Microsoft Help File Malware Targets JPMorgan Chase Customers

A fresh malware sample was recently spotted using an attached Microsoft Compiled HTML (Help file) attached to spam messages. A Microsoft Help file is a binary file, which encompasses a set of HTML files; it usually has a .chm or .hlp extension. The malicious help file malware analyzed – a .chm file – arrived via spam […]

The post Microsoft Help File Malware Targets JPMorgan Chase Customers appeared first on ThreatTrack Security Labs Blog.

Continue reading Microsoft Help File Malware Targets JPMorgan Chase Customers

Microsoft Help File Malware Targets JPMorgan Chase Customers

A fresh malware sample was recently spotted using an attached Microsoft Compiled HTML (Help file) attached to spam messages. A Microsoft Help file is a binary file, which encompasses a set of HTML files; it usually has a .chm or .hlp extension. The malicious help file malware analyzed – a .chm file – arrived via spam […]

The post Microsoft Help File Malware Targets JPMorgan Chase Customers appeared first on ThreatTrack Security Labs Blog.

Continue reading Microsoft Help File Malware Targets JPMorgan Chase Customers

Dyre Spreading Using Code-Signing Certificates, HTTPS

ThreatTrack Security Labs researchers have confirmed the credential-stealing Trojan Dyre  is using a new dropper — and a valid digital certificate — to carry out its dirty work over HTTPS connections. The Ruckguv downloader works by injecting a dll into an instance of Windows Service Host (svchost.exe). Windows Service Host then uses HTTPS to download […]

The post Dyre Spreading Using Code-Signing Certificates, HTTPS appeared first on ThreatTrack Security Labs Blog.

Continue reading Dyre Spreading Using Code-Signing Certificates, HTTPS

Dyre Spreading Using Code-Signing Certificates, HTTPS

ThreatTrack Security Labs researchers have confirmed the credential-stealing Trojan Dyre  is using a new dropper — and a valid digital certificate — to carry out its dirty work over HTTPS connections. The Ruckguv downloader works by injecting a dll into an instance of Windows Service Host (svchost.exe). Windows Service Host then uses HTTPS to download […]

The post Dyre Spreading Using Code-Signing Certificates, HTTPS appeared first on ThreatTrack Security Labs Blog.

Continue reading Dyre Spreading Using Code-Signing Certificates, HTTPS

Dyre Targets More Websites

The Dyre Trojan has expanded its attack vectors, aiming to harvest sensitive data from an expanding list of targeted websites. Previously, Dyre had been known to seek out banking credentials as its primary targets, but ThreatTrack Security Labs researchers recently discovered multiple new types of domains, which have become part of Dyre’s standard target index. […]

The post Dyre Targets More Websites appeared first on ThreatTrack Security Labs Blog.

Continue reading Dyre Targets More Websites

Dyre Targets More Websites

The Dyre Trojan has expanded its attack vectors, aiming to harvest sensitive data from an expanding list of targeted websites. Previously, Dyre had been known to seek out banking credentials as its primary targets, but ThreatTrack Security Labs researchers recently discovered multiple new types of domains, which have become part of Dyre’s standard target index. […]

The post Dyre Targets More Websites appeared first on ThreatTrack Security Labs Blog.

Continue reading Dyre Targets More Websites

Dyre Spambots Use JJencode to Broaden Distribution

January was a busy month for the developers of Dyre/Dyreza. The group reintroduced their Upatre link spam with some additional subterfuge. This article will explore two types of spambots that Dyre utilizes;  the following diagram presents a simplified visual on how each type executes. Dyre bot operators have started to JJencode their HTML to obscure detection and have rigged […]

The post Dyre Spambots Use JJencode to Broaden Distribution appeared first on ThreatTrack Security Labs Blog.

Continue reading Dyre Spambots Use JJencode to Broaden Distribution

Dyre Spambots Use JJencode to Broaden Distribution

January was a busy month for the developers of Dyre/Dyreza. The group reintroduced their Upatre link spam with some additional subterfuge. This article will explore two types of spambots that Dyre utilizes;  the following diagram presents a simplified visual on how each type executes. Dyre bot operators have started to JJencode their HTML to obscure detection and have rigged […]

The post Dyre Spambots Use JJencode to Broaden Distribution appeared first on ThreatTrack Security Labs Blog.

Continue reading Dyre Spambots Use JJencode to Broaden Distribution

Dyre Recruiting CareerBuilder.com Users

Job seekers beware. A login-credential-stealing Trojan is trying to steal your email address and password when you access CareerBuilder.com. We recently reported on the evolution of Dyre as observed by ThreatTrack Security Labs. The latest developments to this data-stealing Trojan, also known as Dyreza, is an expanded list of targeted sites, including the addition of […]

The post Dyre Recruiting CareerBuilder.com Users appeared first on ThreatTrack Security Labs Blog.

Continue reading Dyre Recruiting CareerBuilder.com Users