Archive: All - Securelist

SynAck targeted ransomware uses the Doppelgänging technique

May 7, 2018, 10:00 am.

Anton Ivanov, Fedor Sinitsyn, Orkhan Mamedov

In April 2018, we spotted the first ransomware employing the Process Doppelgänging technique – SynAck ransomware. It should be noted that SynAck is not new, but a recently discovered sample caught our attention after it was found to be using Process Doppelgänging. Here we present the results of our investigation of this new SynAck variant. Read Full Article

Incidents

Breaking The Weakest Link Of The Strongest Chain

February 16, 2017, 9:54 am.

IDF C4I, Ido Naor

Around July last year, more than a 100 Israeli servicemen were hit by a cunning threat actor. The attack compromised their devices and exfiltrated data to the attackers’ C&C. In addition, the compromised devices were pushed Trojan updates. The operation remains active at the time of writing this post. Read Full Article

Research

Obfuscated malicious office documents adopted by cybercriminals around the world

August 6, 2014, 7:00 am.

Dmitry Bestuzhev

After going out of fashion for a number of years, malicious macros inside Office files have recently experienced a revival. And why not, especially if they are a lot cheaper than exploits and capable of doing the same job? Read Full Article

Incidents

Encrypted Java Archive Trojan bankers from Brazil

February 6, 2014, 8:58 pm.

Dmitry Bestuzhev

I have never bought a PlayStation and neither has my colleague Micha-san from Japan – well, in his case, at least not from Brazil. Nonetheless, we both received the same email notification: In this instance cybercriminals from Brazil have used a new,… Read Full Article

APT reports

The MiniDuke Mystery: PDF 0-day Government Spy Assembler 0x29A Micro Backdoor

February 27, 2013, 6:00 pm.

GReAT

New Adobe PDFs exploiting CVE-2013-0640 drop sophisticated malware known as “MiniDuke”. Read Full Article

Research

Steganography or encryption in bankers?

November 10, 2011, 2:03 pm.

Dmitry Bestuzhev

Cybercriminals avoiding detection and automated monitoring by block cipher using. Read Full Article

Incidents

iFrames = Apple too?

June 12, 2010, 7:36 pm.

Michael Molsner

Looking up definitions for ‘iframe’ does indeed give results about “… a constraint of the H.264 codec specified by Apple to ensure ease of consumer video editing.”. Such iframes do contain all necessary rendering information and serve as reference to construct other frames. But here we discuss the other kind of iframes – HTML tags. Read Full Article

Research

New Brazilian banking Trojans recycle old URL obfuscation tricks

March 20, 2010, 1:17 am.

Josh Phillips

Fabio, our researcher in Brazil, has noticed malware authors using an old trick to mask URLs. The trick involves specifying an IP address such as say, 66.102.13.19 (the IP address of google.com, borrowed from my colleague, Costin) in a numerical base other than base 10. Read Full Article

Opinion

More thoughts on drawing the line

April 30, 2008, 8:17 pm.

Vitaly Kamluk

More thoughts on drawing the line Read Full Article

Opinion

Drawing the line

April 29, 2008, 1:09 am.

Eugene Kaspersky

The Race to Zero is not a questionable affair – no questions about it…it is unethical. Read Full Article

Securelist Archive

Tag: Obfuscation

SynAck targeted ransomware uses the Doppelgänging technique

Encrypted Java Archive Trojan bankers from Brazil

The MiniDuke Mystery: PDF 0-day Government Spy Assembler 0x29A Micro Backdoor

Steganography or encryption in bankers?

iFrames = Apple too?

New Brazilian banking Trojans recycle old URL obfuscation tricks

More thoughts on drawing the line

Drawing the line

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001