Archive

Malware Calendar Wallpaper for September 2011

Here’s the latest of our malware calendar wallpapers.

1280×800 | 1680×1050 | 1920×1200 | 2560×1600

This month marks the anniversary of the arrest of the alleged author of the CIH virus (also known as Chernobyl). This virus was designed to erase the flash BIOS of PCs running Windows 9x, making the machine unbootable – something that was particularly nasty on notebooks, where hardware components like flash memory are built into the motherboard. CIH also had another payload – to overwrite the hard disk with garbage.

This virus was responsible for damage to a large number of computers in South Korea in 2000, three years after its first appearance.

Today the threat landscape is dominated by malware-for-profit, in contrast to the cyber-vandalism of the 1990s. However, CIH provides a reminder that even cyber-vandalism could have a serious financial impact on its victims.

Malware Calendar Wallpaper for September 2011

Your email address will not be published. Required fields are marked *

 

Reports

Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Lazarus covets COVID-19-related intelligence

As the COVID-19 crisis grinds on, some threat actors are trying to speed up vaccine development by any means available. We have found evidence that the Lazarus group is going after intelligence that could help these efforts by attacking entities related to COVID-19 research.

Sunburst: connecting the dots in the DNS requests

We matched private and public DNS data for the SUNBURST-malware root C2 domain with the CNAME records, to identify who was targeted for further exploitation. In total, we analyzed 1722 DNS records, leading to 1026 unique target name parts and 964 unique UIDs.

What did DeathStalker hide between two ferns?

While tracking DeathStalker’s Powersing-based activities in May 2020, we detected a previously unknown implant that leveraged DNS over HTTPS as a C2 channel, as well as parts of its delivery chain. We named this new malware “PowerPepper”.

Subscribe to our weekly e-mails

The hottest research right in your inbox