Incidents

Net-integrations.net spamming Trojans

Net-integrations, a site dedicated to malware removal and especially known for its forum has fallen victim to malicious hackers.
Attackers seem to have made use of a vulnerability in the forum software used by Net-integrations to gain access to the server, although this has not yet been confirmed.
The most notable effect so far has been that the server has sent out many emails containing a link to a trojan.

It’s is not the first time an anti-malware site gets compromised via the accompanied forum.
Although phpBB is often the target, this time Invision Power Board fell victim.

A spammed mail looks like this:
(Email adress slightly altered)


From: “Net-Integration Forums”
To: webmaster@net-]integration[.net
Subject: Protect Your PC !!! ( From Net-Integration Forums )

Protect Your PC !!!

Please download antivirus protection
http://antivirusprotection.[removed].net/avp.exe

The file, which next to a Kaspersky related filename also has a Kaspersky AV-like icon, is detected by Kaspersky Anti-Virus as Trojan-Spy.Win32.LdPinch.gen.
LdPinch is a very popular password stealing Trojan family, a generic description of it can be found here.

Several copies of this email have been sent out by the hacker to the members of the forum.

This incident once again shows that your operating system as well as all software needs to be kept uptodate and patched.
I do wonder if the attacker fellt s/he would have much success spamming a security conscious crowd.

Net-integrations.net spamming Trojans

Your email address will not be published. Required fields are marked *

 

Reports

The leap of a Cycldek-related threat actor

The investigation described in this article started with one such file which caught our attention due to the various improvements it brought to this well-known infection vector.

Lazarus targets defense industry with ThreatNeedle

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.

Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Subscribe to our weekly e-mails

The hottest research right in your inbox