Brad Duncan – WindowsTechs.com

Necurs-Based DDE Attacks Now Spreading Locky Ransomware

Posted on October 20, 2017 by Michael Mimoso

Researchers have spotted Locky ransomware infections emanating from the Necurs botnet via Word attachments using a DDE technique that Microsoft says is an Office feature and does not merit a security patch. Continue reading Necurs-Based DDE Attacks Now Spreading Locky Ransomware→

Spam Domains Imitating Popular Banks Spreading Trickbot Banking Trojan

Posted on August 15, 2017 by Michael Mimoso

Researchers at My Online Security and the SANS Internet Storm Center have analyzed spam campaigns utilizing plausible imitations of legitimate banking domains to spread the Trickbot banking malware. Continue reading Spam Domains Imitating Popular Banks Spreading Trickbot Banking Trojan→

NemucodAES Ransomware, Kovter Click-Fraud Malware Spreading in Same Campaigns

Posted on July 14, 2017 by Tom Spring

Researchers have spotted malicious email campaigns using Zip archives to spread NemucodAES ransomware and the Kovter click-fraud Trojan, simultaneously distributing both pieces of malware. Continue reading NemucodAES Ransomware, Kovter Click-Fraud Malware Spreading in Same Campaigns→

CryptoShield Infections from RIG EK Picking Up

Posted on February 9, 2017 by Michael Mimoso

Researchers have spotted an increase in CryptoShield ransomware infections coming from the RIG Exploit Kit used by EITest delivery campaigns. Continue reading CryptoShield Infections from RIG EK Picking Up→

Sage and Satan Ransomware, Double Trouble

Posted on January 23, 2017 by Michael Mimoso

A spam campaign has started spreading Sage ransomware, while a ransomware service known as Satan allows users to customize distribution. Continue reading Sage and Satan Ransomware, Double Trouble→

CryptXXX, Cryptobit Ransomware Spreading Through Campaign

Posted on July 8, 2016 by Chris Brook

Researchers have spotted several types of ransomware, including CryptXXX and a fairly new strain, Cryptobit, being pushed through the same shady series of domains.

Continue reading CryptXXX, Cryptobit Ransomware Spreading Through Campaign→

CryptXXX Ransomware Updates Ransom Note, Payment Site

Posted on July 7, 2016 by Michael Mimoso

CryptXXX ransomware has been updated with new ransom instructions and payment site, as well as the removal of special extensions appended to encrypted files. Continue reading CryptXXX Ransomware Updates Ransom Note, Payment Site→

The Changing Face of Pseudo-Darkleech

Posted on July 5, 2016 by Michael Mimoso

The chameleon-like pseudo-Darkleech campaign, responsible for prolific exploit kit attacks and ransomware infections, has again made a change to its code that will frustrate researchers. Continue reading The Changing Face of Pseudo-Darkleech→

Nuclear, Angler Exploit Kit Activity Has Disappeared

Posted on June 22, 2016 by Michael Mimoso

Researchers who study exploit kits are reporting that two major kits, Angler and Nuclear, may no longer be available. Continue reading Nuclear, Angler Exploit Kit Activity Has Disappeared→

Major Campaigns Spreading CryptXXX Ransomware Via Exploit Kits

Posted on April 29, 2016 by Michael Mimoso

Attackers behind a campaign distributing Locky ransomware via the Nuclear Exploit Kit have switched to distributing CryptXXX using the feature-laden Angler Exploit Kit. Continue reading Major Campaigns Spreading CryptXXX Ransomware Via Exploit Kits→