Incidents

Good guys doing bad things

An organization called ConsumerReports published an article today that suggests it ‘created 5,500 new virus variants derived from six categories of known viruses, the kind you’d most likely encounter in real life.’

This is a really unwise thing to do. There are plenty of ‘real’ viruses, worms and Trojans around without well-meaning organizations generating more of them, for whatever reason.

The premise on which ConsumerReports seems to have based its actions on is this: “We hadn’t seen any independent evaluation of antivirus software that measured how well products battle both known and new viruses, so we set out to fill that gap.” In fact, AV-comparatives publishes tests evaluating products’ ability to find both known and unknown threats … and they do this without having to create new viruses. There are also a number of other independent organizations that test the detection capabilities of antivirus products, including AV-Test GmbH, Virus Bulletin, ICSA Labs and West Coast Labs.

And they all make their results public; something that ConsumerReports seems not to have done so far.

Good guys doing bad things

Your email address will not be published. Required fields are marked *

 

Reports

The leap of a Cycldek-related threat actor

The investigation described in this article started with one such file which caught our attention due to the various improvements it brought to this well-known infection vector.

Lazarus targets defense industry with ThreatNeedle

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.

Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Subscribe to our weekly e-mails

The hottest research right in your inbox