Posts Categorized: rootkit


An update to the Target breach theory.

by

It was brought to our attention that the research published had flaws. To read our response, please click here: https://community.webroot.com/t5/Security-Industry-News/Update-to-the-Target-breach-theory/m-p/77825

Continue Reading »

Cybercrime Trends 2013 – Year in Review

by

It’s that time of the year! The moment when we reflect back on the cybercrime tactics, techniques and procedures (TTPs) that shaped 2013, in order to constructively speculate on what’s to come for 2014 in terms of fraudulent and malicious campaigns, orchestrated by opportunistic cybercriminal adversaries across the globe. Throughout 2013, we continued to observe and profile TTPs, which were crucial for the success, profitability and growth of the cybercrime ecosystem internationally, such as, for instance, widespread proliferation of the campaigns, professionalism and the implementation of basic business/economic/marketing concepts, improved QA (Quality Assurance), vertical integration in an attempt to occupy […]

Continue Reading »

Cybercriminals experiment with Tor-based C&C, ring-3-rootkit empowered, SPDY form grabbing malware bot

by

By Dancho Danchev Keeping in pace with the latest and most widely integrated technologies, with the idea to abuse them in a fraudulent/malicious way, is an everyday reality in today’s cybercrime ecosystem that continues to be over-supplied with modified and commoditized malicious software. This is achieved primarily through either leaked source code or a slightly different set of ‘common’ malware ‘features’ branded under a different name. What are cybercriminals up to in terms of experimenting with command and control infrastructure? How are they responding to the introduction of new protocols such as, for instance, SPDY, embedded deep into the most popular Internet browsers? Let’s find out. […]

Continue Reading »

Adobe Flash spoof leads to infectious audio ads

by

By Tyler Moffitt We’ve seen quite a few audio ads infecting users recently. We think it’s a good idea to go over an in-depth look at how they infect your computer and how to remediation them. As you can see in this first picture, this is another Adobe Flash spoof that launches its signature update window. You might not be able to see, but the “f” is a little off on the tiny icon at the top left. Either way it looks quite legitimate. It doesn’t matter what option you check; once you click “NEXT” you’ll get this next window. […]

Continue Reading »

A peek inside the ‘Zerokit/0kit/ring0 bundle’ bootkit

by

In a diversified underground marketplace, where multiple market players interact with one another on a daily basis, there are the “me too” developers, and the true “innovators” whose releases have the potential to cause widespread damage, ultimately resulting in huge financial losses internationally. In this post, I’ll profile one such underground market release known as as “Zerokit, 0kit or the ring0 bundle” bootkit which was originally advertised at a popular invite-only/vetted cybercrime-friendly community back in 2011. I’ll emphasize on its core features, offer an inside peek into its administration panel, and discuss the novel “licensing” scheme used by its author, namely, to […]

Continue Reading »

Webroot’s Threat Blog Most Popular Posts for 2012

by

It’s that time of the year! The moment when we look back, and reflect on Webroot’s Threat Blog most popular content for 2012. Which are this year’s most popular posts? What distinguished them from the rest of the analyses published on a daily basis, throughout the entire year? Let’s find out.

Continue Reading »

Russian cybercriminals release new DIY DDoS malware loader

by

On a daily basis, new market entrants into the cybercrime ecosystem attempt to monetize their coding skills by releasing and branding new DIY DDoS malware loaders. Largely dominated by “me too” features, these DIY malware loaders are purposely released with prices lower than the prices of competing bots, in an attempt by the cybercriminal behind them to gain market share – a necessary prerequisite for a successful long-term oriented business model. In this post, I’ll profile a recently released Russian DDoS malware bot. More details:

Continue Reading »

Cybercriminals release ‘Sweet Orange’ – new web malware exploitation kit

by

From DIY (do-it-yourself) exploit generating tools, to efficient platforms for exploitation of end and corporate users, today’s efficiency-oriented cybercriminals are constantly looking for ways to monetize hijacked web traffic. In order to do so, they periodically introduce new features in the exploit kits, initiate new partnerships with managed malware/script crypting services, and do their best to stay ahead of the security industry. What are some of the latest developments in this field? Meet Sweet Orange, one of the most recently released web malware exploitation kits, available for sale at selected invite-only cybercrime-friendly communities. What’s so special about Sweet Orange? Does it […]

Continue Reading »

BlackHole exploit kits gets updated with new features

by

According to independent sources, the author of the most popular web malware exploitation kit currently dominating the threat landscape, has recently issued yet another update to the latest version of the kit v1.2.2. More details:

Continue Reading »

A peek inside the Elite Malware Loader

by

Just like today’s modern economy, in the cybercrime ecosystem supply, too, meets demand on a regular basis. With malware coding for hire propositions increasing thanks to the expanding pool of talented programmers looking for ways to enter the cybercrime ecosystem, it shouldn’t be surprising that  cybercriminals are constantly releasing new malware loaders, cryptors, remote access trojans, or issuing updates to web malware exploitation kits on a periodic basis, using the outsourcing market model. Continuing the “Peek inside…” series, in this post I’ll profile the Elite Malware Loader. In the wild since 2009,  the malware loader is still under active development […]

Continue Reading »