Category: Malware

Categories
Malware

HOME DEPOT BREACH

homedepot
Home depot logo

HOME DEPOT is a big box retailer in the USA. It suffered from a security breach that affected 56 millions payment cards.

The malware used in the attack is most likely to have been used in others attack. Briankrebs who reported the attack suggests that the BlackPOS malware which was used againt  TARGET  was also used in this case. The hackers started by compromising a third-party supplier workstation  and manage to install the malware in the point-of-sale terminal. At this point the collection of credit card entry data was automated and sent to an offsite collection system.The malware was present between April and September 2014, though the incident was first reported in September 02, 2014.

By now, the malware elimination and enhanced encryption of  Payment data in all US stores have been completed.

Lesson learned: In this recent POS attack, Payment Card Industry (PCI) regime could improve this. Home Depot should look to UPSStore example to learn how to report a breach. Online merchants need to resist fraudulent use of credit cards : Verified by VISA, MASTERCARD SecureCode, Paypal, Apple Pay. Finally, Home Depot Customers must demand new account numbers.  Why on this earth aren’t you using white listing on PCs attached to payment devices?.


			

			
			
		


	


	

		
	


	






	



	


		
			

				Categories
				

					Malware				

			


			
Malware Sample Sources

		


			

		


		
	





	


		


			
Malware researchers need to test their skills and develop defense with real specimen. They can collect malwares sample from honeypot or download those from URL sources. The following sites can be resourceful:


    

  1. Contagio Malware Dump (Mobile Malware)
    2. 

  2. Kernelmode.info
    3. 

  3. Malshare
    4. 

  4. Malware.lu AVcaesar
    5. 

  5. MalwareBlacklist
    6. 

  6. Malwr
    7. 

  7. Open Malware
    8. 

  8. SecuBox Labs
    9. 

  9. Virusign
    10. 

  10. VirusShare
    11. 

  11. TheZoo /Malware DB
    12. 

  12. ZeuS Tracker
    13. 

  13. MalwareBazaar
    14. 




        
    

		


	


	

		
	


	






	



	


		
			

				Categories
				

					Hacking Malware				

			


			
French manufacturer LaCie admits data breah

		


			

		


		
	





	


		


			
LaCie is a french manufacturer of  hard drive. It was a victim of a security breach and obviously sent notifications to customers about the incident . The breach was detected by the FBI on March 19,2014 which forwarded the alarm. A malware was used to gain access to customer’s transactions made between March 27,2013 and March 10,2014. Names, addresses,email addresses,payment card numbers and cards expiration dates belonging to customers  have been accessed by the unauthorized party. LaCie urged everyone to change their password believing that customers’ usernames and passwords  on LaCie’s website could have also been accessed.


		


	


	

		
	


	






	



	


		
			

				Categories
				

					Hacking Malware				

			


			
Ukraine , target of Snake or Uroburo malware

		


			

		


		
	





	


		


			
Image


A dangerous cyber weapon has infected many computers in Ukraine in 2014. It is a spyware designed to steal sensitive secret information from high potential networks . Experts believe that this rootkit has been undetected for more than three years. Due to the complexity and the estimated high cost of this malware, G Data the German security company believes a sponsored state is behind this attack, possibly linked to Russia, since the developers of this malicious program speak Russia language.


Uroburo works autonomously and works on peer-to-peer mode .The infected computers spy on documents and send those to a PC connected to the internet. It supports 32 and 64 bit Windows Operating System.


		


	


	

		
	


	






	



	


		
			

				Categories
				

					Malware				

			


			
Kaspersky uncovered Mask malware

		


			

		


		
	





	


		


			
Image


A big cyber espionage has been uncovered by Kaspersky Lab. A multiplatform malware named Mask (Aka Careto) was used to target victims since 2007. It was a real nation-state spying tool. Infections have been observed in many countries among those France, Germany, Morocco, United States and Venezuela… The detection name to look for is Trojan.Win32/Win64.Careto.* The name Careto was fund in the malicious code. It was collecting a large piece of document from infected system,including encryption keys,SSH Keys, VPN configuration and RDP files.