SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Fake certificate expiration notices used to plant Mokes malware
Description: Attackers are infecting websites and displaying fake notifications that the site's certificate is expired. The URL bar still displays the legitimate URL, but a fake image is displayed in the entire window stating that "Security Certificate is out of date." If the user clicks on a button to download the updated certificate, they are infected with the Buerak downloader and Mokes malware.
Snort SIDs: 54097 - 54106
Title: Variant of ZeuS malware available for sale online
Description: Attackers are selling a new fork of the infamous ZeuS banking trojan. Known as "Silent Night," security researchers discovered the malware that appears to date back to November. Silent Night is for sale currently on a Russian dark web forum. It fetches the core malicious module and injects it into other running processes, showing very similar techniques and code to ZeuS.
Snort SIDs: 54093, 54094