Several new malware families have made recent appearances on the Bambenek Consulting feeds and are now tracked also by ThreatSTOP. These malware families are different in action and in their targets.
Read More
Share this:
Nao_sec provides cyber security research dedicated to Exploit Kits. In campaigns that include Exploit Kits, landing pages with malicious code are used in an attempt to exploit a specific vulnerability on the victim's device.
Read MoreShare this:
DShield has a project called the 404Project. The goal of the project is to track attackers looking to compromise web pages.
To do this, they've started selling a Raspberry Pi Honeypot to hook into your network. The alternative, is to embed one of a selection of code snippets into your website's 404 error page. These honey pots track hits on the 404 page. Hackers generate these hits when scanning for vulnerable utilities common to various web hosts. When the 404Project detects these scans, it records the attacker's IP and uploads it to DShield.
Read MoreShare this:
Forums are a useful tool for any corporation, community or association. Much like e-mail spam targets personal and corporate accounts, spambots target all types of forums for marketing or malicious activity.
Read MoreShare this:
Hancitor Downloader has seen many campaigns this year. Malware-Traffic-Analysis, a security research blog operated by Brad Duncan, has published over 40 related articles since the beginning of 2017. Each article covers malspam delivering the downloader, with no sign of the campaigns' wavering.
Read MoreShare this:
Emotet (also Geodo, Feodo) is a banking trojan (discovered by Trend Micro in 2014) that targeted German and Austrian banking clients. In 2015, Kaspersky published findings of a variant targeting Swiss banking clients. Differences in this version included a new public RSA key (replacing the previous version) and removal of comments and debugging information from the Automatic Transfer System (ATS) script. This script enabled the automatic transfer of funds from the infected users bank account to the cyber criminal's.
Read MoreShare this:
A cyber group attributed to Chinese APT activity has used the downloader ZeroT since February 2016, as reported by Proofpoint in 2017.
Read MoreShare this:
The ZeuS malware family was first seen in July 2007, and is the poster child for long-lasting bots. Zbot, one of the aliases of ZeuS, has a familial relation to Terdot. When ZeuS's source code leaked in 2011 bad actors jumped at the chance to start updating its capabilities based on their campaigns. One of these offspring was Terdot. MalwareBytes has made a study of the ZeuS family, and have noted a recent increase in Terdot/Zloader infections.
Read MoreShare this:
- zloader, terdot, MITM, zbot, sundown ek, phishing, Zeus, zeus botnet
In the rapid cycle rise and disappearance of malware campaigns, there are only a few campaigns that last for several years. One of these, is the El Machete malware, which was first discovered by Kaspersky, and is thought to have been active since 2010.
Read MoreShare this:
BankBot is a malware targeting Android OS, and has appeared in the Google Play Store in different forms, often impersonating well-known application icons or names.
Read More