An Ambush for Peculiar Koreans

While researching PlugX propagation with the use of Java exploits we stumbled upon one compromised site that hosted and pushed a malicious Java applet exploiting the CVE 2013-0422 vulnerability. The very malicious Java application was detected heuristically with generic verdict… Read Full Article

Winnti returns with PlugX

Continuing our investigation into Winnti, in this post we describe how the group tried to re-infect a certain gaming company and what malware they used. In the course of our efforts to remove the infection, the gaming company sent us suspicious files that were appearing on their computers. Many of these files were samples of Winnti malware. Read Full Article

The Winnti honeypot – luring intruders

During our research on the Winnti group we have managed to discovered quite a considerable amount of Winnti samples targeting different gaming companies. With the help ofUsing thisat sophisticatedcomplicated malicious program cybercriminals gained remote access to infected workstations and then carried out further they activityed manually. Read Full Article

PlugX is Becoming Mature

Recently, a new Remote Administration Tool has been discovered that started appearing here and there in targeted attacks. This tool is “PlugX”. Researchers have even tracked someone suspected of creating that malware – one of the members of the Chinese hacking group NCPH, which is allegedly in the service of PLA. Read Full Article

A gift from ZeuS for passengers of US Airways

Starting with 20 March a spam campaign targeting passengers of US Airways was being conducted. The criminals were banking on any recipients flying on the flight mentioned in the email clicking on the link “Online reservation details”. After clicking the link a series of redirects led to domains hosting BlackHole Exploit Kit. Exploiting vulnerabilities criminals attempted to infect users with ZeuS variant – GameOver. Read Full Article