Author Archives: SpiderLabs Blog from Trustwave

Authors: Dr. Fahim Abbasi and Nicholas Ramos Introduction Our global spam honeypot sensors detected a pervasive email campaign that was leveraging a zipped attachment containing a malicious JavaScript. When opened, the JavaScript was used to infect vic… Continue reading The Spam, JavaScript and Ransomware Triangle→

I normally use Linux for my malware analysis lab machine. But, recently, I got interested in the Windows Subsystem for Linux (WSL) and I thought I should give it a try. And so far, I am enjoying the ease of…
Continue reading Cuckoo Linux Subsystem: Some Love for Windows 10→

Over two days in early August (the 8th and 9th), amidst of the active distribution of Trickbot malware, a new Locky ransomware variant called “diablo” has emerged from hell. The Trustwave SpiderLabs Spam Research Database has picked up a large…
Continue reading Necurs Unleashed “Locky diablo” from Hell→

We have released new commercial rules for ModSecurity Web Application Firewall (WAF) v2.9 and above. These rules’ purpose is to protect against new emerging attacks that target vulnerabilities in public software. For this release we are highlighting vi… Continue reading ModSecurity Web Application Firewall – Commercial Rules Update(2)→

We recently released ModSecurity version 2.9.2. The release contains a number of bug fixes, including two security issues: Allan Boll reported an uninitialized variable that may lead to a crash on Windows platform. Brian Adeloye reported an infinite lo… Continue reading Announcing ModSecurity version 2.9.2→

Recently, Jason Knowles of ABC 7’s I-Team asked us, “What is the security risk if your EMV chip falls off your credit card? What could someone do with that?” My first thought was, “How in the hell does the chip…
Continue reading Chip Off the Old EMV→

August’s Patch Tuesday brings with it a relatively light month closing holes in 48 CVEs. Over all there are 26 CVEs rated “Critical”, 21 rated “Important” and 1 rated “Moderate”. Across all of these vulnerabilities security updates for software and…
Continue reading Microsoft Patch Tuesday, August 2017→

A couple of weeks ago, we observed the Necurs botnet distributing a new malware spam campaign with a payload combo that includes Trickbot and Nitol. Trickbot is a banking trojan that first appeared late last year targeting banks in Europe,…
Continue reading Tale of the Two Payloads – TrickBot and Nitol→

Contributed by: Gerald Carsula, Rodel Mendez and Nicholas Ramos Last June, we reported that Kovter was being spammed together with Cerber ransomware that used a fake email delivery notification. For the last few weeks another set of fake UPS delivery…
Continue reading Spammed JScript Phones Home To Download NemucodAES And Kovter→

Most malware that traverses a network do so with specific indicators, some of which look like legitimate network traffic and others that are completely unique to the malware. A single IDPS signature can have high confidence of detecting an infection…
Continue reading Petya From The Wire: Detection using IDPS→