Developers Club geek daily blog

Security Week 01: The racketeer on Javascript, $100 of k for a bug in Adobe Flash, the ciphered bright future

1 year, 10 months ago
The Chaos Communication Congress conference became an important event of the end of December. Materials from it can be found on a key word 32c3 where 32 — sequence number of action, since 1984. In Hamburg there were many interesting researches on action. For example, experts Felix Domke and Danielle Lange in detail told about a technical aspect of "dizelgeyt", including features of work of modern managing systems of cars. And here it is possible to look at the monumental 110-page presentation about vulnerability of railway systems and to come to a conclusion that IT in trains is applied widely, much, everywhere differently, and it is frequent using standard software (Windows XP) or standard protocols of a wireless communication (GSM) which shortcomings from the point of view of safety are widely known and are actively operated (fortunately, so far in other places).

And here news (the presentation and the link to research work inside) that unique features of programming style filter even into compiled code. Though this subject also is rather highly specialized, I see in it something bigger: perhaps in the near future the picture will finally lose relevance on the right. Not because all will monitor all, and thanks to the behavioural analysis — the user can be identified how it vzamodeystvut with the website, the application or something else the same as the programmer — how that writes a code. Here by the way Apple purchased the startup specializing in the analysis of human emotions just yesterday. Generally, the 2016th year begins interestingly. And we continue supervision. The previous series are available here.

Read more »


The trojan of BlackEnergy is used in cyberattacks to mass media and industrial facilities of Ukraine

1 year, 10 months ago
BlackEnergy is family of malicious software which was active since 2007. In 2014 the trojan continued the activity and returned in new modification (1,2). BlackEnergy was also active in 2015 and was used by cybergroup of malefactors for attacks to users. Our analysts recorded new activity of this trojan which was used against the media companies of Ukraine and the enterprises of power industry. With use of a trojan malefactors delivered the special KillDisk component specializing in destruction of files on a disk to computers of the victims.



Except BlackEnergy, the cybergroup used one more tool for receipt of access to the infected systems. It is SSH a backdoor. We continue to monitor activity of BlackEnergy and to fix new opportunities of this trojan. Behind receipt of additional information or providing that, send to us the message on the e-mail address threatintel@eset.com.

Read more »


Specialists of Emsisoft found the racketeer on JavaScript

1 year, 10 months ago
Specialists of the Emsisoft company found a malicious application — the racketeer which is written on JavaScript. She received the name Ransom32 and is used by malefactors for the harmful campaigns similar to distribution of many other families of this kind of malicious software. Malefactors selected the high level of anonymity for work with Ransom32, for communication with the managing director C&C-;сервером the racketeer uses the Tor anonymous network, and payment of the redemption is performed in bitcoins.



Use of JavaScript is done by the racketeer cross-platform, it can be used both for Microsoft Windows, and for Linux and Apple OS X. Key feature of Ransom32 is the model of distribution of this racketeer for cybercriminals. It is the Software as a service model (SaaS), at the same time for receipt of access to an administrative control bar a malicious application and its generation, they need to specify the address of the purse Bitcoin only.

Read more »


Security Week 52-53: a backdoor at Juniper with a thick layer of cryptography, vintage Java, gopo-bug bounty

1 year, 10 months ago
While the fir-tree already costs, but salads are not cut yet, it is a high time to talk last time this year about safety news. Last week I reported on "non-standard" best news of year, and in general for the remained time anything special did not occur. Though is not present, there is one news which is worthy the separate narration. Two backdoors found on December 17 in software for the network devices Juniper could fill up the long, but undistinguished list of bugs, exploits and incorrect configurations in routers and house routers. But later it became clear that in this history there is a mass of nuances, it touches not only upon a subject of a safe koding, but also enciphering, and even hints on participation of intelligence agencies appeared.

Generally, interesting the termination of year turned out. In addition to Juniper, two more popular news go to a subject of okolobezopasny policy more. Traditional rules: every week edition of the news website Threatpost selects three most significant news to which I add the expanded and ruthless comment. All episodes of series can be found on a tag. The first episode of new year will come out the countries on January 8!

Read more »


Non-standard top of events in the field of IT safety of 2015

1 year, 11 months ago
Here also time to repeat exercise which I the first time executed exactly a year ago came. Then I took 10 most popular news from our website Threatpost and tried to find out — why they, actually, drew public attention — both specialists, and normal users. Such method has obvious shortcomings — on popularity of articles a lot of things influences, and is not obligatory at all that the most popular news about incidents in the cyberworld are at the same time and the most important. But there are also advantages: events in the field of information security there is a huge number, and each participant of their discussion, depending on specialization and personal interests, will select "very best". And here — if not the most objective, then the independent tool of an assessment.

This year the selection of the most visited news successfully is divided into five main categories:
— Low-technology threats for users
— "Vulnerabilities in unexpected places": safety of "Internet of things", home and industrial network devices,
— Data encryption problems
— Loud vulnerabilities in key platforms and "high tech" of cyberthreats — examples of the most advanced attacks
— Routine, but dangerous vulnerabilities in widespread software

Here on them we will also walk.

Read more »


Security Week 50: DDoS of root DNS servers, APT Sofacy life, is a lot of cryptography

1 year, 11 months ago
Serious changes happen exactly while something to change percent of persons interested exceeds a certain critical mark. No, I now not about policy, chur me also am sacred-is Saint, and about IT in general and IT safety. Also want in general all a miscellaneous: the companies — that not DDoS-or also did not break, users — that did not steal passwords and did not steal accounts, security-vendors — the new relation to safety at all interested persons, regulators — well it is clear, want to regulate.

Here short pressing of predictions of our experts next year: evolution of APT (it is less than technologies, decrease in costs there is more mass character and in general), attacks to new financial instruments a la ApplePay and stock exchanges — is closer to places of high concentration of digital bank notes, attacks to IB-researchers via the tools used by them, cracking of the companies for the sake of pure damage of reputation (an a.k.a. posting of dirty linen), deficit of trust to any IT tools (can crack anything), including the entrusted certificates, botnets from routers and other IoT, large-scale crisis of cryptography.

In predictions of this year there is no uniform point "for growth", any improbable scenario of development. Well unless it is possible to refer attacks to the cars managed by the computer to those and that is about cracking of infrastructure on which they depend — cellular and satellite networks. All this, in a varying degree, will come true, a problem that somehow there is no wish. Whenever possible it would be desirable to avoid all this. And if there is a wish not only to us, but also in general to all (though differently) whether then also the 2016th can become year of progress in collective IT safety? I am never an expert, but there is a wish to believe that yes. We pass to news of week. The previous releases are available on a tag.

Read more »


In an antivirus of Avast critical vulnerabilities are found and eliminated

1 year, 11 months ago


In the summer of 2015 Internet users widely discussed problems of safety of anti-virus tools. Let's remind, then serious vulnerabilities were found in ESET products, and then and in BitDefender with Symantec. Current week it became known of the next problems with protection of anti-virus software. One of users of the Google Code resource published descriptions and test cases of operation of four serious vulnerabilities of an antivirus of Avast, two of which are critical.

Read more »


2015 – the attacks improved year of Cryptolocker and as cyber-criminals

1 year, 11 months ago


At the end of 2013 there were first signs of new threats which soon will become one of the most profitable types of the attacks performed by cyber-criminals. Cryptolocker – the most popular family ransomware which finally began to be used as the name for all threats of this kind.

This threat always works according to the same scenario: ciphers documents and demands the redemption to recover the ciphered documents.

This year we already wrote about the principles of work of Cryptolocker. Briefly about how there is an enciphering of files after

Read more »


Creators of programs racketeers and fraudulent websites of technical support integrate

1 year, 11 months ago

While the first hold of files hostage, the second make out fabulous bills for elimination on the computer of nonexistent problems


The attention of specialists of Symantec was drawn by merge two serious online of the threats capable to cause big problems if Internet users should face them.

Some websites offering very doubtful services of technical support also use programs racketeers which block files of users, collecting a payment for interpretation.

Fraudulent resources of technical support try to convince users that on their computer malfunctions are found, and then offer at inflated price the software or supplementary services for elimination of a problem. As a rule, the mechanism is started by means of the pop-up message with the specified contact number for commission of a call or the link for downloading of the software.

Read more »


Security Week 49: second-hand certificates, theft of data from children's toys, Microsoft blocks unwanted software

1 year, 11 months ago
This week nothing occurred. Well as, the news flow about safety in IT was normal — here cracked, vulnerability, here a patch there — but without some serious revelations. When I only began to keep the weekly digest, it seemed to me that will be a lot of such weeks, but so far, since August, it turned out only two: present and one more. But you look what this consists allegedly vacuum of:

— Stole data of millions of clients, a lot of personal information on children owners of "smart" devices with cameras from the vendor of toys and we designate.
— Thousands of modems, routers and similar devices at many vendors use identical certificates and keys for access on SSH.
— The USA violently discusses requests of FBI in style "give us data and tell nobody about it" which parts were for the first time promulgated since 2001 when such practice was entered.

Normal it "nothing" though yes, no supercracking existed, nothing capitally fell, and that is good. However, our experts, summing up the results of year on the loudest events of an infobezopasnost, no decrease of the activity is seen, it is rather on the contrary. Well and we will not relax, winter close. Traditional rules: every week edition of the news website Threatpost selects three most significant news to which I add the expanded and ruthless comment. All episodes of series can be found on a tag.

Read more »