The goal of this project is to make virtual world a safer and better place without child pornography, major computer crime and RIAA.
Login As
You can log in if you are registered at one of these services:
Security Bulletins
Latest Malware Updates

Infostealer.Posteal

02/26/2015

Downloader.Busadom

02/26/2015

Trojan.Ladocosm

02/26/2015

SONAR.SuspDocRun

02/25/2015

SONAR.SuspHelpRun

02/25/2015

FaaS offerings marketed via Facebook

FaaS offerings marketed via Facebook

RSA researcher Limor S. Kessem stated that Fraud-as-a-Service (FaaS) offerings are marketed via popular social networks. She pointed out that there are even distinct sale items, for instance, “customized botnet panel programmed to work with the Zeus Trojan – both reworked by what appears to be an Indonesian-speaking malware developer.”

According to Kessem, the developers of suggested items can customize a control panel for the administrator of the website or create a demo website for potential buyers. As the result, there are some posts on a Facebook page with frequent updates and information about botnets, exploits, cybercrime, and their own product (Zeus v 1.2.10.1).

Despite the fact that now the market of FaaS offerings is quite large, some could find something special:

Since the Zeus code leak in mid-2011, the world of information security foretold the coming development of new breeds of the malware and the compilation of working variants from the source code in the hands of those versed in malware programming. Seeing new customized Zeus Trojans out in the wild is very common, but seeing someone marketing a Zeus v1 kit is not, stated Kessem.

The researcher explained that here one can see the code leak, which leads to the availability of the Trojan, especially when all the major developers are trying to avoid being seen or discovered.

Marketing cyber crime in such an open and accessible manner is not something common. Cybercriminals usually fear for their freedom and will not expose their endeavors online to potential undercover cyber-police officers and security research, wrote Kessem.

The cybercrime underground may have lost most of the access it had to the major commercial Trojans after Zeus, SpyEye, Ice IX and Citadel’s developers all decided to quit vending their malware freely, but it seems that FaaS [Fraud as a Service] is definitely keeping things alive in the crime world, she said.

With affordable kits and even an old Trojan like Zeus v1 can be used to hijack bank credentials and in online financial fraud schemes.

The researcher also said that today laws and punishments are developing all over the world, which helps investigation, uncovering and proving cybercrime.

(c) Naked Security


Security Advisories Database

Remote Code Execution Vulnerability in Microsoft OpenType Font Driver

A remote attacker can execute arbitrary code on the target system.

07/21/2015

SQL Injection Vulnerability in Piwigo

SQL inection vulnerability has been discovered in Piwigo.

02/05/2015

Cross-site Scripting Vulnerability in DotNetNuke

A cross-site scripting (XSS) vulnerability has been discovered in DotNetNuke.

02/05/2015

Cross-site Scripting Vulnerability in Hitachi Command Suite

A cross-site scripting vulnerability was found in Hitachi Command Suite.

02/02/2015

Denial of service vulnerability in FreeBSD SCTP RE_CONFIG Chunk Handling

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Apache Traffic Server HTTP TRACE Max-Forwards

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in MalwareBytes Anti-Exploit "mbae.sys"

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Linux Kernel splice

An attacker can perform a denial of service attack.

01/29/2015

Denial of service vulnerability in Python Pillow Module PNG Text Chunks Decompression

An attacker can perform a denial of service attack.

01/20/2015