Webroot Threat Team Member - Tyler Moffitt

Tyler Moffitt

Role: Threat Team Member
Threat Blog Posts: 11

Tyler started at Webroot in 2010 as a Front Line Engineer. He has since moved up in positions to Threat Research Analyst. Tyler focuses improving the consumer experience of cleaning an infection by creating database rules, writing blogs, and testing in-house tools. Tyler has a passion for hands on learning and likes to spend his time gathering samples from the wild to test and improve Webroot’s ability to deal with the latest threats.



Posts by Tyler Moffitt:

Critroni/Onion – Newest Addition to Encrypting Ransomware

by

In my last blog post about a week ago, I talked about how Cryptolocker and the like are not dead and we will continue to see more of them in action. It’s a successful “business model” and I don’t see it going away anytime soon. Not even a few days after my post a new encrypting ransomware emerged. This one even targets Russians! Presenting Critroni (aka. Onion)   This newest edition of encrypting ransomware uses the same tactics of contemporary variants including: paying through anonymous tor, using Bitcoin as the currency, changing the background, dropping instructions in common directories on how to pay the scam. […]

Continue Reading »

Cryptolocker is not dead

by

Recently in the news the FBI filed a status report updating on the court-authorized measures to neutralize GameOver Zeus and Cryptolocker. While the report states that “all or nearly all” of the active computers infected with GameOver Zeus have been liberated from the criminals’ control, they also stated that Cryptolocker is “effectively non-functional and unable to encrypt newly infected computers.” Their reasoning for this is that Cryptolocker has been neutralized by the disruption and cannot communicate with the command and control servers to receive instructions or send RSA keys after encryption. Read more here While seizing the majority of the […]

Continue Reading »

Evolution of Encrypting Ransomware

by

Recently we’ve seen a big change in the encrypting ransomware family and we’re going to shed light on some of the newest variants and the stages of evolution that have led the high profile malware to where it is today. For those that aren’t aware of what encrypting ransomware is, its a cryptovirus that encrypts all your data from local hard drives, network shared drives, removable hard drives and USB. The encryption is done using an RSA -2048 asymmetric public key which makes decryption without the key impossible. Paying the ransom will net you the key which in turn leads to getting […]

Continue Reading »

Top consumer security predictions for 2014

by

Top Predictions for 2014 FBI/ICE MoneyPak Cryptolocker Rogues As this year comes to a close we’ve seen some measurable progress on the infiltration techniques for malware. We’re going to give you some insight into some of the top threats of 2013 and what it could mean for 2014. FBI/ICE MoneyPak   We saw some frightening improvements with Ransomware this year. FBI/ICE MoneyPak or Win32.Reveton was a huge hit to the PC community. Although first seen in 2012 it wasn’t until 2013 that it was tweaked to be one of the most annoying and difficult Ransomware to remove. Once dropped on your […]

Continue Reading »

Rogue antivirus that takes webcam pictures of you

by

Recently we heard of a rogue fake antivirus that takes screenshots and webcam images in an attempt to further scare you into succumbing to it’s scam. We gathered a sample and sure enough, given some time it will indeed use the webcam and take a picture of what’s in front of the camera at that time. This variant is called “Antivirus Security Pro” and it’s as nasty as you can get. The rogue locks down any of the Advanced Boot Options: Safe Mode, Safe mode with Networking, Safe mode with Command prompt, directory services restore mode, ect. As soon as […]

Continue Reading »

ThreatVlog Episode 5: Vodafone hacked, Super Hacker arrested, and bad GTAV torrents

by

In this episode of ThreatVlog, Tyler Moffitt talks about the 2 million user hack that Vodafone experienced last week, which investigators are saying is an inside job.  He also goes into the arrest of Superhacker out of Argentina, who turned computers into zombies and was able to steal $50,000 a month from users.  And in big news, Grand Theft Auto V was released today, and already torrents are being discovered packed full of malware and phishing schemes.

Continue Reading »

New Rogue “Antivirus System” locks you out of safe mode

by

By Tyler Moffitt Recently we’ve seen a new fake security product running around that has made improvements to the standard rogue. Typical rogues are annoying, but relatively easy to take care of. Previously, all you had to do was boot into safe mode with networking and remove the files and registry entries (or install Webroot). Support forums everywhere use safe mode with networking as the “go to” mode for virus removal as non-core components are not loaded at start up and it’s easier to isolate problems. In the vast majority of the rogues we see, they are not loaded in […]

Continue Reading »

Top 5 Fake Security Rogues of 2013

by

By Tyler Moffitt We see users on the internet getting infected with Rogue Security Malware all the time. In fact, it’s one of the most common and obvious type of infections we see. The Rogues lock-down your computer and prevent you from opening any applications so you’re forced to read their scam. Although they use various tactics and convincing GUIs to get onto your computer, they all share a common goal: To get your money.

Continue Reading »

Adobe Flash spoof leads to infectious audio ads

by

By Tyler Moffitt We’ve seen quite a few audio ads infecting users recently. We think it’s a good idea to go over an in-depth look at how they infect your computer and how to remediation them. As you can see in this first picture, this is another Adobe Flash spoof that launches its signature update window. You might not be able to see, but the “f” is a little off on the tiny icon at the top left. Either way it looks quite legitimate. It doesn’t matter what option you check; once you click “NEXT” you’ll get this next window. […]

Continue Reading »