Tag: malware
-
Using Mailchimp makes malware campaigns a little bit more successful
Sending one email is easy. Sending thousands or millions of emails is hard: one effect of the anti-spam infrastructure we have collectively built is that the process of sending email scales very badly (even for those who only send legitimate messages). This is why companies tend to outsource their mail delivery operations to email service…
-
We need to continue the debate on the ethics and perils of publishing security research
At VB2015 in Prague, Juan Andrés Guerro-Saade, then of Kaspersky Lab , presented an important paper on the transformation of security researchers into intelligence brokers and how this changes the ethics concerning security research. The debate on how security companies in general and anti-virus products in particular should treat malware written for ‘good’ purposes has…
-
We need to continue the debate on the ethics and perils of publishing security research
At VB2015 in Prague, Juan Andrés Guerro-Saade, then of Kaspersky Lab , presented an important paper on the transformation of security researchers into intelligence brokers and how this changes the ethics concerning security research. The debate on how security companies in general and anti-virus products in particular should treat malware written for ‘good’ purposes has…
-
There is no evidence in-the-wild malware is using Meltdown or Spectre
Almost a month after the Meltdown and Spectre attacks against various CPUs were discovered and revealed to the public, there have been reports of the existence of malware that appears to be using the published proof-of-concept code. The source of these reports is a Google Plus post from testing organization AV-Test , which lists the…
-
There is no evidence in-the-wild malware is using Meltdown or Spectre
Almost a month after the Meltdown and Spectre attacks against various CPUs were discovered and revealed to the public, there have been reports of the existence of malware that appears to be using the published proof-of-concept code. The source of these reports is a Google Plus post from testing organization AV-Test , which lists the…
-
Alleged author of creepy FruitFly macOS malware arrested
It is almost a year since the mysterious FruitFly malware for macOS was discovered . Malware targeting macOS is still uncommon enough to be newsworthy, but FruitFly seemed particularly interesting: its spying capabilities, combined with the fact that it had managed to stay under the radar for many years, led many to postulate that it…
-
Alleged author of creepy FruitFly macOS malware arrested
It is almost a year since the mysterious FruitFly malware for macOS was discovered . Malware targeting macOS is still uncommon enough to be newsworthy, but FruitFly seemed particularly interesting: its spying capabilities, combined with the fact that it had managed to stay under the radar for many years, led many to postulate that it…
-
VB2017 video: Turning Trickbot: decoding an encrypted command-and-control channel
Trickbot, first reported a year ago by Malwarebytes researcher Jérôme Segura as the successor of Dyre/Dyreza, has become perhaps the most important banking trojan of 2017. It is known for its regular updates, with its use of SMB for lateral movement particularly noteworthy. Symantec ‘s Director of Threat Research Andrew Brandt is one of many…
-
VB2017 video: Turning Trickbot: decoding an encrypted command-and-control channel
Trickbot, first reported a year ago by Malwarebytes researcher Jérôme Segura as the successor of Dyre/Dyreza, has become perhaps the most important banking trojan of 2017. It is known for its regular updates, with its use of SMB for lateral movement particularly noteworthy. Symantec ‘s Director of Threat Research Andrew Brandt is one of many…
-
Ebury and Mayhem server malware families still active
Whether it is to send spam or to redirect web traffic to malicious payloads, compromised ( Linux ) web servers are the glue in many a malware campaign. Two such networks of compromised servers – about which VB has published papers in the past – have recently received updates. The paper ‘Operation Windigo’ ( pdf ) was…