kovter – Page 2 – WindowsTechs.com

Malwarebytes Labs Presents: The Cybercrime Tactics and Techniques Report

Posted on March 6, 2017 by Malwarebytes Labs

In our first wrap-up of the threat landscape, we are going to cover the trends observed during the last few months of 2016, provide an analyst’s view of the threats, and offer some predictions for the beginning of 2017. Moving forward, every quarter we will bring you a view of the threat landscape through the eyes of Malwarebytes researchers and analysts.

Categories:

Tags: 2016 ad fraud cerber cybercrime kovter Locky malwarebytes labs predictions ransomware report trends

Continue reading Malwarebytes Labs Presents: The Cybercrime Tactics and Techniques Report→

Untangling Kovter’s persistence methods

Posted on July 14, 2016 by Malwarebytes Labs

Kovter is a click-fraud malware famous from the unconventional tricks used for persistence. It hides malicious modules in PowerShell scripts as well as in registry keys to make detection and analysis difficult. In this post we will take a deep dive into the techniques used by it’s latest samples to see all the elements and…

Categories:

Tags: click fraud kovter

Large Kovter digitally-signed malvertising campaign and MSRT cleanup release

Posted on May 10, 2016 by msft-mmpc

Kovter is a malware family that is well known for being tricky to detect and remove because of its file-less design after infection. Users from United States are nearly exclusively being targeted, and infected PCs are used to perform click-fraud and install additional malware on your machine. Starting April 21, 2016, we observed a large… Continue reading Large Kovter digitally-signed malvertising campaign and MSRT cleanup release→

FedEx Problems with item delivery, n.00196222 Shawn Maddox – JS malware leads to ransomware

Posted on March 18, 2016 by Myonlinesecurity

Last revised or Updated on: 18th March, 2016, 6:56 AMAn email with the subject of FedEx_00196222.zip pretending to come from mogotoys@server.robo-apps.com; on behalf of; FedEx 2Day <shawn.maddox@mogotoys.com> with a zip attachment is another one from the current bot runs which downloads ransomware They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The email looks like: From: mogotoys@server.robo-apps.com; on behalf of; FedEx 2Day <shawn.maddox@mogotoys.com> Date: Fri 18/03/2016 02:49 Subject: Problems with item delivery, n.00196222 Attachment: FedEx_00196222.zip Body content: Dear Customer, Your parcel has arrived at March 15. Courier was … Continue reading → Continue reading FedEx Problems with item delivery, n.00196222 Shawn Maddox – JS malware leads to ransomware→

blank email from support@hvp-online.com – JS malware downloads kovter boaxxe and ransomware

Posted on March 14, 2016 by Derek

Last revised or Updated on: 14th March, 2016, 9:55 AMAn email addressed to abuse at your email domain with no subject coming from Support <support@hvp-online.com> with a zip attachment is another one from the current bot runs which downloads They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. I have only seen 1 copy of this so far, but in previous weeks, I often got 1 copy about 1-2 hours before the main influx. I do not know based on this one email if there will be … Continue reading → Continue reading blank email from support@hvp-online.com – JS malware downloads kovter boaxxe and ransomware→