Threat analysis – Page 13 – WindowsTechs.com

Simple userland rootkit – a case study

Posted on December 7, 2016 by Malwarebytes Labs

In this article, we will have a case study of a simple userland rootkit, that uses a technique of API redirection in order to hide own presence from the popular monitoring tools.Categories: Malware
Threat analysisTags: malwarerootkit(Read more…) Continue reading Simple userland rootkit – a case study→

Tor Browser zero-day strikes again

Posted on November 30, 2016 by Jérôme Segura

A new zero-day has been found in the wild and was used against the popular Tor Browser. This exploit was meant to leak information about users, such as their IP address.Categories: Exploits
Threat analysisTags: 0dayanti exploitexploitsfirefoxmozillaTo… Continue reading Tor Browser zero-day strikes again→

Tech support scammers up their game with ransomware

Posted on November 28, 2016 by Malwarebytes Labs

Ransomware is so popular that even tech support scammers have eventually adopted it. Now the ransom note asks you to call ‘Microsoft’ to get your encrypted files back.Categories: Threat analysisTags: microsoftransomwaretech supporttech support scamsTSS… Continue reading Tech support scammers up their game with ransomware→

TeleCrypt – the ransomware abusing Telegram API – defeated!

Posted on November 22, 2016 by Malwarebytes Labs

A new ransomware, TeleCrypt appeared recently carrying some new ideas. Telecrypt abuses the API of a popular messenger, Telegram.Categories: Malware
Threat analysisTags: malwareransomwareTeleCryptTeleCrypt DecryptorTelegram API(Read more…) Continue reading TeleCrypt – the ransomware abusing Telegram API – defeated!→

PrincessLocker – ransomware with not so royal encryption

Posted on November 21, 2016 by Malwarebytes Labs

PrincessLocker ransomware has appeared some time ago and has drawn out attention by using the same template of the site for a victim as Cerber did. In this article, we dig deeper and try to answer questions about its internal similarities with Cerber (… Continue reading PrincessLocker – ransomware with not so royal encryption→

Floki Bot and the stealthy dropper

Posted on November 10, 2016 by hasherezade

Floki Bot, described recently by Dr. Peter Stephenson from SC Magazine is yet another bot, based on the leaked Zeus code. However, the author came up with various custom modifications that makes it more interesting.Categories: Malware
Threat analysisT… Continue reading Floki Bot and the stealthy dropper→

Trick Bot – Dyreza’s successor

Posted on October 24, 2016 by Malwarebytes Labs

Recently, our analyst Jérôme Segura captured an interesting payload in the wild. It turned out to be a new bot, that, at the moment of the analysis, hadn’t been described yet.

Categories:

Tags: banker dyre dyreza trickbot trickloader

PUP Friday: Content Protector

Posted on October 21, 2016 by Pieter Arntz

Content Protector is an adware that is offered as a netfiltering program. This seems a bit strange for ad-supported software. It also comes with it’s own certificate.Categories: PUPs
Threat analysisTags: adwarecontent defenderContent protectornetfilte… Continue reading PUP Friday: Content Protector→

New-looking Sundown EK drops Smoke Loader, Kronos banker

Posted on October 17, 2016 by Jérôme Segura

In this post we take a quick glance at some changes made to the Sundown exploit kit. The landing page has been tweaked and uses various obfuscation techniques. Sundown is used in some smaller campaigns and in this particular case dropped a downloader f… Continue reading New-looking Sundown EK drops Smoke Loader, Kronos banker→

PUP Friday: Let’s talk generic

Posted on October 7, 2016 by Jovi Umawing

For this PUP Friday post, we’re going to look into PUPs that we can simply classify as “Downloaders”. We have sampled a program called the Internet Download Manager, which is capable of downloading other files we detect as PUP and connects to sites lea… Continue reading PUP Friday: Let’s talk generic→