CeCOS VIII – Hong Kong

The eighth annual Counter-eCrime Operations Summit (CeCOS VIII) was held in Hong Kong on April 8th , 9th and 10th, 2014.
The event brings together global leaders from financial services, technology, government, law enforcement, communications sectors and research centers.


Cybercrime fighters from the field examined:
– Public-source criminal tracking techniques
– Cloud and mobile malware forensics
– The latest crimeware and web-based attack schemes
– Bitcoin as a cybercrime tool
– Globalized industrial cybercrime event data sharing
– Ransomware scams menacing businesses
– Global approaches to securing the Domain Name System

CeCOS VIII was an open conference for members of the electronic-crime fighting community. The agenda is located at and I had the opportunity to share recent research results on the second day of the event.


My topic was the broad global abuse of compromised websites for malicious purposes.
After showing plenty of samples of such problematic websites in Japan, I went on to highlight local .hk samples and exposed samples related to the recently discovered “AOL spam” problems, namely compromised domains redirecting to diet scams or ‘housewife-make-money-from-home’ scams.


We had been seeing these suspicious URL patterns since the end of February 2014 and took measures to detect related data as “Trojan.JS.Redirector.acf” as well as heuristically.
More information about this threat can be found at

This Year’s CeCOS VIII included about 130 attendees from around 20 countries. The organizer noted: “In some dimensions, this is the strongest operations program we have ever organized. I know that important developments will proceed from CeCOS VIII and make enduring contributions.”

I can only confirm that there were plenty of opportunities for discussions and networking and it was a fruitful event – as usual, I may add.

CeCOS VIII – Hong Kong

Your email address will not be published. Required fields are marked *



LuminousMoth APT: Sweeping attacks for the chosen few

We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.

WildPressure targets the macOS platform

We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS.

Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Andariel evolves to target South Korea with ransomware

In April 2021, we observed a suspicious Word document with a Korean file name and decoy. It revealed a novel infection scheme and an unfamiliar payload. After a deep analysis, we came to a conclusion: the Andariel group was behind these attacks.

Subscribe to our weekly e-mails

The hottest research right in your inbox