Overview Recently, NSFOCUS has received a slew of reports from customers in the finance, telecom, and Internet sectors on similar security events. Through analysis, NSFOCUS believes that these events are all associated with the malware-infected WebLogic Server (WLS) host. Specifically, attackers exploit the WLS component vulnerability (CVE-2017-10271) to attack the...
Year: 2017
Miner Virus Attacked Large Numbers of WebLogic Hosts Recently
On the 15th this month, K.Orange twittered a message, saying that unpatched WebLogic has a vulnerability that could be employed by attackers using a “watch-smartd” program. Recently NSFOCUS received requests from customers in many industries (finance, telecom carriers, the Internet companies and so on) asking for emergence response service as...
IcedID Banking Trojan Sample Technical Analysis and Solution
IcedID Banking Trojan Sample Technical Analysis and Solution Date of Release: November 17, 2017 Overview Recently, the IBM X-Force research team discovered a brand new banking Trojan dubbed IcedID. This Trojan was first found spreading in the wild in September 2017, mainly targeting systems used in the financial sectors of...
NSFOCUS launches Web Application Firewall for SB Cloud in Japan
SB Cloud partners with NSFOCUS to bring the first ICSA and Veracode certified Web Application Firewall powered by NSFOCUS to its customers SINGAPORE, November 15, 2017 – NSFOCUS, the leader in holistic hybrid security solutions, is now offering its comprehensive Web Application Security solution on SB Cloud to provide enterprises...
BadRabbit Sample Analysis and Recommended Solution
Overview A new type of ransomware was detected on October 24, when it had not been even half a year from the extensive breakout of the notorious ransomware Petya and WannaCry. This ransomware dubbed BadRabbit has been distributed in a number of European countries, including Russia, Ukraine, Bulgaria, Turkey, and...
Technical Analysis Report on Rowdy, A New Type of IoT Malware Exploiting STBs
In August 2017, NSFOCUS's DDoS situation awareness platform detected anoma-lous bandwidth usage over a customer's network, which, upon analysis, was confirmed to be a distributed denial-of-service (DDoS) attack. The attack was characterized by different types of traffic, including TCP flood, HTTP flood, and DNS flood. Tracing source IP addresses, we...
