New Downloader for LockyJonell Baltazar and Joonho Sa, Threat Research Blog (FireEye)Locky is ransomware that is aggressively distributed via downloaders attached in spam emails, and it may have surpassed the Dridex banking trojan in popularity. In previous campaigns, the ransomware was downloaded by a macro-based downloader or a JavaScript downloader. However, in April 2016, FireEye Labs observed a new development in the way this ransomware is downloaded onto a compromised system.Selasa, 24 May 2016
New Crypto-Ransomware JIGSAW Plays Nasty GamesJasen Sumalapao, TrendLabs Security Intelligence Blog (Trend Micro)The evolution of crypto-ransomware in terms of behavior takes a step forward, and a creepy one at that. We have recently encountered a nasty crypto-ransomware variant called JIGSAW. Reminiscent to the horror film Saw, this malware toys with users by locking and deleting their files incrementally. To an extent, it instills fear and pressures users into paying the ransom. It even comes with an image of Saw’s very own Billy the puppet, and the red analog clock to boot. ...Selasa, 24 May 2016
Meet GozNym: The Banking Malware Offspring Of Gozi ISFB And NymaimLimor Kessem, Security Intelligence (IBM Blog)IBM X-Force Research uncovered a Trojan hybrid spawned from the Nymaim and Gozi ISFB malware. It appears that the operators of Nymaim have recompiled its source code with part of the Gozi ISFB source code, creating a combination that is being actively used in attacks against more than 24 U.S. and Canadian banks, stealing millions of dollars so far. X-Force named this new hybrid GozNym.Selasa, 24 May 2016
Latest TeslaCrypt Targets New File Extensions, Invests Heavily in EvasionMichael Mimoso, Threat Post (Kaspersky Lab Blog)TeslaCrypt, like many of its ransomware cousins, doesn’t sleep on past success. Researchers at Endgame Inc., have found two updates for the cryptoransomware in the past two weeks that invest heavily in obfuscation and evasion techniques, and also target a host of new file extensions.Selasa, 24 May 2016
Kovter Ad Fraud Trojan Evolves Into RansomwareSecurityWeekKovter, a recently discovered piece of ransomware, represents the latest step in the evolution of a malicious program from police scareware to ad fraud Trojan and now file-encrypting malware. ...Selasa, 24 May 2016
German nuclear plant infected with computer viruses, operator saysChristoph Steitz and Eric Auchard, ReutersThe Gundremmingen plant, located about 120 km (75 miles) northwest of Munich, is run by the German utility RWE. .....Selasa, 24 May 2016
Fake Social Button Plugin Redirects to Angler EKJérôme Segura, Malwarebytes LabsCompromised websites remain one of the surefire ways to redirect innocent visitors to exploit kits. During the past few days we’ve started seeing an unusual route to the infamous Angler EK, notorious for leveraging hacked WordPress and Joomla CMSs. ...Selasa, 24 May 2016
Dental Assn Mails Malware to MembersBrian Krebs, KrebsOnSecurityThe American Dental Association (ADA) says it may have inadvertently mailed malware-laced USB thumb drives to thousands of dental offices nationwide. ....Selasa, 24 May 2016
CryptXXX: New Ransomware From the Actors Behind Reveton, Dropping Via AnglerKafeine, Threat Insight Blog (ProofPoint)Proofpoint researchers recently found a previously undocumented ransomware spreading since the end of March through Bedep after infection via the Angler Exploit Kit (EK). ....Selasa, 24 May 2016
C&C Flaw Offers Glimpse into Dridex OperationsEduard Kovacs, Security WeekResearchers have gained access to a command and control (C&C) panel of the Dridex banking malware, which has allowed them to determine how much information has been stolen by cybercriminals and how much money they might be making. ...Selasa, 24 May 2016
Disclaimer | Copyright © 2013 - Id-SIRTII/CC
Id-SIRTII/CC - Indonesia Security Incident Response Team on Internet Infrastructure/Coordination Center
Menara Ravindo Lt. 17, Jl. Kebon Sirih No. 75 Jakarta Pusat, 10340, Indonesia
Member of: