dcsimg

Process Doppelgänging meets Process Hollowing in Osiris dropper

One of the Holly Grails for malware authors is a perfect way to impersonate a legitimate process. That would allow them to run their malicious module under the cover, being unnoticed by antivirus products. Over the years, various techniques have emerged in helping them to get closer to this goal. This topic is also interesting for researchers and reverse engineers, as it shows creative ways of … [Read more...]

A week in security (July 30 – August 5)

Last week, we posted a roundup of spam that may have landed in your mailbox, talked about what makes us susceptible to social engineering tactics, and took a deep dive into big data. Other news: Facebook claimed to have removed accounts that display behavior consistent with possible Russian actors engaged in misinformation. (Source: The Wall Street Journal) Yale University disclosed that they … [Read more...]

JIGSAW changes its game to cryptojacking

An old friend has veered its ugly head. First mentioned in TechTalk in 2016, JIGSAW has made an appearance with a few updated tweaks. This old form of ransomware has been altered to steal Bitcoin by changing the addresses of wallets and sending the payments to the hacker’s account. JIGSAW was infamous for appearing on […] … [Read more...]

Trojans: What’s the real deal?

The fictional Greeks hiding in their legendary Trojan horse would probably be excited to learn that the default Wiki page for Trojan is, in fact, their big wooden horse thingy (vs. computer infections or dubious businesses). Sorry, fictional ancient Greek warriors. It’s not that we don’t think you’re a big deal—that film with Brad Pitt was at least a 6 out of 10. It’s just that at this … [Read more...]

A week in security (July 16 – July 22)

Last week on Labs, we looked at a Magniber expansion, explored open source vulnerabilities, and checked out the boons and drawbacks of smart assistants. We also continued our ad blocking article extravaganza, gave a whistlestop tour of third-party problems, and published our Q2 Cybercrime tactics & techniques report. Other news: Huge data breach in Singapore (Source: Straights Times) Venmo … [Read more...]

New macro-less technique to distribute malware

One of the most common and effective infection vectors, especially for businesses, is the use of malicious Office documents. This year alone, we witnessed two zero-days for both Flash and the VBScript engine, which were first actually embedded into Office documents before gaining wider adoption in web exploit kits. In addition to leveraging software vulnerabilities, attackers are regularly abusing … [Read more...]

A week in security (June 25 – July 1)

Last week on Labs, we looked at comment moderation duties, Viagra spam on a news-making restaurant’s website, and how to manage your child’s online presence for Internet safety month. We also looked at a set of big breaches and leaks, as well as malware threats with a World Cup vibe. Other news Homeland Security subpoenas “Flash Gordon” (Source: ZDNet) Looking into the … [Read more...]

World Cup 2018: malware attacks gunning for goal

World Cup 2018 is upon us and in full swing, bringing together 32 nations for a month of footballing to see who’ll be crowned World Champion. With the tournament underway, we thought it’d be fun to see which of the footballing powerhouses also expended a similar amount of energy fighting off malware attacks. From January 1 until June 14, the day the World Cup matches began, we gathered … [Read more...]

SamSam ransomware: controlled distribution for an elusive malware

SamSam ransomware has been involved in some high profile attacks recently, and remains a somewhat elusive malware. In its time being active, SamSam has gone through a slight evolution, adding more features and alterations into the mix. These changes do not necessarily make the ransomware more dangerous, but they are added to make it just a bit more tricky to detect or track as it is constantly … [Read more...]

Recognize a phishing attack, then stop it dead in its tracks

We would like to think we can outsmart the bad guys who are trying to phish for our personal data. Learn how to get one step ahead of their hacking attempts. … [Read more...]