Showing 116 results for: Malware ×

Tale of the Two Payloads – TrickBot and Nitol

A couple of weeks ago, we observed the Necurs botnet distributing a new malware spam campaign with a payload combo that includes Trickbot and Nitol. Trickbot is a banking trojan that first appeared late last year targeting banks in Europe,...

Petya From The Wire: Detection using IDPS

Most malware that traverses a network do so with specific indicators, some of which look like legitimate network traffic and others that are completely unique to the malware. A single IDPS signature can have high confidence of detecting an infection...

The Petya/NotPetya Ransomware Campaign

This is an ongoing, emerging story and may be updated after posting. There is a new wormlike ransomware campaign on the loose today and you wouldn't be mistaken if you're experiencing a little WannaCry deja vu. The campaign has been...

Necurs Recurs

The Necurs botnet, which was responsible for millions of malicious spam messages last year, has recently been extremely active again. For the past three weeks it has spammed emails with a malicious PDF attachment that drops a word document with...

URSNIF is Back Riding a New Wave of Spam

The infamous data-stealing URSNIF malware has done it again and it's here to collect more keystrokes, login credentials, browsing activities, and other user activities. It continues to undress and dress itself differently, time and time again. Earlier this year, we...

The WannaCry Ransomware Campaign

By now you have likely heard about the WannaCry (aka WannaCrypt) ransomware campaign that has taken the world by storm. The campaign has affected organizations and end users in at least 99 countries, shutting down hospitals in the UK and...

Terror Exploit Kit? More like Error Exploit Kit

Q: What does it take to create a simple, yet fully functioning exploit kit? A: Just a little bit of determination. A few weeks ago a website popped up on our radar: www[.]***empowernetwork[.]com This web site, like many others in...

Raiding the Piggy Bank: Webshell Secrets Revealed

Introduction A recent investigation into credit card fraud that was enabled by a webshell revealed several interesting methods used by the attacker. These methods are the subject of this blog, as well as providing some suggestions on what E-commerce companies...

New Carbanak / Anunak Attack Methodology

In the last month Trustwave was engaged by multiple hospitality businesses for investigations by an unknown attacker or attackers. The modus operandi for all three investigations were very similar and appear to be a new Carbanak gang attack methodology, focused...

Sundown EK – Stealing Its Way to the Top

Sundown is one of the newest Exploit Kits on the market these days, and like many up-and-coming exploit kits before it, this means that it is in under constant development. With the recent disappearance of the Angler and Nuclear exploit...

To Obfuscate, or not to Obfuscate

Introduction Malware's goal is to bypass computer defenses, infect a target, and often remain on the system as long as possible. A variety of techniques are used to accomplish these goals. Deciding which of these techniques to use depends on...

PoSeidon Adventures in Memory

Background As an Incident Responder I get the unique opportunity to see a lot of malware and in most cases that I investigate, the malware is of the card number stealing type. To be more specific, I deal with a...