Showing 111 results for: Malware ×

Necurs Recurs

The Necurs botnet, which was responsible for millions of malicious spam messages last year, has recently been extremely active again. For the past three weeks it has spammed emails with a malicious PDF attachment that drops a word document with...

URSNIF is Back Riding a New Wave of Spam

The infamous data-stealing URSNIF malware has done it again and it's here to collect more keystrokes, login credentials, browsing activities, and other user activities. It continues to undress and dress itself differently, time and time again. Earlier this year, we...

The WannaCry Ransomware Campaign

By now you have likely heard about the WannaCry (aka WannaCrypt) ransomware campaign that has taken the world by storm. The campaign has affected organizations and end users in at least 99 countries, shutting down hospitals in the UK and...

Terror Exploit Kit? More like Error Exploit Kit

Q: What does it take to create a simple, yet fully functioning exploit kit? A: Just a little bit of determination. A few weeks ago a website popped up on our radar: www[.]***empowernetwork[.]com This web site, like many others in...

Raiding the Piggy Bank: Webshell Secrets Revealed

Introduction A recent investigation into credit card fraud that was enabled by a webshell revealed several interesting methods used by the attacker. These methods are the subject of this blog, as well as providing some suggestions on what E-commerce companies...

New Carbanak / Anunak Attack Methodology

In the last month Trustwave was engaged by multiple hospitality businesses for investigations by an unknown attacker or attackers. The modus operandi for all three investigations were very similar and appear to be a new Carbanak gang attack methodology, focused...

Sundown EK – Stealing Its Way to the Top

Sundown is one of the newest Exploit Kits on the market these days, and like many up-and-coming exploit kits before it, this means that it is in under constant development. With the recent disappearance of the Angler and Nuclear exploit...

To Obfuscate, or not to Obfuscate

Introduction Malware's goal is to bypass computer defenses, infect a target, and often remain on the system as long as possible. A variety of techniques are used to accomplish these goals. Deciding which of these techniques to use depends on...

PoSeidon Adventures in Memory

Background As an Incident Responder I get the unique opportunity to see a lot of malware and in most cases that I investigate, the malware is of the card number stealing type. To be more specific, I deal with a...

Digging in the Spam Folder

Introduction Unlike spam that appears in my real-world mailbox, the numerous unwanted parcels that arrive continuously in my Gmail spam folder are a gold mine. Not because I'm being offered $1.5 million USD to help with a foreign currency deposit,...

PoSeidon Completionist

Introduction Most gamers have explored every nook and cranny of their favorite game, completing achievements for hours after they finished the main story line. This same completionist attitude drives a lot of forensic investigators to try to solve every last...

Angler Exploit Kit – Gunning For the Top Spot

They say that with great power comes great responsibility. In the world of websites the more popular your website is the greater your responsibility, and being responsible means, amongst other things, keeping your systems up-to-date. We've recently come across an...

Endless Evasion Racing Game

In the past year we have been exploring the Magnitude Exploit Kit - one of the major actors in the cybercriminal scene. Like most of the modern exploit kits Magnitude is comprised of several layers in order to decrease the...

Neutrino Exploit Kit – One Flash File to Rule Them All

There's been a bit of talk about the Neutrino exploit kit lately, most of it revolving around sites redirecting users to Neutrino. But Neutrino has also been through some interesting technological changes and now the landing page of Neutrino only...