VB Migration

Tag: backdoor

  • Ebury and Mayhem server malware families still active

    Whether it is to send spam or to redirect web traffic to malicious payloads, compromised ( Linux ) web servers are the glue in many a malware campaign. Two such networks of compromised servers – about which VB has published papers in the past – have recently received updates. The paper ‘Operation Windigo’ ( pdf ) was…

  • Ebury and Mayhem server malware families still active

    Whether it is to send spam or to redirect web traffic to malicious payloads, compromised ( Linux ) web servers are the glue in many a malware campaign. Two such networks of compromised servers – about which VB has published papers in the past – have recently received updates. The paper ‘Operation Windigo’ ( pdf ) was…

  • Malicious CCleaner update points to a major weakness in our infrastructure

    For the security community, 2017 might well be called the year of the update: two of the biggest security stories – the WannaCry outbreak and the Equifax breach – involved organizations being hit badly as a consequence of not having installed (security) updates, while another major story, that of (Not)Petya , concerned a threat that…

  • Malicious CCleaner update points to a major weakness in our infrastructure

    For the security community, 2017 might well be called the year of the update: two of the biggest security stories – the WannaCry outbreak and the Equifax breach – involved organizations being hit badly as a consequence of not having installed (security) updates, while another major story, that of (Not)Petya , concerned a threat that…

  • VB2014 preview: two papers on Linux server malware

    Researchers from ESET, Yandex and Symantec look at emerging malware trend. In the weeks running up to VB2014 (the 24th Virus Bulletin International Conference), we are looking at some of the research that will be presented at the event. Today, we look at two papers, both of which look at malware targeting Linux servers. One…

  • More than two million home routers have ‘wide open backdoor’

    Default password makes vulnerability easy to exploit. Researchers at Trend Micro have discovered an easy-to-exploit backdoor in routers from Chinese manufacturer Netcore , that allows an attacker to take almost complete control of the device, with very little that users can do to protect themselves. The backdoor consists of the router listening on UDP port…

  • ‘Son of Stuxnet’ trojan found

    ‘Duqu’ used in targeted attacks to steal specific information. Researchers at both Symantec and McAfee have discovered a new Remote Access Trojan (RAT) with strong links to Stuxnet being used in some highly targeted attacks. The trojan, which has been named ‘Duqu’ after the files with prefix ~DQ it creates, shares source code with Stuxnet…

  • Fake codec trojan disables anti-virus software

    Victim tricked into believing security software still active. A new trojan, discovered by researchers at ESET , spreads itself via fake codecs, then disables running anti-virus solutions and makes the user believe that the anti-virus is still running. The trojan spreads via Facebook chat and engages in a short, probably automated, conversation with the victim…

  • Hundreds of legitimate websites being hacked into

    New mass infection leaves security researchers puzzled. Web security company ScanSafe has reported a new mass infection of websites, which it claims accounts for 15% of the web traffic the company blocks. A wide range of sites, mostly operated by small firms based in the UK, were seen to be serving malicious JavaScript to visitors,…