Tag: malware
-
Paper: The Journey of Evasion Enters Behavioural Phase
Anti-detection techniques are almost as old as malware itself and have developed well beyond hash busting techniques. As security products adapt their detection tools, malware authors need to find new ways to prevent their malware from being blocked while it is running. In a new paper (also available as PDF ) published today by Virus…
-
Paper: How It Works: Steganography Hides Malware in Image Files
Sometimes a picture says more than a thousand words. And sometimes in computer security, a picture contains a thousand words, or rather a lot of commands, used by malware authors to remotely control the malware. This is an example of a technique known as ‘steganography’: hiding data in such a way that it is invisible…
-
Paying a malware ransom is bad, but telling people never to do it is unhelpful advice
I’m not usually one to spread panic about security issues, but in the case of the current ransomware plague, I believe that at the very least a sense of great concern is justified. And the threat is unlikely to disappear any time soon. While there are certainly many things we can do to significantly reduce…
-
New tool helps ransomware victims indentify the malware family
Malware infections are never fun, but ransomware is particularly nasty and the plague doesn’t seem likely to cease any time soon: new families are spotted almost daily. A small silver lining in this dark cloud is the fact that crypto is hard for the bad guys too: they have made many mistakes implementing their encryption…
-
VB2015 paper: Will Android Trojans, Worms or Rootkits Survive in SEAndroid and Containerization?
Google ‘s Android operating system may have a bit of a bad reputation when it comes to security, but it’s worth noting that recent versions of the operating system have been hardened a lot. In a paper presented at VB2015, Sophos researchers Rowland Yu and William Lee look at two recent security enhancements, Security Enhancements…
-
VB2015 paper: Digital ‘Bian Lian’ (face changing): the Skeleton Key malware
Microsoft, Dell SecureWorks researchers analyse malware targeting Active Directory servers. A year ago, researchers from Dell SecureWorks discovered a new kind of malware, dubbed ‘Skeleton Key’, that was used in targeted attacks. The malware, which was installed on the target’s domain controller, allowed the attacker to login as any user and thus perform any number…
-
Malware likely cause of power cut in Ukraine
BlackEnergy malware previously linked to targeted attacks in the country. When in late December hundreds of thousands of homes in Western Ukraine suffered power outages, many people talked about the possibility of the interruption in power having been caused by a cyber-attack. But people always talk about cyber-attacks — the truth is almost always a…
-
Paper: Optimizing ssDeep for use at scale
Brian Wallace presents tool to optimize ssDeep comparisons. Malware rarely comes as a single file, and to avoid having to analyse each sample in a set individually, a fuzzy hashing algorithm tool like ssDeep can tell a researcher whether two files are very similar — or not similar at all. When working with a large…
-
Paper: MWI-5: Operation HawkEye
Gabor Szappanos looks at how macro malware campaigns spread a commercial keylogger to harvest banking details. Macro malware was a plague in the late 1990s, when Microsoft Office executed macros by default, making the writing of computer viruses literally child’s play. Macro execution has long been disabled by default, but in the last two years,…
-
Researchers seek ransomware samples for their generic solution
VB2015 presentation to include demonstration of technique against recent samples. ‘The scary hack that’s on the rise’ is how Wired ‘s Kim Zetter described ransomware in an overview article posted yesterday. Indeed, encrypting your files and demanding a ransom to decrypt them has become a very lucrative cybercriminal enterprise. Of course, the best defence against…