A new ransomware was discovered by security researchers @JAMES_MHT and @benkow_ called RAA that is made 100% from JavaScript. In the past we had seen a ransomware called Ransom32 that was created using NodeJS and packaged inside an executable. RAA is different, because it is is not delivered via an executable, but rather is a standard JS file. ....
SelengkapnyaOver the weekend, I heard from a source who said that since November 2015 he’s been tracking a collection of hacked cash registers. This point-of-sale botnet currently includes more than 100 infected systems, and according to the administrative panel for this crime machine at least half of the compromised systems are running a malicious Microsoft Windows process called cicipos.exe. ...
SelengkapnyaWe located multiple variants of multiple-stage droppers and payloads in the last few months, and although they are not really packed or obfuscated in a conventional way, they use their own methods and tactics of obfuscation and distraction ......
SelengkapnyaAt FireEye Labs, we recently detected the resurgence of a coin mining campaign with a novel and unconventional infection vector in the form of an iFRAME (inline frame) – an HTML document embedded inside another HTML document on a web page that allows users to get content from another separate source and display it within the main web page – embedded in a PE binary (Portable Executable Binary, or .exe). .....
SelengkapnyaRansomWeb attacks are happening five times more frequently in 2016, compared to 2015, security firm High-Tech Bridge is reporting, based on activity seen on its security products in the past six months. ....
SelengkapnyaEarly Monday morning, gaming giant Blizzard had server issues, which led to authentication lockouts for gamers attempting to access Overwatch, Hearth Stone, World of Warcraft, Diablo, Heroes of the Stone, and more. .....
SelengkapnyaInstead of stealing your data, a criminal-run bot-net is using SQL injection to insert hidden links to boost the SEO of their own dodgey sites. .....
SelengkapnyaRecently, a new trend has emerged in non-Windows DDoS attacks. Malware has evolved into complex and relatively sophisticated pieces of code, employing compression, advanced encryption and even rootkit capabilities. Machines running systems supporting the ELF format are targeted – meaning that anything from desktops and servers to IoT devices such as routers or digital video recorders (DVRs) are at risk. ....
Selengkapnya"One piece of advice that often appears in closed message boards used by Russian cybercriminals is “Don’t work with RU”. This is a kind of instruction given by more experienced Russian criminals to the younger generation. It can be interpreted as: “don’t steal money from people in Russia, don’t infect their machines, don’t use compatriots to launder money.”
SelengkapnyaFortinet recently encountered a new ransomware variant that targets a Russian-speaking audience. The file is hosted on a Russian file hosting site, and is likely propagated via drive-by download. It encrypts files and appends the extension with crypt38. ....
Selengkapnya