Botception with Necurs: Botnet distributes script with bot capabilities | Avast Threat Labs

Over the past few days, we have been analyzing a development with the Necurs botnet – a cybercrime operation dating back to 2012 that quickly became one of the largest spam botnets in the world. We reported on the infamous cybergang responsible for the distribution of global malware campaigns such as “Locky” and “GlobeImposter” in two blog posts (here and here) that explained how malware is spread via Necurs. And now we have seen a new link to that chain with attackers serving brand new files via the same botnet. These files are spreading malicious Visual Basic Scripts (VBScripts) and our analysis suggests that the authors are using the services provided by the Necurs botnet to reach more victims. The ultimate goal of the attackers is to make systems vulnerable to attacks with the ability to steal personal data and to infect them with keyloggers, banking malware, and ransomware.


Security researchers have caught a Bitcoin-hijacking Chrome extension that only managed to grab one BitCoin transaction before being exposed. Researchers said the malicious extensions used an attack technique that first emerged last year, dubbed FacexWorm, and added that they noticed re-emerging activity earlier this month. FacexWorm propagates in malicious Facebook Messenger messages and only attacks Chrome. Allan Liska, Senior Solutions Architect at Recorded Future has observed this evolved / advancing threat and commented below.

Vulnerabilities Affecting Over One Million Dasan GPON Routers Are Now Under Attack

Two vulnerabilities affecting over one million routers, and disclosed earlier this week, are now under attack by botnet herders, who are trying to gather the vulnerable devices under their control. From a report: Attacks started yesterday, Thursday, May 3, according to Netlab, the network security division of Chinese cyber-security vendor Qihoo 360. Exploitation of these two flaws started after on Monday, April 30, an anonymous researcher published details of the two vulnerabilities via the VPNMentor blog. His findings detail two flaws — an authentication bypass (CVE-2018-10561) and a remote code execution vulnerability (CVE-2018-10562). The most ludicrous of these two flaws is the first, which basically allows anyone to access the router’s internal settings by appending the “?images” string to any URL, effectively giving anyone control over the router’s configuration.

The ‘Race to 5G’ Is Just Mindless Marketing Bullshit

For several years now, wireless carriers have been busy telling anybody who’d listen that fifth-generation (5G) wireless will be a game-changing broadband revolution. Time and time again, their marketing departments have breathlessly insisted that everything from smart cities to next-gen medical care will only be possible through the miracle of 5G connections.

This Week in Security News: Zippy’s and Flynn

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, Hawaii-based restaurant Zippy’s suffered a POS data breach. In addition, Uber executive John Flynn argued that user expectations on data protection are rising, but consumers still aren’t implementing the right precautions for their own data safety.

Fresh fright of data-spilling Spectre CPU design flaws haunt Intel

Researchers have unearthed a fresh new set of ways attackers could potentially exploit data-leaking Spectre CPU vulnerabilities in Intel chips. German publication Heise reported that eggheads are preparing to disclose at least eight new CVE-listed vulnerability reports describing side-channel attack flaws in Chipzilla’s processors.

Campbell helps businesses defend against cybercrime

Former England international footballer Sol Campbell has hosted a defensive masterclass for small businesses to help them protect themselves against cybercrime. Research by Barclays has found, on average, London businesses have lost over £50,000 each as a result of cybercrime. It also found more than half of London businesses have been targeted by a scam or fraudulent activity, and 24% have had to make staff redundant in order to recoup the money lost.

Could video sharing be the solution to Windows 10’s security woes?

By Trevor Dolan, Segment Director at Kollective

It’s a great time to work in IT. In 2018, the role of IT is  now seen as a key business function rather than a cost cutting one. IT is helping businesses progress in the current digital climate, managing processes so employees can be more productive, and helping innovation thrive. While IT may be at the forefront of all of these processes, one area where it is still falling behind is in the speed at which IT teams can download, test and install software upgrades.

Bank of England and Cyber Security Challenge UK Partner to Find the Next Generation of Cyber Security Experts

There is an urgent need to find the people that will protect and safeguard businesses, people and their data. In response, a number of banks and financial institutions are investing in their cyber security, particularly personnel. Today, Cyber Security Challenge UK, a non-profit organisation dedicated to inspiring and enabling people to seek careers in the cyber security industry has partnered with the prestigious Bank of England for the launch of its first Face-to-Face cyber security competition of 2018. The competition will test 30 of the brightest untapped talents in the UK to identify the next-generation of cyber security experts.

Dark Matter

As I am attending the Cyber Security Event ( running in Sao Paulo Brazil in July 2018 with a presentation entitled ‘Dark Matter’, given the number of recent insecurity debacles which have occurred in the Financial Sector, from Experian to Equifax, from RBS to TSB, and of course not forgetting the high-impact outages which implicated the Bank of England’s (BoE) Chaps Infrastructure in 2017, halting the transactional processing of part of the £277bn which passes through the wired tentacles of the system each day, when it went down for around 10 hours during peak trading hours:

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of April 30, 2018

When I was little, I discovered the joy of jumping on the bed. While it was fun to jump on the bed, I wanted to make it more challenging so I started to imitate the ski jumpers I had seen during the 1976 Winter Olympics and jump from my parents’ dresser to the bed. I quickly found out there’s a reason why many TV shows and events will start out with the message “don’t try this at home.” I ended up in the emergency room with a fractured left arm.

Weekly Update 85

It’s a (new) weekly update! Lights are in, things are much brighter and… I think it was a bit too bright and the camera was pointed too high. This is all experimentation, folks, and I appreciate everyone’s input as I tune things to try and get a consistent, quality result. Still, as someone said whilst I was mucking around with all this, the audio quality is great and that’s what people are ultimately listening to so that’s a fantastic start. You’ll notice I’ve also changed the video thumbnail and removed the text in the opening frames, I hope that’s an improvement. (Oh yeah – and there’s a 4 min blank spot at the end due to a rogue element in the Premiere project I didn’t clean up – sorry!)

Phone Maker BLU Settles With FTC Over Unauthorized User Data Extraction

lod123 shares a report from Threatpost: Android phone-maker BLU Products agreed to a proposed settlement on Tuesday with the Federal Trade Commission, over allegations it allowed the third-party firm Adups Technology to collect detailed consumer data from users without their consent. In an administrative complaint filed earlier this week against BLU and the company’s co-owner and president Samuel Ohev-Zion, the FTC accused the firm of sharing with China-based Adups the full contents of their users’ text messages, real-time cell tower location data, call and text-message logs, contact lists, and applications used and installed on devices.

Ultimately, the FTC is alleging Ohev-Zion and BLU violated the FTC Act’s section pertaining to “deceptive representation regarding disclosure of personal information.” The proposed settlement will be made final after a 30-day public comment period. In its proposed complaint, the FTC said Florida-based BLU contracted with Adups to issue security and operating system updates to millions of phones sold by the firm through Amazon, Best Buy and Walmart. In addition to allegedly failing to protect consumer privacy, the FTC asserts that BLU failed “to adequately assess the privacy and security risks of third-party software installed on BLU devices” resulting in “common security vulnerabilities that could enable attackers to gain full access to the devices.”