VB Migration

Tag: trojan

  • Emotet trojan starts stealing full emails from infected machines

    Researchers at Kryptos Logic have discovered that the Emotet banking trojan is exfiltrating entire email bodies as opposed to merely email addresses. Emotet was first discovered in 2014 as a banking trojan but has since evolved to become mostly a distributor of other malware. A typical Emotet infection starts with an email attachment, which downloads…

  • Emotet trojan starts stealing full emails from infected machines

    Researchers at Kryptos Logic have discovered that the Emotet banking trojan is exfiltrating entire email bodies as opposed to merely email addresses. Emotet was first discovered in 2014 as a banking trojan but has since evolved to become mostly a distributor of other malware. A typical Emotet infection starts with an email attachment, which downloads…

  • VB2017 video: Client Maximus raises the bar

    Brazil has long been known as a hotbed of cybercrime, but what makes the country especially unique is that a lot of this cybercrime is inwards-focused. Thus there are many malware strains written explicitly to target the country. One of them is Client Maximus, a banking trojan discovered in 2017 by researchers from IBM Trusteer…

  • VB2017 video: Client Maximus raises the bar

    Brazil has long been known as a hotbed of cybercrime, but what makes the country especially unique is that a lot of this cybercrime is inwards-focused. Thus there are many malware strains written explicitly to target the country. One of them is Client Maximus, a banking trojan discovered in 2017 by researchers from IBM Trusteer…

  • MnuBot banking trojan communicates via SQL server

    Researchers at IBM X-Force have discovered a new banking trojan, dubbed ‘MnuBot’, which is targeting Internet users in Brazil. The trojan performs tasks common to banking malware, such as logging keystrokes, creating screenshots and overlaying the bank’s website with an invisible form. What is most noticeable, though, is the use of a Microsoft SQL server…

  • MnuBot banking trojan communicates via SQL server

    Researchers at IBM X-Force have discovered a new banking trojan, dubbed ‘MnuBot’, which is targeting Internet users in Brazil. The trojan performs tasks common to banking malware, such as logging keystrokes, creating screenshots and overlaying the bank’s website with an invisible form. What is most noticeable, though, is the use of a Microsoft SQL server…

  • VB2017 video: Turning Trickbot: decoding an encrypted command-and-control channel

    Trickbot, first reported a year ago by Malwarebytes researcher Jérôme Segura as the successor of Dyre/Dyreza, has become perhaps the most important banking trojan of 2017. It is known for its regular updates, with its use of SMB for lateral movement particularly noteworthy. Symantec ‘s Director of Threat Research Andrew Brandt is one of many…

  • VB2017 video: Turning Trickbot: decoding an encrypted command-and-control channel

    Trickbot, first reported a year ago by Malwarebytes researcher Jérôme Segura as the successor of Dyre/Dyreza, has become perhaps the most important banking trojan of 2017. It is known for its regular updates, with its use of SMB for lateral movement particularly noteworthy. Symantec ‘s Director of Threat Research Andrew Brandt is one of many…

  • Worms wiggling inside your networks are a lot harder to stop

    Damaging though they were, the recent WannaCry and (Not)Petya outbreaks taught security practitioners many valuable lessons. Unfortunately, they taught important lessons to malware authors too. What contributed to the damage in both cases was the malware’s ability to spread internally using a number of methods, most prominently (though in (Not)Petya’s case not exclusively), a vulnerability…

  • Worms wiggling inside your networks are a lot harder to stop

    Damaging though they were, the recent WannaCry and (Not)Petya outbreaks taught security practitioners many valuable lessons. Unfortunately, they taught important lessons to malware authors too. What contributed to the damage in both cases was the malware’s ability to spread internally using a number of methods, most prominently (though in (Not)Petya’s case not exclusively), a vulnerability…