Author Archives: ThreatTrack Security Labs

Breaking Down the Malware Behind the Ukraine Power Outage

Posted on by

Security researchers recently discovered that the power outage in the Ukraine in December was caused by a malware and identified as an evolved version of BlackEnergy. This Trojan, dating back to 2007, was a popular malware that was previously sold in Russian underground sites. However, its design and architecture changed from performing simple HTTP DDos attacks to […]

The post Breaking Down the Malware Behind the Ukraine Power Outage appeared first on ThreatTrack Security Labs Blog.

Continue reading Breaking Down the Malware Behind the Ukraine Power Outage

Breaking Down the Malware Behind the Ukraine Power Outage

Posted on by

Security researchers recently discovered that the power outage in the Ukraine in December was caused by a malware and identified as an evolved version of BlackEnergy. This Trojan, dating back to 2007, was a popular malware that was previously sold in Russian underground sites. However, its design and architecture changed from performing simple HTTP DDos attacks to […]

The post Breaking Down the Malware Behind the Ukraine Power Outage appeared first on ThreatTrack Security Labs Blog.

Continue reading Breaking Down the Malware Behind the Ukraine Power Outage

What’s New with Dridex

Posted on by

Credit: Christopher D. Del Fierro, Lead Malware Research Engineer, ThreatTrack Security We have seen Dridex since 2014 and it is still active in the wild today. This research will be focusing on analyzing Dridex and on how it is able to remain undetected by most antivirus engines. For those not familiar with Dridex, it is a malspam […]

The post What’s New with Dridex appeared first on ThreatTrack Security Labs Blog.

Continue reading What’s New with Dridex

What’s New with Dridex

Posted on by

Credit: Christopher D. Del Fierro, Lead Malware Research Engineer, ThreatTrack Security We have seen Dridex since 2014 and it is still active in the wild today. This research will be focusing on analyzing Dridex and on how it is able to remain undetected by most antivirus engines. For those not familiar with Dridex, it is a malspam […]

The post What’s New with Dridex appeared first on ThreatTrack Security Labs Blog.

Continue reading What’s New with Dridex

CryptoWall 4 Targets Booking.com Customers

Posted on by

ThreatTrack Security Labs researchers caught wind of a phishing email masking itself as a Booking.com email. The malware-disguised email includes an “E-TICKET_CONFIRM.doc” attachment that, once downloaded, walks the user through steps to enable embedded macro codes that infect the computer with CryptoWall. How It Infects Your System: If users ignore Microsoft’s default security warning, the computer […]

The post CryptoWall 4 Targets Booking.com Customers appeared first on ThreatTrack Security Labs Blog.

Continue reading CryptoWall 4 Targets Booking.com Customers

CryptoWall 4 Targets Booking.com Customers

Posted on by

ThreatTrack Security Labs researchers caught wind of a phishing email masking itself as a Booking.com email. The malware-disguised email includes an “E-TICKET_CONFIRM.doc” attachment that, once downloaded, walks the user through steps to enable embedded macro codes that infect the computer with CryptoWall. How It Infects Your System: If users ignore Microsoft’s default security warning, the computer […]

The post CryptoWall 4 Targets Booking.com Customers appeared first on ThreatTrack Security Labs Blog.

Continue reading CryptoWall 4 Targets Booking.com Customers

Dyre Botnet Using Malicious Microsoft Word Macros

Posted on by

The Dyre group, a major malware spam producer, has changed their initial malware dropper to utilize Microsoft Word document macros instead of the usual executable types, such as .exe files contained in a .zip. Dyre’s Hedsen spambot, responsible for the bulk of Upatre emails we’ve been tracking, now uses a template to send infected-macro Word files […]

The post Dyre Botnet Using Malicious Microsoft Word Macros appeared first on ThreatTrack Security Labs Blog.

Continue reading Dyre Botnet Using Malicious Microsoft Word Macros

Dyre Botnet Using Malicious Microsoft Word Macros

Posted on by

The Dyre group, a major malware spam producer, has changed their initial malware dropper to utilize Microsoft Word document macros instead of the usual executable types, such as .exe files contained in a .zip. Dyre’s Hedsen spambot, responsible for the bulk of Upatre emails we’ve been tracking, now uses a template to send infected-macro Word files […]

The post Dyre Botnet Using Malicious Microsoft Word Macros appeared first on ThreatTrack Security Labs Blog.

Continue reading Dyre Botnet Using Malicious Microsoft Word Macros

Microsoft Help File Malware Targets JPMorgan Chase Customers

Posted on by

A fresh malware sample was recently spotted using an attached Microsoft Compiled HTML (Help file) attached to spam messages. A Microsoft Help file is a binary file, which encompasses a set of HTML files; it usually has a .chm or .hlp extension. The malicious help file malware analyzed – a .chm file – arrived via spam […]

The post Microsoft Help File Malware Targets JPMorgan Chase Customers appeared first on ThreatTrack Security Labs Blog.

Continue reading Microsoft Help File Malware Targets JPMorgan Chase Customers

Microsoft Help File Malware Targets JPMorgan Chase Customers

Posted on by

A fresh malware sample was recently spotted using an attached Microsoft Compiled HTML (Help file) attached to spam messages. A Microsoft Help file is a binary file, which encompasses a set of HTML files; it usually has a .chm or .hlp extension. The malicious help file malware analyzed – a .chm file – arrived via spam […]

The post Microsoft Help File Malware Targets JPMorgan Chase Customers appeared first on ThreatTrack Security Labs Blog.

Continue reading Microsoft Help File Malware Targets JPMorgan Chase Customers