Often, virus writers don’t even bother to run encryption or mask their communications. However, you do get the occasional off-the-wall approaches that don’t fall into either of the categories. Take, for instance, the case of a Trojan that Kaspersky Lab researchers discovered in mid-March and which establishes a DNS tunnel for communication with the C&C server. Read Full Article
APT Trends report, Q1 2017
Kaspersky Lab is currently tracking more than a hundred threat actors and sophisticated malicious operations in over 80 countries. During the first quarter of 2017, there were 33 private reports released to subscribers of our Intelligence Services, with IOC data and YARA rules to assist in forensics and malware-hunting. Read Full Article
Hajime, the mysterious evolving botnet
Hajime (meaning ‘beginning’ in Japanese) is an IoT worm that was first mentioned on 16 October 2016 in a public report by RapidityNetworks. In this blogpost we outline some of the recent ‘improvements’ to Hajime, some techniques that haven’t been made public, and some statistics about infected IoT devices. Read Full Article
XPan, I am your father
While we have previously written on the now infamous XPan ransomware family, some of it’s variants are still affecting users primarily located in Brazil. This sample is what could be considered as the “father” of other XPan ransomware variants. A considerable amount of indicators within the source code depict the early origins of this sample. Read Full Article
Exploits: how great is the threat?
How serious, really, is the danger presented by exploits? The recent leak of an exploit toolset allegedly used by the infamous Equation Group suggests it’s time to revisit that question. Using our own telemetry data and intelligence reports as well as publicly available information, we’ve looked at the top vulnerabilities and applications exploited by attackers. Read Full Article
Personalized Spam and Phishing
Lately we have been noticing an opposite tendency occurring quite often, wherein fraud becomes personalized and spammers invent new methods to persuade the recipient that the message is addressed personally to him. Thus, in the malicious mailing that we discovered last month, spammers used the actual postal addresses of the recipients in messages to make them seem as credible as possible. Read Full Article
The security is still secure
Recently WikiLeaks published a report that, among other things, claims to disclose tools and tactics employed by a state-sponsored organization to break into users’ computers and circumvent installed security solutions. The list of compromised security products includes dozens of vendors and relates to the whole cybersecurity industry. Read Full Article
Old Malware Tricks To Bypass Detection in the Age of Big Data
Kaspersky Lab has been tracking a targeted attack actor’s activities in Japan and South Korea recently. This attacker has been using the XXMM malware toolkit, which was named after an original project path revealed through a pdb string inside the file. Read Full Article
Unraveling the Lamberts Toolkit
The Lamberts is a family of sophisticated attack tools that has been used by one or multiple threat actors against high-profile victims since at least 2008. The arsenal includes network-driven backdoors, several generations of modular backdoors, harvesting tools, and wipers. Read Full Article
Ransomware in targeted attacks
Ransomware’s popularity has attracted the attention of cybercriminal gangs; they use these malicious programs in targeted attacks on large organizations in order to steal money. In late 2016, we detected an increase in the number of attacks, the main goal of which was to launch an encryptor on an organization’s network nodes and servers. Read Full Article