Tag Archive for: Log

Driving while intoxicated, possession of marijuana and fighting in public in this week’s crime log |

/in




Driving while intoxicated, possession of marijuana and fighting in public in this week’s crime log




This is a wrap-up of crimes reported from Feb. 18 to Feb. 27.

Assault causing bodily injury 

On Feb. 27, a female allegedly assaulted her boyfriend during an argument, was arrested and was taken to Arlington Police Department’s jail, UTA Police Capt. Mike McCord said in an email.  

Assault causing bodily injury to a family member is a third-degree felony, punishable by imprisonment for no more than ten years or less than two years as well as a possible fine not exceeding $10,000.  

Theft 

On Feb. 26, a male reported the theft of a jewelry piece valued at approximately $900 left unattended at the Maverick Activities Center, McCord said. 

Theft of property between $750 to $2,500 is a class A misdemeanor, which is punishable by a fine not exceeding $4,000, up to a year in jail or both.

Offensive physical contact

On Feb. 25, two students reported being assaulted by each other during an argument. Neither reported injuries, McCord said.  

Offensive physical contact is a class A misdemeanor, which is punishable by a fine not exceeding $4,000, up to a year in jail or both.

Theft and computer security breach

On Feb. 25, a male student reported being scammed out of $600 by what he believed to be someone hacking his computer, McCord said.  

Theft of property valued between $100 and $750 is a class B misdemeanor, which is punishable by a fine not exceeding $2,000, up to 180 days in jail or both. 

Computer security breach is also a class B misdemeanor and punishable by a fine not exceeding $2,000, up to 180 days in jail or both.  

Offensive physical contact and fighting in public 

On Feb. 22, officers were dispatched to a fight between several high school students at College Park Center,…

Source…

This New Malware Family Using CLFS Log Files to Avoid Detection

/in


Malware Attack

Cybersecurity researchers have disclosed details about a new malware family that relies on the Common Log File System (CLFS) to hide a second-stage payload in registry transaction files in an attempt to evade detection mechanisms.

FireEye’s Mandiant Advanced Practices team, which made the discovery, dubbed the malware PRIVATELOG, and its installer, STASHLOG. Specifics about the identities of the threat actor or their motives remain unclear.

Although the malware is yet to be detected in real-world attacks aimed at customer environments or be spotted launching any second-stage payloads, Mandiant suspects that PRIVATELOG could still be in development, the work of a researcher, or deployed as part of a highly targeted activity.

CLFS is a general-purpose logging subsystem in Windows that’s accessible to both kernel-mode as well as user-mode applications such as database systems, OLTP systems, messaging clients, and network event management systems for building and sharing high-performance transaction logs.

“Because the file format is not widely used or documented, there are no available tools that can parse CLFS log files,” Mandiant researchers explained in a write-up published this week. “This provides attackers with an opportunity to hide their data as log records in a convenient way, because these are accessible through API functions.”

PRIVATELOG and STASHLOG come with capabilities that allow the malicious software to linger on infected devices and avoid detection, including the use of obfuscated strings and control flow techniques that are expressly designed to make static analysis cumbersome. What’s more, the STASHLOG installer accepts a next-stage payload as an argument, the contents of which are subsequently stashed in a specific CLFS log file.

Fashioned as an un-obfuscated 64-bit DLL named “prntvpt.dll,” PRIVATELOG, in contrast, leverages a technique called DLL search order hijacking in order to load the malicious library when it is called by a victim program, in this case, a service called “PrintNotify.”

“Similarly to STASHLOG, PRIVATELOG starts by enumerating *.BLF files in the default user’s profile directory and uses the .BLF file with the oldest creation date…

Source…