VB Migration

Tag: keylogger

  • New paper: LokiBot: dissecting the C&C panel deployments

    First advertised as an information stealer and keylogger when it appeared in underground forums in 2015, LokiBot has added various capabilities over the years and has affected many users worldwide. LokiBot C&C panel with CAPTCHA. In a new paper (published today in both HTML and PDF format) researcher Aditya Sood analyses the URL structure of…

  • Paper: New Keylogger on the Block

    Keyloggers have long been a popular tool for cybercriminals, something made worse by the fact that many of them are sold commercially. Today, we publish a paper ( here as a PDF) by Sophos researcher Gabor Szappanos, in which he studies the ‘KeyBase’ keylogger. Though the product has officially been discontinued, allegedly because of abuse…

  • Paper: New Keylogger on the Block

    Keyloggers have long been a popular tool for cybercriminals, something made worse by the fact that many of them are sold commercially. Today, we publish a paper ( here as a PDF) by Sophos researcher Gabor Szappanos, in which he studies the ‘KeyBase’ keylogger. Though the product has officially been discontinued, allegedly because of abuse…

  • Paper: MWI-5: Operation HawkEye

    Gabor Szappanos looks at how macro malware campaigns spread a commercial keylogger to harvest banking details. Macro malware was a plague in the late 1990s, when Microsoft Office executed macros by default, making the writing of computer viruses literally child’s play. Macro execution has long been disabled by default, but in the last two years,…

  • Sykipot trojan used to target smart cards

    Defence companies among small number of targets. Researchers at Alienvault have discovered a version of the ‘Sykipot’ trojan that is being used to target organisations that make use of smartcards to control the access of both physical and information systems. The malware is installed onto the victim’s machine via a zero-day vulnerability in Adobe software,…

  • ‘Son of Stuxnet’ trojan found

    ‘Duqu’ used in targeted attacks to steal specific information. Researchers at both Symantec and McAfee have discovered a new Remote Access Trojan (RAT) with strong links to Stuxnet being used in some highly targeted attacks. The trojan, which has been named ‘Duqu’ after the files with prefix ~DQ it creates, shares source code with Stuxnet…

  • Keylogger on Samsung laptops proves to be false alarm

    AV product wrongly flags malware based on existence of directory. A number of security bloggers raised concern yesterday about the apparent presence of a keylogger on Samsung laptops – only to realise it was, in fact, a false positive. A Network World reporter discovered the ‘keylogger’ on two different makes of Samsung laptops. Reminded of…

  • Webmail data leak hype deflated

    Rumoured phishing explosion grabs headlines, reality much more mundane. This week has seen some major news organisations picking up on the story of tens of thousands of sets of webmail access data appearing online, with rumours of a major and highly effective phishing campaign – possibly targeting children – rife across the web. As the…

  • Keyloggers used to loot US county

    $415,000 sneaked from local government funds. A Kentucky county has suffered losses of $415,000 after keylogging malware infiltrated its computer systems, allowing cybercriminals access to sensitive user data which let them syphon cash to accounts in the Ukraine. Custom variants of the Zbot trojan were used to steal the passwords of the county treasurer, and…

  • China-Tibet row spills over into malware attacks

    Both sides of debate targeted to spread malicious code. With the political row over China’s involvement in Tibet continuing to make the headlines, cybercriminals have been as quick as ever to exploit the public interest in the topic, using the story as a hook for several malware attacks. The first was as wave of SQL-based…