Articles about Malware

Network forensics is a subset of digital forensics that deals with network attacks and their investigation. In this era of network attacks and malware threats, it’s now more important than ever to have skills to investigate network attacks and vulnerabilities.

Hands-On Network Forensics is not only your ticket to gaining basic skills in network forensics, but also learning how to apply them effectively.

Continue reading →

Analysis by Mimecast of 67 billion attack emails between April and June this year reveals that opportunistic attacks are dominated by Trojans, which make up 71 percent.

Targeted attacks are lower in volume but are specifically designed to get past commodity malware scanners by using newly detected or updated malware not detectable with file signatures.

Continue reading →

With over 350,000 new malware samples emerging every day, it’s difficult for any one strain of malware to make a name for itself. Any single malware sample whose name you know -- be it Mirai, WannaCry, or NotPetya -- speaks to a trail of devastation.

In 2019, people are also hearing another name: Emotet.

Continue reading →

The latest mid-year Cyber Attack Trends Report from Check Point shows mobile banking malware attacks are up 50 percent compared to the first half of 2018, while the number of organizations hit by cryptominers is down to 26 percent, from 41 percent last year.

Among the top banking malware variants are Ramnit (28 percent), a Trojan that steals banking credentials, FTP passwords, session cookies and personal data; Trickbot (21 percent), which first emerged in October 2016; and Ursnif (10 percent) a Trojan that targets the Windows platform.

Continue reading →

June's Global Threat Index from Check Point reveals that the botnet behind the Emotet banking Trojan has been inactive for most of the month.

Check Point's researchers believe that Emotet's infrastructure could be offline for maintenance and upgrade operations, and that as soon as its servers are up and running again, it will be reactivated with new, enhanced threat capabilities.

Continue reading →

Security firm BitDefender has teamed up with the FBI, Europol and other agencies and created decryption software that enables ransomware victims to get their data back for free.

The tool can be used to retrieve files encrypted by the GandCrab family of ransomware which is thought to have originated in Russia. GandCrab has been active for around a year and a half, and hundreds of thousands of people have fallen victim to it.

Continue reading →

Check Point Research, has released its Global Threat Index for May 2019 and is warning organizations to check and patch for the BlueKeep Microsoft RDP flaw in Windows 7 and Windows Server 2008 machines, to prevent the risk of it being exploited for ransomware and cryptomining attacks.

BlueKeep affects nearly a million machines accessible to the public internet and many more within organizations' networks. The vulnerability is critical because it requires no user interaction in order to be exploited. RDP is already an established, popular attack vector which has been used to install ransomware.

Continue reading →

The dark net has become a haven for custom-built, targeted malware, with threats tailored to specific industries or organizations outnumbering off-the-shelf varieties by two to one, according to a new study.

The research from application containment company Bromium also finds four in 10 dark net vendors are selling targeted hacking services aimed at FTSE 100 and Fortune 500 businesses.

Continue reading →

Using code from the famous Mirai worm and the Azazel rootkit, HiddenWasp is a newly discovered malware strain targeting Linux systems.

HiddenWasp is slightly unusual in having Linux in its sights, and the targeted remote control tool is able to avoid detection by all major antivirus software. The malware is described as "sophisticated" as it comprises a deployment script, a trojan and a rootkit. This an  advanced backdoor attack tool that allows for complete remote control of a system.

Continue reading →

Mobdro is a streaming app that can be installed on any Android device, including phones, tablets, Amazon's Fire TV Stick, and Google's Chromecast. It has been gaining in popularity for a while now, especially after all the negative press surrounding rival service Kodi.

However, Mobdro is now facing controversy of its own after a new malware report made a number of damning claims about it.

Continue reading →

Spam emails containing malware significantly dropped in 2018, to just six percent, down from 26 percent in 2017. But at the same time malware is becoming more sophisticated and harder to detect.

These are among the findings of the latest Global Security Report from Trustwave. The largest single category of malware encountered is downloaders at 13 percent.

Continue reading →

Emsisoft has released a free decrypter tool for anyone who has been struck by the Planetary Ransomware, eliminating the need to pay a fee to the attackers.

Before using the tool you are advised to ensure that you have removed the malware from your computer -- something you can do with the free version of Emsisoft Anti-Malware. You also need to ensure that you don't delete the ransom note ("!!!READ_IT!!!.txt") or the decrypter won't work.

Continue reading →

Kaspersky has released the results of an astonishing study that found that almost half of world's Industrial Control System (ICS) computers was subjected to malicious cyber activity last year.

While malware and cyber attacks have been a problem for some time, there is particular concern about the rising numbers of ICS computers being affected. In the case of downtime for such systems, there is the risk of material losses and production downtime at industrial facilities.

Continue reading →

Yesterday we reported about a warning from Kaspersky that the ASUS Live Update Utility had been hacked to deliver ShadowHammer backdoor malware. ASUS has now released a patch to secure systems, and Kaspersky has released a tool that you can use to check whether you have been affected by the malware.

It's important that ASUS users install the patch -- described as a "critical" update by the company -- to secure their systems, but it's also a good idea to use Kaspersky's utility to see whether your computer has been infected with ShadowHammer.

Continue reading →

Kaspersky Lab reports that the software update system used by ASUS was hijacked by hackers and used to deliver a backdoor-laden piece of malware to users. The company estimates that around a million users may have been affected by what it describes as "one of the biggest supply-chain incidents ever".

Back in January, the security firm discovered that a threat actor interfered with the ASUS Live Update Utility, adding a backdoor to it. Signed with an official ASUS certificate and carefully crafted to be precisely the same size as the official tool, the malware -- dubbed ShadowHammer -- went unnoticed for some time.

Continue reading →