Threat analysis – Page 12 – WindowsTechs.com

A look back at the Zyns iframer campaign

Posted on January 31, 2017 by Jérôme Segura

Behind compromised sites or malvertising, you will often find trails that can take you back years and see how infection chains evolved, or didn’t, over time.Categories: Exploits
Threat analysisTags: campaigneitestexploit kitsiframemalvertisingmalwarer… Continue reading A look back at the Zyns iframer campaign→

Locky Bart ransomware and backend server analysis

Posted on January 31, 2017 by Malwarebytes Labs

The developers of Locky Bart already had very successful ransomware campaigns running called “Locky” and “Locky v2”. After some users reported being infected with Locky Bart, we investigated it to find the differences as to gain greater knowledge and understanding of this new version.

Categories:

Tags: analysis Anti-Ransomware backend server bart binary Locky Locky Bart ransomware ransomware

Zbot with legitimate applications on board

Posted on January 26, 2017 by Malwarebytes Labs

Recently, among the payloads delivered by exploit kits, we often find Terdot.A/Zloader – a downloader installing on the victim machine a ZeuS-based malware.Categories: Cybercrime
Malware
Malware
Threat analysisTags: bankerbanking malwaremalwareterdo… Continue reading Zbot with legitimate applications on board→

VirLocker’s comeback; including recovery instructions

Posted on January 25, 2017 by nscott

Virlocker is back, the nightmare is still real. But we have found a way to at least recover your important files even if the affected machine can be considered a loss.Categories: Malware
Threat analysisTags: file infectingfile recoverymalwarepolymorph… Continue reading VirLocker’s comeback; including recovery instructions→

VirLocker’s comeback; including recovery instructions

Posted on January 25, 2017 by nscott

Tech support scams, stolen data, and botnets

Posted on December 15, 2016 by William Tsing

We’ve found a scam in a box company that also offers intelligence leads. That is, they’ll sell you the scam and point you at the most vulnerable targets first.

Categories:

Tags: botnet BPO Experts Global BPOreserouces Dell scams as a service tech support tech support scam TSS winlogon

Goldeneye Ransomware – the Petya/Mischa combo rebranded

Posted on December 15, 2016 by Malwarebytes Labs

From March 2016 we’ve observed the evolution of an interesting low-level ransomware, Petya. Now, we are facing an outbreak of the fourth version – this time under a new name – Goldeneye, and, appropriately, a new, golden theme.Categories: Malware
Malw… Continue reading Goldeneye Ransomware – the Petya/Mischa combo rebranded→

Security in 2017: Ransomware will remain king

Posted on December 14, 2016 by Malwarebytes Labs

2016 was the year of ransomware, with hackers focusing their attention on exploiting Internet users and businesses around the world for profit.Categories: Malware
Threat analysisTags: cybersecuritypredictionsransomwaresecurity(Read more…) Continue reading Security in 2017: Ransomware will remain king→

Simple userland rootkit – a case study

Posted on December 7, 2016 by Malwarebytes Labs

In this article, we will have a case study of a simple userland rootkit, that uses a technique of API redirection in order to hide own presence from the popular monitoring tools.Categories: Malware
Threat analysisTags: malwarerootkit(Read more…) Continue reading Simple userland rootkit – a case study→

Tor Browser zero-day strikes again

Posted on November 30, 2016 by Jérôme Segura

A new zero-day has been found in the wild and was used against the popular Tor Browser. This exploit was meant to leak information about users, such as their IP address.Categories: Exploits
Threat analysisTags: 0dayanti exploitexploitsfirefoxmozillaTo… Continue reading Tor Browser zero-day strikes again→