Posts Categorized: Threat Research


Non-executable malicious files and code – Thre@t Reply

by

.exe, PHP, HTML, and the list goes on. How many different kinds of files and code can potentially infect your PC? Webroot threat research analyst Nathan Collier explains a few of the the types of potentially dangerous files, other than the common executable (.exe) that can be found on a Windows PC and cause harm to it. [youtube=http://www.youtube.com/watch?v=CFH8VxP7gmY] If you have a question you want answered by one of our threat experts send it to us! Comment below, tweets us (www.twitter.com/webroot), or email it to us (blog@webroot.com).

Continue Reading »

Morto Worm Annoyances Outstrip Functionality

by

The past couple of days have been very busy for a lot of people, following the announcement by Microsoft that they had discovered a new network worm called Morto. After reading the refreshingly thorough writeup about Morto from both Microsoft and our partner Sophos, we were surprised to find that a few of our customers had been infected — and cleaned up — beginning with some poor schlub in South Africa as early as July 23rd, but the worm kicked into high gear last Thursday and began to propagate rapidly. But, as much as the technical details in these posts […]

Continue Reading »

Trojans Employ Misdirection Instead of Obfuscation

by

An unusual family of Trojans, apparently of Chinese origin, engages in rootkit-like behavior which seems designed not to hide the presence of the malware on an infected system, but to misdirect or confuse a technical person who might be using system analysis tools on an infected computer. The Trojans all originated from a server operated by a free Web host in China, and each sample we tested sent profiling data about the infected system to a command-and-control server located on yet another free Web host, also located in China. It appears to have capabilities to receive instructions to download other […]

Continue Reading »

Black Hat Redux: Botnet Takedown Mistakes to Avoid

by

I’ve worked in the security industry for nearly five years, and it was apparent early on that the most successful people in this field bring to their work a passion and a commitment to protecting not only one’s customers, but to providing a certain level of information about security threats to the world at-large, so even your non-customers can help or protect themselves. It can be hard to know where to stop once you get on a roll. Malware infections frequently lead to unexplored, interesting backwaters on the Internet. And, sometimes, those backwaters are where the criminals run those operations. […]

Continue Reading »

Targeted Malware Infects Windows-based Cash Registers

by

A serious, targeted threat from customized malware that steals credit card magnetic strip track data could literally bankrupt your business. That’s the message two security researchers from Trustwave gave at their talk during the Defcon computer security conference Saturday. The researchers, Jibran Ilyas and Nicholas Percoco of Trustwave Spider Labs, respond to calls for help when businesses find malware in critical systems. When banks field reports of credit card fraud, they try to find the earliest common location or business where all the victims used their card. When they do, the bank calls the business, who then call in the […]

Continue Reading »

TDL3 and ZeroAccess: More of the Same?

by

By Marco Giuliani In our previous technical analysis of the ZeroAccess rootkit, we highlighted how it acts as a framework by infecting the machine — setting up its own private space in the disk, first through a dedicated file system on the disk, and more recently by using a hidden and locked directory. This is where the rootkit stores the modules it downloads from the command and control servers. Until now, the plugins we’ve monitored have been ad-clickers and search engine hijackers. We have also noted how the ZeroAccess rootkit acts very similar to the TDL3 rootkit, either by infecting […]

Continue Reading »

Two Days in Vegas: Black Hat in Brief

by

The Black Hat briefings, held Wednesday and Thursday this week, once again brought together some of the best and brightest in the security industry to share knowledge about novel attacks and better defenses against old and new attacks. And, once again, there were some eye opening moments at the conference. Right from the beginning, it was clear the scope of the conference had shifted from the previous year. Conference founder Jeff Moss described a new, more rigorous committee-driven process that Black Hat had begun to employ to scrutinize and vet talk proposals. Talks this year would be more technical, go […]

Continue Reading »

New Tool Released: Kiss (or Kick) ZeroAccess Goodbye

by

There are fewer types of malware infections more frustrating and annoying than a rootkit with backdoor capabilities. Over the past couple of years, we’ve seen the emergence of this new, tough-to-fight infectious code, and its transformation from nuisance to severe threat. With the hard work and perseverance of Threat Research Analyst and master reverse-engineer Marco Giuliani, we’re proud to release the latest build of a tool we’ve used internally to clean the infections from the notable ZeroAccess rootkit off of victims’ computers. AntiZeroAccess exploits many of the vulnerabilities that Marco discovered in the rootkit to cleanly remove the rootkit code […]

Continue Reading »

This Week: Black Hat Coverage

by

As I do every year, I’ve deliberately traveled to the most inhospitable climate zone in the continental US — that is, the city of Las Vegas — to attend the elite technical conference known as the Black Hat Briefings. Black Hat is not just a technical conference, but a kind of calling for its attendees, which brings together experts in computer security, privacy, and attacks with high level officials in government and industry. In this rarefied environment, the security industry and its benefactors share information, tools, and techniques that help the entire industry coordinate their work against the interests of […]

Continue Reading »

Brazilian “Winehouse” Trojan Sends Hotmail, Bank Passwords to China

by

Late Monday, after news about the death of troubled pop singer Amy Winehouse had been circling the globe for a little more than 48 hours, we saw the first malware appear that used the singer’s name as a social engineering trick to entice victims to run the malicious file. Abusing celebrity names, news, or even deaths isn’t a new (or even particularly interesting) social engineering tactic, but there was one unique aspect to this particular malware’s behavior that raised some eyebrows around here: It appears that Brazilian phisher-Trojan writers seem to be working more closely with their Chinese counterparts, using […]

Continue Reading »