always-brings-some-new-clever-features/
+
Sinowal: the evolution of MBR rootkit continues
+
http://www.aall86.altervista.org/files/Sinowal new Analysis.pdf www.aall86.altervista.org
+
Skunkx DDoS bot analysis
+
https://asert.arbornetworks.com/skunkx-ddos-bot-analysis/
+
Skynet, a Tor-powered botnet straight from Reddit
+
https://community.rapid7.com/community/infosec/blog/2012/12/06/skynet-a-tor-powered-botnet-straight-from-reddit
+
Smartcard vulnerabilities in modern banking malware
+
http://blog.eset.com/2012/06/05/smartcard-vulnerabilities-in-modern-banking-malware
+
Social networks – A bonanza for cybercriminals
+
https://securelist.com/blog/incidents/73204/social-networks-a-bonanza-for-cybercriminals/
+
Sony PlayStation's site SQL injected, redirecting to rogue security software
+
http://www.zdnet.com/blog/security/sony-playstations-site-sql-injected-redirecting-to-rogue-security-software/1394 www.zdnet.com
+
Sony/Destover: mystery North Korean actor’s destructive and past network activity
+
https://securelist.com/blog/research/67985/destover/
+
Sopelka Botnet: three banking trojans and one banking panel
+
http://securityblog.s21sec.com/2012/10/sopelka-botnet-three-banking-trojans.html
+
Source Code for IoT Botnet ‘Mirai’ Released
+
http://krebsonsecurity.com/2016/10/source-code-for-iot-botnet-mirai-released/
+
Spam botnets: The fall of Grum and the rise of Festi
+
http://www.spamhaus.org/news/article/685/
+
Spambot evolution 2011
+
http://www.secureworks.com/cyber-threat-intelligence/threats/spambot-evolution/
+
Spread of Darkness...Details on the public release of the Darkness DDoS bot
+
http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20110123
+
SpyEye being kicked to the curb by its customers?
+
http://blog.damballa.com/?p=1494 blog.damballa.com
+
Stamp EK (aka SofosFO) now showing "Blackhole 2.0 Like" landing pages
+
http://malware.dontneedcoffee.com/2012/10/neosploit-now-showing-bh-ek-20-like.html
+
Static analysis of Dalvik bytecode and reflection in Android
+
http://projekter.aau.dk/projekter/en/studentthesis/static-analysis-of-dalvik-bytecode-and-reflection-in-android(4dd9e717-c5d2-4603-a2d7-0f043fe9ea1f).html projecter.aau.dk
+
Stealing money from ATMs with malware
+
https://events.ccc.de/congress/2013/Fahrplan/events/5476.html
+
Stealthy peer-to-peer C&C over SMB pipes
+
http://blog.cobaltstrike.com/2013/12/06/stealthy-peer-to-peer-cc-over-smb-pipes/ blog.cobaltstrike.com
+
Stealthy router-based botnet worm squirming
+
http://www.zdnet.com/blog/security/stealthy-router-based-botnet-worm-squirming/2972
+
Step-by-step reverse engineering malware: ZeroAccess / Max++ / Smiscer crimeware rootkit
+
http://resources.infosecinstitute.com/step-by-step-tutorial-on-reverse-engineering-malware-the-zeroaccessmaxsmiscer-crimeware-rootkit/ resources.infosecinstitute.com
+
Stolen passwords allowed hackers to steal over one billion rubles
+
https://www.duosecurity.com/blog/stolen-passwords-allowed-hackers-to-steal-over-one-billion-rubles
+
Study of malware obfuscation techniques
+
http://zerosecurity.org/media/study-of-malware-obfuscation-techniques/ zerosecurity.org
+
Symantec
+
http://www.symantec.com/
+
Symantec/Android.Ackposts
+
http://www.symantec.com/security response/writeup.jsp?docid=2012-072302-3943-99
+
Symantec/Android.Maistealer
+
http://www.symantec.com/security response/writeup.jsp?docid=2012-072411-4350-99
+
Symantec/Backdoor.Arcomrat
+
http://www.symantec.com/security response/writeup.jsp?docid=2012-112912-5237-99
+
Symantec/W32.Zorenium
+
http://www.symantec.com/security response/writeup.jsp?docid=2014-061611-1223-99
+
T
TDI - a new element in old TDSS story
+
http://artemonsecurity.blogspot.fr/2012/10/tdi-new-element-in-old-tdss-story.html artemonsecurity.blogspot.fr
+
TDL3 : The rootkit of all evil
+
http://go.eset.com/us/resources/white-papers/TDL3-Analysis.pdf
+
TDL3 : Why so serious
+
http://virusvn.com/download/video-tutorial/tdl3 analysis paper.pdf
+
TDL4 - Top Bot
+
http://www.securelist.com/en/analysis/204792180/TDL4 Top Bot
+
TDL4 reloaded: Purple Haze all in my brain
+
http://blog.eset.com/2012/02/02/tdl4-reloaded-purple-haze-all-in-my-brain blog.eset.com
+
TDSS botnet: full disclosure
+
http://nobunkum.ru/analytics/en-tdss-botnet nobunkum.ru
+
TR-24 analysis - Destory RAT family
+
http://www.circl.lu/pub/tr-24/
+
Takeover of Virut domains
+
http://www.cert.pl/news/6744/langswitch lang/en
+
Taking down botnets: Microsoft and the Rustock botnet
+
http://blogs.technet.com/b/microsoft blog/archive/2011/03/18/taking-down-botnets-microsoft-and-the-rustock-botnet.aspx
+
Tales from Crisis, Chapter 1: The dropper’s box of tricks
+
http://reverse.put.as/2012/08/06/tales-from-crisis-chapter-1-the-droppers-box-of-tricks/ reverse.put.as
+
Tales from Crisis, Chapter 2: Backdoor’s first steps
+
http://reverse.put.as/2012/08/20/tales-from-crisis-chapter-2-backdoors-first-steps/ reverse.put.as
+
Tales from Crisis, Chapter 3: The Italian rootkit job
+
http://reverse.put.as/2012/08/21/tales-from-crisis-chapter-3-the-italian-rootkit-job/ reverse.put.as
+
Tales from Crisis, Chapter 4: a ghost in the network
+
http://reverse.put.as/2012/08/26/tales-from-crisis-chapter-4-a-ghost-in-the-network/ reverse.put.as
+
Targeted attacks and Ukraine
+
http://www.f-secure.com/weblog/archives/00002688.html
+
Targeted destructive malware explained: Troj/Mdrop-ELD
+
http://nakedsecurity.sophos.com/2012/08/17/targeted-destructive-malware-explained-trojmdrop-eld/
+
Targeted information stealing attacks in South Asia use email, signed binaries
+
http://www.welivesecurity.com/2013/05/16/targeted-threat-pakistan-india/
+
Tatanga attack exposes chipTAN weaknesses
+
http://www.trusteer.com/blog/tatanga-attack-exposes-chiptan-weaknesses
+
Tatanga: a new banking trojan with MitB functions
+
http://securityblog.s21sec.com/2011/02/tatanga-new-banking-trojan-with-mitb.html
+
Tequila botnet leads to phishing attack
+
http://www.trendmicro.com/vinfo/us/threat-encyclopedia/web-attack/48/tequila-botnet-leads-to-phishing-attack
+
The "Red October" campaign - An advanced cyber espionage network targeting diplomatic and government agencies
+
http://www.securelist.com/en/blog/785/The Red October Campaign An Advanced Cyber Espionage Network Targeting Diplomatic and Government Agencies
+
The 'Penquin' Turla
+
http://securelist.com/blog/research/67962/the-penquin-turla-2/
+
The ACCDFISA malware family – Ransomware targeting Windows servers
+
http://blog.emsisoft.com/2012/04/11/the-accdfisa-malware-family-ransomware-targetting-windows-servers/
+
The ACCDFISA malware family – Ransomware targetting Windows servers
+
http://blog.emsisoft.com/2012/04/11/the-accdfisa-malware-family-ransomware-targetting-windows-servers/ blog.emsisoft.com
+
The Andromeda/Gamarue botnet is on the rise again
+
https://blog.gdatasoftware.com/blog/article/the-andromedagamarue-botnet-is-on-the-rise-again.html
+
The Coreflood report
+
http://www.secureworks.com/research/threats/coreflood-report/
+
The Cridex trojan targets 137 financial organizations in one go
+
http://labs.m86security.com/2012/03/the-cridex-trojan-targets-137-financial-organizations-in-one-go/
+
The DGA of Symmi
+
http://www.johannesbader.ch/2015/01/the-dga-of-symmi/
+
The Dark Alleys of Madison Avenue: Understanding Malicious Advertisements
+
http://cs.ucsb.edu/~kapravel/publications/imc14 zarras.pdf
+
The Dorkbot rises
+
http://blog.trendmicro.com/trendlabs-security-intelligence/the-dorkbot-rises
+
The Elderwood project (infographic)
+
http://www.symantec.com/connect/blogs/elderwood-project-infographic
+
The Epic Turla operation
+
https://securelist.com/analysis/publications/65545/the-epic-turla-operation/
+
The Flame: questions and answers
+
http://www.securelist.com/en/blog/208193522/The Flame Questions and Answers
+
The IMDDOS botnet: discovery and analysis
+
https://www.damballa.com/downloads/r pubs/Damballa Report IMDDOS.pdf
+
The Madi campaign - Part II
+
http://www.securelist.com/en/blog/208193691/The Madi Campaign Part II
+
The Miner botnet: Bitcoin mining goes peer-to-peer
+
https://securelist.com/blog/incidents/30863/the-miner-botnet-bitcoin-mining-goes-peer-to-peer-33/
+
The MiniDuke mystery: PDF 0-day government spy assembler 0x29A micro backdoor
+
http://www.securelist.com/en/blog/208194129/The MiniDuke Mystery PDF 0 day Government Spy Assembler 0x29A Micro Backdoor
+
The Mirage campaign
+
http://www.secureworks.com/cyber-threat-intelligence/threats/the-mirage-campaign/
+
The Pobelka botnet - a command and control case study
+
http://check.botnet.nu/technical.html check.botnet.net
+
The Sality botnet
+
http://www.symantec.com/connect/blogs/sality-botnet
+
The Target breach by the numbers
+
http://krebsonsecurity.com/2014/05/the-target-breach-by-the-numbers/
+
The ZeroAccess botnet revealed
+
http://resources.infosecinstitute.com/the-zeroaccess-botnet-revealed/ resources.infosecinstitute.com
+
The ZeroAccess botnet: mining and fraud for massive financial gain
+
http://www.sophos.com/en-us/why-sophos/our-people/technical-papers/zeroaccess-botnet.aspx www.sophos.com
+
The ZeroAccess rootkit
+
http://www.sophos.com/en-us/why-sophos/our-people/technical-papers/zeroaccess.aspx www.sophos.com
+
The anatomy of a botnet
+
http://www.arbornetworks.com/index.php?option=com docman&task=doc download&gid=494&Itemid=615 www.arbornetworks.com
+
The case for in-the-lab botnet experimentation: creating and taking down a 3000-node botnet
+
http://www.acsac.org/2010/openconf/modules/request.php?module=oc program&action=summary.php&id=221 www.acsac.org
+
The case of TDL3
+
http://www.f-secure.com/weblog/archives/The Case of TDL3.pdf
+
The evolution of TDL: conquering x64
+
http://www.eset.com/us/resources/white-papers/The Evolution of TDL.pdf
+
The evolution of webinjects
+
https://www.virusbtn.com/pdf/conference/vb2014/VB2014-Boutin.pdf
+
The first trojan in history to steal Linux and Mac OS X passwords
+
http://news.drweb.com/show/?i=2679&lng=en&c=14 news.drweb.com
+
The good , the bad and the unknown online scanners
+
https://isc.sans.edu/forums/diary/The+Good+the+Bad+and+the+Unknown+Online+Scanners/10366/
+
The graphic design of "Maktub Locker" ransomware
+
https://labsblog.f-secure.com/2016/03/21/the-graphic-design-of-maktub-locker-ransomware/
+
The growing threat to business banking online
+
http://voices.washingtonpost.com/securityfix/2009/07/the pitfalls of business banki.html voices.washingtonpost.com
+
The life cycle of web server botnet recruitment
+
http://blog.spiderlabs.com/2013/03/the-life-cycle-of-web-server-botnet-recruitment.html blog.spiderlabs.com
+
The lifecycle of peer-to-peer (Gameover) ZeuS
+
http://www.secureworks.com/cyber-threat-intelligence/threats/The Lifecycle of Peer to Peer Gameover ZeuS/
+
The most sophisticated Android trojan
+
http://www.securelist.com/en/blog/8106/The most sophisticated Android Trojan
+
The mystery of Duqu framework solved
+
http://www.securelist.com/en/blog/677/The mystery of Duqu Framework solved
+
The mystery of Duqu: part five
+
http://www.securelist.com/en/blog/606/The Mystery of Duqu Part Five
+
The mystery of Duqu: part one
+
http://www.securelist.com/en/blog/208193182/The Mystery of Duqu Part One
+
The mystery of Duqu: part six (the command and control servers)
+
http://www.securelist.com/en/blog/625/The Mystery of Duqu Part Six The Command and Control servers
+
The mystery of Duqu: part ten
+
http://www.securelist.com/en/blog/208193425/The mystery of Duqu Part Ten
+
The mystery of Duqu: part three
+
http://www.securelist.com/en/blog/208193206/The Mystery of Duqu Part Three
+
The mystery of Duqu: part two
+
http://www.securelist.com/en/blog/208193197/The Mystery of Duqu Part Two
+
The mystery of the Duqu framework
+
http://www.securelist.com/en/blog/667/The Mystery of the Duqu Framework
+
The real face of Koobface: the largest web 2.0 botnet explained
+
http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp the-real-face-of-koobface.pdf www.trendmicro.com
+
The resurrection of RedKit
+
http://www.kahusecurity.com/2014/the-resurrection-of-redkit/
+
The rise of TOR-based botnets
+
http://www.welivesecurity.com/2013/07/24/the-rise-of-tor-based-botnets/
+
The tigger trojan: icky, sticky stuff
+
http://voices.washingtonpost.com/securityfix/2009/02/the t-i-double-guh-r trojan ic.html voices.washingtonpost.com
+
The underground economy of spam: a botmaster's perspective of coordinating large-scale spam campaigns
+
http://iseclab.org/papers/cutwail-LEET11.pdf
+
The where and why of Hlux
+
http://www.securelist.com/en/blog/663/The where and why of HLUX
+
The world's biggest botnets
+
http://www.darkreading.com/the-worlds-biggest-botnets-/d/d-id/1129117
+
The ‘Madi’ infostealers - a detailed analysis
+
http://www.securelist.com/en/analysis/204792237/The Madi infostealers a detailed analysis
+
The ‘advertising’ botnet
+
https://www.securelist.com/en/analysis/204792172/The Advertising Botnet
+
The “Hikit” rootkit: advanced and persistent attack techniques (part 1)
+
https://blog.mandiant.com/archives/3155 blog.mandiant.com
+
The “Hikit” rootkit: advanced and persistent attack techniques (part 2)
+
https://blog.mandiant.com/archives/3189 blog.mandiant.com
+
Threat spotlight: Angler lurking in the domain shadows
+
http://blogs.cisco.com/security/talos/angler-domain-shadowing
+
Threatpost
+
https://threatpost.com/
+
Three month FrameworkPOS malware campaign nabs ~43,000 credit cards from point of sale systems
+
https://blog.anomali.com/three-month-frameworkpos-malware-campaign-nabs-43000-credits-cards-from-poi
+
Tilon-son of Silon
+
http://www.trusteer.com/blog/tilon-son-of-silon
+
Tilon/SpyEye2 intelligence report
+
https://foxitsecurity.files.wordpress.com/2014/02/spyeye2 tilon 20140225.pdf
+
TinyNuke may be a ticking time bomb
+
https://securingtomorrow.mcafee.com/business/tinynuke-may-ticking-time-bomb/
+
Tis the season for shipping and phishing
+
https://securelist.com/blog/phishing/73174/tis-the-season-for-shipping-and-phishing/
+
Top 50 bad hosts & networks 2011 Q4
+
http://hostexploit.com/downloads/viewdownload/7/35.html hostexploit.com
+
Top spam botnets exposed
+
http://www.secureworks.com/cyber-threat-intelligence/threats/topbotnets/
+
Torpig - Back to the future or how the most sophisticated trojan in 2008 reinvents itself
+
http://www.tidos-group.com/blog/?p=362 tidos-group.com (Trustdefender)
+
TorrentLocker ransomware uses email authentication to refine spam runs
+
http://blog.trendmicro.com/trendlabs-security-intelligence/torrentlocker-ransomware-uses-email-authentication-to-refine-spam-runs/
+
Tracking down the author of the PlugX RAT
+
http://labs.alienvault.com/labs/index.php/2012/tracking-down-the-author-of-the-plugx-rat/ labs.alienvault.com
+
Traffic direction systems as malware distribution tools
+
http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/reports/rpt malware-distribution-tools.pdf
+
Travnet botnet steals huge amount of sensitive data
+
http://blogs.mcafee.com/mcafee-labs/travnet-botnet-steals-huge-amount-of-sensitive-data
+
Travnet trojan could be part of APT campaign
+
http://blogs.mcafee.com/mcafee-labs/travnet-trojan-could-be-part-of-apt-campaign
+
TreasureHunt: a custom POS malware tool
+
https://www.fireeye.com/blog/threat-research/2016/03/treasurehunt a cust.html
+
Trend Micro discovers MalumPoS; malware targeting hotels and other US industries
+
http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-malumpos-targets-hotels-and-other-us-industries/
+
TrendLabs Security Intelligence Blog
+
http://blog.trendmicro.com/trendlabs-security-intelligence
+
Trojan ChePro, the CPL storm
+
https://securelist.com/blog/incidents/58203/trojan-chepro-the-cpl-storm/
+
Trojan Nap aka Kelihos/Hlux - Feb. 2013 status update
+
http://www.deependresearch.org/2013/02/trojan-nap-aka-kelihoshlux-feb-2013.html
+
Trojan downloaders on the rise: don’t let Locky or TeslaCrypt ruin your day
+
http://www.welivesecurity.com/2016/03/18/trojan-downloaders-rise-dont-let-locky-teslacrypt-ruin-day/
+
Trojan horse using sender policy framework
+
http://www.symantec.com/connect/blogs/trojan-horse-using-sender-policy-framework
+
Trojan moves its configuration to Twitter, LinkedIn, MSDN and Baidu
+
http://blogs.norman.com/2012/security-research/trojan-moves-its-configuration-to-twitter-linkedin-msdn-and-baidu blogs.norman.com
+
Trojan on the loose: an in-depth analysis of police trojan
+
http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp police trojan.pdf
+
Trojan.Prinimalka: bits and pieces
+
http://ddos.arbornetworks.com/2012/10/trojan-prinimalka-bits-and-pieces/
+
Trojan.Ransomgerpo criminal arrested
+
http://www.symantec.com/connect/blogs/trojanransomgerpo-criminal-arrested
+
Trojan.Taidoor takes aim at policy think tanks
+
http://www.symantec.com/content/en/us/enterprise/media/security response/whitepapers/trojan taidoor-targeting think tanks.pdf symantec.com (PDF)
+
Trojan.Tatanarg.B careful!
+
http://www.symantec.com/connect/blogs/trojantatanargb-careful
+
Trojan.Whitewell: what’s your (bot) Facebook status today?
+
http://www.symantec.com/connect/blogs/trojanwhitewell-what-s-your-bot-facebook-status-today
+
Trojan.ZeroAccess infection analysis
+
http://www.symantec.com/content/en/us/enterprise/media/security response/whitepapers/trojan zeroaccess infection analysis.pdf
+
Trusteer warns of new two headed trojan attack against online banks
+
http://www.trusteer.com/news/press-release/trusteer-warns-of-new-two-headed-trojan-attack-against-online-banks
+
Trustwave
+
https://www.trustwave.com/
+
Twitter + Pastebin = malware update
+
http://www.symantec.com/connect/blogs/twitter-pastebin-malware-update
+
U
Un WOMBAT pour évaluer la cybercriminalité
+
https://www.sstic.org/2009/presentation/Le point de vue d un WOMBAT sur les attaques Internet/
+
Under the hood of Carberp: Malware & configuration analysis
+
http://www.trusteer.com/sites/default/files/Carberp Analysis.pdf
+
Under the hood of the cyber attack on U.S. banks
+
http://www.incapsula.com/the-incapsula-blog/item/603-cyber-attack-us-banks www.incapsula.com
+
Unexpected reboot: Necurs
+
http://blogs.technet.com/b/mmpc/archive/2012/12/06/unexpected-reboot-necurs.aspx
+
Unveiling an Indian cyberattack infrastructure - a special report
+
http://enterprise.norman.com/resource center/unveiling an indian cyberattack infrastructure-a special report entreprise.norman.com
+
Unveiling the network criminal infrastructure of TDSS/TDL4 - DGAv14: a case study on a new TDSS/TDL4 variant
+
https://www.damballa.com/downloads/r pubs/Damballa tdss tdl4 case study public.pdf
+
Upas Kit (aka Rombrast) integrates webinjects
+
http://malware.dontneedcoffee.com/2012/11/upas-kit-aka-rombrast-integrates.html
+
Upatre, Dyre used in Univ. of Florida attack
+
http://www.scmagazine.com/multi-malware-multistage-attack-infects-uf-users-computers/article/395279/
+
Update to Citadel : 1.3.5.1 Rain Edition.
+
http://malware.dontneedcoffee.com/2012/10/citadelupdate1.3.5.1.html
+
Update to Citadel : v.1.3.4.5
+
http://malware.dontneedcoffee.com/2012/06/update-to-citadel-v1345.html
+
Updated Sundown Exploit Kit Uses Steganography
+
http://blog.trendmicro.com/trendlabs-security-intelligence/updated-sundown-exploit-kit-uses-steganography/
+
Urausy has big plan for Europe - Targeting 3 new countries among which Norway !
+
http://malware.dontneedcoffee.com/2012/09/urausy-is-invading-europe-targeting-3.html
+
Urausy improving its localization - A (the\?) Gaelic Ransomware with Interpol impersonation as default landing
+
http://malware.dontneedcoffee.com/2012/09/UrausyGaelicInterpol.html
+
Urausy ransomware - July 2013 design refresh - "Summer 2013 collection"
+
http://malware.dontneedcoffee.com/2013/07/urausy-ransomware-july-2013-design.html
+
Urausy: Colorfull design refresh (+HR) & EC3 Logo
+
http://malware.dontneedcoffee.com/2013/02/urausy-colorfull-designrefresh.html
+
Uroburos: the snake rootkit
+
http://artemonsecurity.com/uroburos.pdf artemonsecurity.com
+
Using libemu to create malware flow graph
+
http://lists.foss.org.my/pipermail/general/attachments/20100426/3c4480ff/attachment-0001.pdf
+
V
VOlk-botnet takes over Latin America
+
http://news.softpedia.com/news/VOlk-Botnet-Takes-Over-Latin-America-227254.shtml
+
Vawtrak gains momentum and expands targets
+
http://blog.phishlabs.com/vawtrak-gains-momentum-and-expands-targets
+
Versatile and infectious: Win64/Expiro is a cross-platform file infector
+
http://www.welivesecurity.com/2013/07/30/versatile-and-infectious-win64expiro-is-a-cross-platform-file-infector/
+
VinSelf - A new backdoor in town
+
http://blog.fireeye.com/research/2010/11/winself-a-new-backdoor-in-town.html
+
ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar
+
https://blog.lookout.com/blog/2017/02/16/viperrat-mobile-apt/
+
Virus Gendarmerie : variante Office Centrale de Luttre contre la criminalité – controle informationnel
+
http://www.malekal.com/2012/09/03/virus-gendarmerie-variante-office-centrale-de-luttre-contre-la-criminalite-controle-informationnel/
+
Virus scanners for virus authors
+
http://www.krebsonsecurity.com/2009/12/virus-scanners-for-virus-authors/
+
Virus scanners for virus authors, part II
+
http://krebsonsecurity.com/2010/04/virus-scanners-for-virus-authors-part-ii/
+
Virut malware fuels Waledac botnet resurgence
+
http://www.scmagazine.com/virut-malware-fuels-waledac-botnet-resurgence/article/276183/
+
W
W32.Changeup: how the worm was created
+
http://www.symantec.com/content/en/us/enterprise/media/security response/whitepapers/w32 changeup how the worm was created.pdf
+
W32.Duqu, the precursor to the next Stuxnet
+
http://www.symantec.com/content/en/us/enterprise/media/security response/whitepapers/w32 duqu the precursor to the next stuxnet.pdf
+
W32.Flamer: spreading mechanism tricks and exploits
+
http://www.symantec.com/connect/ko/blogs/w32flamer-spreading-mechanism-tricks-and-exploits
+
W32.Qakbot in detail
+
http://www.symantec.com/content/en/us/enterprise/media/security response/whitepapers/w32 qakbot in detail.pdf symantec.com (pdf)
+
W32.Shadesrat (Blackshades) author arrested
+
http://www.symantec.com/connect/blogs/w32shadesrat-blackshades-author-arrested
+
W32.Stuxnet dossier
+
https://www.symantec.com/content/en/us/enterprise/media/security response/whitepapers/w32 stuxnet dossier.pdf
+
W32.Tinba (Tinybanker) The turkish incident
+
http://www.csis.dk/downloads/Tinba White Paper.pdf www.csis.dk
+
W32.Xpaj.B: making easy money from complex code
+
http://www.symantec.com/content/en/us/enterprise/media/security response/whitepapers/w32 xpaj b.pdf (PDF)
+
Waledac Botnet - Deployment and Communication Analysis
+
http://www.fortiguard.com/analysis/waledacanalysis.html Fortinet Article
+
Waledac gets cozy with Virut
+
http://www.symantec.com/connect/blogs/waledac-gets-cozy-virut
+
Walking through Win32/Jabberbot.A instant messaging C&C
+
http://www.welivesecurity.com/2013/01/30/walking-through-win32jabberbot-a-instant-messaging-cc/
+
Watch out for CoreBot, new stealer in the wild
+
https://securityintelligence.com/watch-out-for-corebot-new-stealer-in-the-wild/
+
Weelsof use SSL C&C
+
http://www.xylibox.com/2012/09/weelsof-use-ssl-c.html www.xylibox.com
+
What was that Wiper thing?
+
http://www.securelist.com/en/blog/208193808/What was that Wiper thing
+
What’s the buzz with Bafruz
+
http://blogs.technet.com/b/mmpc/archive/2012/08/14/msrt-august-12-what-s-the-buzz-with-bafruz.aspx
+
Where Are They Today? Cybercrime Trojans That No One Misses: Shifu Malware
+
http://securityintelligence.com/where-are-they-today-cybercrime-trojans-that-no-one-misses-shifu-malware/
+
Who's behind the Koobface botnet? - An OSINT analysis
+
http://ddanchev.blogspot.com/2012/01/whos-behind-koobface-botnet-osint.html ddanchev.blogspot.com
+
Who's behind the world's largest spam botnet?
+
http://krebsonsecurity.com/2012/02/whos-behind-the-worlds-largest-spam-botnet/
+
Why forums? An empirical analysis into the facilitating factors of carding forums
+
http://www.websci13.org/
+
Win32/64:Napolar: New trojan shines on the cyber crime-scene
+
https://blog.avast.com/2013/09/25/win3264napolar-new-trojan-shines-on-the-cyber-crime-scene/ blog.avast.com
+
Win32/Gataka - or should we say Zutick?
+
http://www.welivesecurity.com/2012/11/30/win32gataka-or-should-we-say-zutick/
+
Win32/Gataka banking Trojan - Detailed analysis
+
http://blog.eset.com/2012/08/13/win32gataka-banking-trojan-detailed-analysis blog.eset.com
+
Win32/Gataka: a banking Trojan ready to take off
+
http://blog.eset.com/2012/06/28/win32gataka-a-banking-trojan-ready-to-take-off blog.eset.com
+
Win32/Sality newest component: a router’s primary DNS changer named Win32/RBrute
+
http://www.welivesecurity.com/2014/04/02/win32sality-newest-component-a-routers-primary-dns-changer-named-win32rbrute/
+
Win32/Spy.Ranbyus modifying Java code in RBS Ukraine systems
+
http://blog.eset.com/2012/12/19/win32spy-ranbyus-modifying-java-code-in-rbs blog.eset.com
+
Win32/Virlock: First Self-Reproducing Ransomware is also a Shape Shifter
+
http://www.welivesecurity.com/2014/12/22/win32virlock-first-self-reproducing-ransomware-also-shape-shifter/
+
Win32/Vundo
+
http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=Win32/Vundo
+
Winlock affiliate
+
http://www.xylibox.com/2012/08/winlock-affiliate.html www.xylibox.com
+
Wire Transfer Spam Spreads Upatre
+
http://blogs.technet.com/b/mmpc/archive/2014/12/11/wire-transfer-spam-spreads-upatre.aspx
+
Wired Business Media
+
http://www.securityweek.com/
+
Worm:VBS/Jenxcus
+
http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Worm:VBS/Jenxcus
+
X
XPAJ: reversing a Windows x64 bootkit
+
https://www.securelist.com/en/analysis/204792235/XPAJ Reversing a Windows x64 Bootkit
+
Xarvester, the new Srizbi?
+
http://labs.m86security.com/2009/01/xarvester-the-new-srizbi/
+
Xpaj Botnet intercepts up to 87 million searches per year
+
http://www.symantec.com/connect/blogs/xpaj-botnet-intercepts-87-million-searches-year
+
Y
You can’t be invulnerable, but you can be well protected
+
https://securelist.com/blog/opinions/73160/you-cant-be-invulnerable-but-you-can-be-well-protected/
+
You dirty RAT! Part 1 – DarkComet
+
http://blog.malwarebytes.org/intelligence/2012/06/you-dirty-rat-part-1-darkcomet/
+
You dirty RAT! part 2 – BlackShades NET
+
http://blog.malwarebytes.org/intelligence/2012/06/you-dirty-rat-part-2-blackshades-net/
+
Your botnet is my botnet: analysis of a botnet takeover
+
https://seclab.cs.ucsb.edu/media/uploads/papers/torpig.pdf
+
Your files are encrypted with a “Windows 10 Upgrade”
+
http://blogs.cisco.com/security/talos/ctb-locker-win10
+
Z
ZACCESS/SIREFEF arrives with new infection technique
+
http://blog.trendmicro.com/zaccesssirefef-arrives-with-new-infection-technique/
+
ZeroAccess - new steps in evolution
+
http://artemonsecurity.blogspot.fr/2012/06/zeroaccess-new-steps-in-evolution.html artemonsecurity.blogspot.fr
+
ZeroAccess anti-debug uses debugger
+
http://blog.malwarebytes.org/intelligence/2013/07/zeroaccess-anti-debug-uses-debugger/
+
ZeroAccess rootkit launched by signed installers
+
http://blogs.mcafee.com/mcafee-labs/zeroaccess-rootkit-launched-by-signed-installers
+
ZeroAccess's way of self-deletion
+
http://www.f-secure.com/weblog/archives/00002385.html
+
ZeroAccess: code injection chronicles
+
http://blog.eset.com/2012/06/25/zeroaccess-code-injection-chronicles blog.eset.com
+
ZeroLocker won't come to your rescue
+
http://securelist.com/blog/incidents/66135/zerolocker-wont-come-to-your-rescue/
+
Zeroing in on malware propagation methods
+
http://download.microsoft.com/download/0/3/3/0331766E-3FC4-44E5-B1CA-2BDEB58211B8/Microsoft Security Intelligence Report volume 11 Zeroing in on Malware Propagation Methods English.pdf
+
ZeuS Gameover overview
+
http://blog.mindedsecurity.com/2012/09/zeus-gameover-overview.html
+
ZeuS ransomware feature: win unlock
+
http://www.f-secure.com/weblog/archives/00002367.html
+
ZeuS v2 Malware Analysis - Part II
+
http://www.sysforensics.org/2012/04/zeus-v2-malware-analysis-part-ii.html www.sysforensics.org
+
ZeuS – P2P+DGA variant – mapping out and understanding the threat
+
http://www.cert.pl/news/4711/langswitch lang/en
+
ZeuS-P2P monitoring and analysis
+
http://www.cert.pl/PDF/2013-06-P2P-rap en.pdf
+
ZeuS: me talk pretty Finnish one day
+
http://www.f-secure.com/weblog/archives/00002331.html
+
ZeuSbot/Spyeye P2P updated, fortifying the botnet
+
http://www.symantec.com/connect/blogs/zeusbotspyeye-P2P-updated-fortifying-botnet
+
Zeus variant Floki bot targets PoS data
+
https://threatpost.com/zeus-variant-floki-bot-targets-pos-data/122310/
+
Zorenium bot not half the threat it claims to be
+
http://www.symantec.com/connect/blogs/zorenium-bot-not-half-threat-it-claims-be
+
Н
Новый сэмпл Pandora DDoS Bot
+
http://onthar.in/articles/new-pandora-bot-sample/ onthar.in
+
‘
‘Dexter’ virus targets point-of-sale terminals
+
http://www.ottawacitizen.com/business/Dexter+virus+targets+point+sale+terminals/7702029/story.html www.ottawacitizen.com
+
‘Project Blitzkrieg’ promises more aggressive cyberheists against U.S. banks
+
http://krebsonsecurity.com/2012/10/project-blitzkrieg-promises-more-aggressive-cyberheists-against-u-s-banks/
+
“
“Nemanja” botnet identified by IntelCrawler – Over a thousand point-of-sales, grocery management and accounting systems are compromised all over the world
+
http://intelcrawler.com/news-18 intelcrawler.com
+
Navigation menu
Personal tools
Log in
Namespaces
Property
Discussion
Variants
Views
Read
View source
View history
More
Search
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Tools
What links here
Related changes
Upload file
Special pages
Printable version
Permanent link
Page information
Browse properties