Spyware Security

Worm Creates Copies in Password-Protected Archived Files

admin — Fri, 24 May 2013 15:05:24 +0000

Typically users archive file to lump several files together into a single file for convenience or to simply save storage space. However, we uncovered a worm that creates copies of itself even on password-protected archived files. We acquired a sample of a worm (detected as WORM_PIZZER.A) that propagates using a particular WINRAR command line [...]

ZeuS/ZBOT Malware Shapes Up in 2013

admin — Thu, 23 May 2013 21:05:57 +0000

The notorious info-stealing ZeuS/ZBOT variants are reemerging with a vengeance, with increased activity and a different version of the malware seen this year. In our 2013 Security Predictions, we predicted that cybercrime will be characterized by old threats resurfacing, but with certain refinements and new features in tow. The 1Q of the year proved [...]

Is The Raspberry Pi Secure?

admin — Thu, 23 May 2013 07:05:59 +0000

Since its initial release in February 2012 the Raspberry Pi – a very inexpensive, palm-sized computer meant to help teach computer science in schools – has become a favorite of hobbyists, makers, and tech enthusiasts everywhere. Why wouldn’t it be? The Raspberry Pi offers tinkerers a very low-cost (both to buy and to run) [...]

Keeping Up With the Andromeda Botnet

admin — Wed, 22 May 2013 15:05:06 +0000

Last March, I blogged about the Andromeda, a well-known botnet that surfaced in 2011 and is making a comeback this year. Just months after my report, we are still seeing notable activities from the said botnet, in particular a sudden boost of GAMARUE variants last week. The Andromeda botnet is a spam botnet that delivers [...]

What Connections Between Attacks Say About Them

admin — Tue, 21 May 2013 19:05:15 +0000

In the process of investigating and analyzing targeted attacks, we have seen that attacks which may not be related at first glance may in fact be linked; conversely attacks that may seem unrelated may turn out to be connected. Knowing which is which can provide useful information in determining how to respond to an attack. [...]

Hiding in Plain Sight: A New Targeted Attack Campaign

admin — Tue, 21 May 2013 15:05:13 +0000

With added text by Threat Researcher Nart Villeneuve Whether considered advanced persistent threats (APTs) or malware-based espionage attacks, successful and long-term compromises of high-value organizations and enterprises worldwide by a consistent set of campaigns cannot be ignored. Because “noisier” campaigns are becoming increasingly well-known within the security community, new and smaller campaigns are beginning to [...]

Blackhole Spam Run Evades Detection Using Punycode

admin — Mon, 20 May 2013 21:05:15 +0000

The Blackhole Exploit Kit (BHEK) spam run has already assumed various disguises during its course. Some variants have taken various forms, such as official bank notice, cable provider email update, social networking email, and fake courier notification. Lately, we have seen a slew of spam crafted as a notice from the popular retail chain Walmart. [...]

Hiding in Plain Sight: A New APT Campaign

admin — Fri, 17 May 2013 18:05:53 +0000

SafeNet: A Targeted Threat

admin — Fri, 17 May 2013 09:05:42 +0000

With added text by Threat Researcher Nart Villeneuve Whether considered advanced persistent threats (APTs) or malware-based espionage attacks, successful and long-term compromises of high-value organizations and enterprises worldwide by a consistent set of campaigns cannot be ignored. Because “noisier” campaigns are becoming increasingly well known within the security community, new and smaller campaigns are beginning [...]

Get Free Followers! on Instagram? Get Free Malware, Survey Scams Instead

admin — Thu, 16 May 2013 20:05:35 +0000

The popular photosharing app Instagram is the latest social networking site targeted by the ubiquitous survey scams seen on Facebook and Twitter. This time, we found that these survey scams may also lead users to download an Android malware. I found the following accounts who wanted to ‘follow’ me on Instagram. This is the standard [...]