Tag: malware
-
Ebury and Mayhem server malware families still active
Whether it is to send spam or to redirect web traffic to malicious payloads, compromised ( Linux ) web servers are the glue in many a malware campaign. Two such networks of compromised servers – about which VB has published papers in the past – have recently received updates. The paper ‘Operation Windigo’ ( pdf ) was…
-
VB2017 preview: Offensive malware analysis: dissecting OSX/FruitFly.B via a custom C&C server
Apart from the odd taxi driver loudly making the claim, the idea that “Macs don’t get malware” has become something of the past. Nevertheless, most security researchers focus on Windows (and increasingly Android ) malware, thus making malware that targets macOS still the odd one out. Someone who for years has focused almost exclusively on…
-
VB2017 preview: Offensive malware analysis: dissecting OSX/FruitFly.B via a custom C&C server
Apart from the odd taxi driver loudly making the claim, the idea that “Macs don’t get malware” has become something of the past. Nevertheless, most security researchers focus on Windows (and increasingly Android ) malware, thus making malware that targets macOS still the odd one out. Someone who for years has focused almost exclusively on…
-
Hot FinSpy research completes VB2017 programme
The infamous FinSpy (or FinFisher) government spyware has managed to keep a low profile in recent years, though its use of two Microsoft zero-days ( CVE-2017-0199 and CVE-2017-8759 ) this year shows that it is still active. Today, researchers from ESET have published new research which points to the spyware using a different infection method:…
-
Hot FinSpy research completes VB2017 programme
The infamous FinSpy (or FinFisher) government spyware has managed to keep a low profile in recent years, though its use of two Microsoft zero-days ( CVE-2017-0199 and CVE-2017-8759 ) this year shows that it is still active. Today, researchers from ESET have published new research which points to the spyware using a different infection method:…
-
VB2017 preview: Android reverse engineering tools: not the usual suspects
Six years ago (coincidentally the last time the VB conference was held in Spain) saw the first VB conference paper presented on Android malware, which at that time was still an esoteric and mostly theoretical threat. Things have changed a lot in the last six years – something that is perhaps best illustrated by Google ‘s…
-
VB2017 preview: Android reverse engineering tools: not the usual suspects
Six years ago (coincidentally the last time the VB conference was held in Spain) saw the first VB conference paper presented on Android malware, which at that time was still an esoteric and mostly theoretical threat. Things have changed a lot in the last six years – something that is perhaps best illustrated by Google ‘s…
-
Malicious CCleaner update points to a major weakness in our infrastructure
For the security community, 2017 might well be called the year of the update: two of the biggest security stories – the WannaCry outbreak and the Equifax breach – involved organizations being hit badly as a consequence of not having installed (security) updates, while another major story, that of (Not)Petya , concerned a threat that…
-
Malicious CCleaner update points to a major weakness in our infrastructure
For the security community, 2017 might well be called the year of the update: two of the biggest security stories – the WannaCry outbreak and the Equifax breach – involved organizations being hit badly as a consequence of not having installed (security) updates, while another major story, that of (Not)Petya , concerned a threat that…
-
Despite the profitability of ransomware there is a good reason why mining malware is thriving
When, a few years ago, a friend and I were analysing a rather large botnet and we saw some network traffic indicating that it was engaged in Bitcoin mining, we felt rather disappointed: using malware to mine for cryptocurrencies is about as basic as it gets. It is the digital equivalent of breaking into someone’s house,…