VB Migration

Tag: trojan

  • VB2016 paper: Diving into Pinkslipbot’s latest campaign

    Pinkslipbot, also known as Qakbot or Qbot, is a banking trojan that makes the news every once in a while, yet never seems to get the attention of the world’s Zbots and Dridexes. I looked at the malware myself three years ago , but since then it has been updated several times, the most recent…

  • VB2016 paper: Diving into Pinkslipbot’s latest campaign

    Pinkslipbot, also known as Qakbot or Qbot, is a banking trojan that makes the news every once in a while, yet never seems to get the attention of the world’s Zbots and Dridexes. I looked at the malware myself three years ago , but since then it has been updated several times, the most recent…

  • VB2016 video: Neverquest: Crime as a Service and On the Hunt for the Big Bucks

    Earlier this month, Spanish police officers arrested a Russian national on suspicion of creating the Neverquest banking trojan. Neverquest, also known as Vawtrak, is one of the most prevalent banking trojans of the moment, so while the arrest might not have a significant impact on cybercrime overall, it is good news: it sends the important message…

  • VB2016 video: Neverquest: Crime as a Service and On the Hunt for the Big Bucks

    Earlier this month, Spanish police officers arrested a Russian national on suspicion of creating the Neverquest banking trojan. Neverquest, also known as Vawtrak, is one of the most prevalent banking trojans of the moment, so while the arrest might not have a significant impact on cybercrime overall, it is good news: it sends the important message…

  • Throwback Thursday: I say Virus, You say Trojan

    This Throwback Thursday, VB heads back to 1998 — a time when anti-virus vendors avoided tackling non-replicating trojans, worms, jokes and corrupted files. Today, the idea of security vendors not tackling trojans or other forms of malware seems absurd, yet back in the 90s, anti-virus vendors argued that because, by definition, they developed anti-virus ,…

  • Paper: Shifu — the rise of a self-destructive banking trojan

    Thorough analysis of this new kid on the malware block. Times are changing rapidly for banking trojans. Some prominent arrests and at least partially successful takedowns have left space for new criminal entrepreneurs in this malicious, yet highly profitable market. ‘Shifu’ seems to have filled part of this space. First mentioned publicly by IBM in…

  • Paper: Not a GAMe maKER

    Raul Alvarez performs low-level analysis of information-stealing trojan. The Gamker information-stealing trojan (also known as Shiz) has been around for a few years. It made the news back in 2013 when it was found to target SAP applications. Today, we publish an article by Fortinet researcher Raul Alvarez who performed a low-level analysis of the…

  • Paper: Life after the apocalypse for the Middle Eastern NJRat campaign

    Malware authors upped their game following 2014 disruption of No-IP. In June last year, somewhat controversially Microsoft moved against dynamic DNS provider No-IP and seized 22 of its domains, subdomains of which were used to spread and control the NJRat (also known as Bladabindi) and NJw0rm (also known as Jenxcus) malware families, both of which…

  • Vawtrak uses Tor2Web to connect to Tor hidden C&C servers

    Option hides the servers, without having to include a Tor client in the malware. The authors of the Vawtrak trojan (also known as Neverquest) have moved some of its C&C servers to Tor hidden services and made the malware use Tor2Web to connect to them, Fortinet researcher Raul Alvarez writes . The use of hidden…

  • Vawtrak trojan spread through malicious Office macros

    Users easily tricked, but plenty of opportunity for the malware to be blocked. Researchers at Trend Micro report that the ‘Vawtrak’ banking trojan now also spreads through Office macros, embedded in documents that are attached to spam emails. Vawtrak rose to prominence late last year, when it broadened its scope from targeting Japanese banking users…