[A shorter version of this article was originally published - without illustrations - on the Anti-Phishing Working Group’s eCrime blog.] Phishing attacks targeting academia aren’t the most high-profile of attacks, though they’re more common than you might think. Student populations in themselves constitute a sizeable pool of potential victims for money mule recruitment and other
Bitcoin is not the only crypto-currency targeted by malware now that a Trojan designed to steal Litecoins has been discovered. In this post we review recent discoveries in malware impacting digital money.
A BYOD dissonance between economic imperative and loss of central control? Discontented staff susceptible to social engineering? David Harley reflects on aspects of Business Reimagined, a new book by Dave Coplin, chief envisioning officer at Microsoft UK, interivewed by Ross McGuinness in Metro.
…and nor are we responsible for fake AV/scareware and (more recently) ransomware, though I did suggest in a paper I presented at EICAR a couple of years ago that the bad guys who do peddle that stuff are all too proficient at stealing our clothes, and that maybe some security companies were making it easier
ESET researchers explain the difficulties in attribution of targeted attacks; evidence is often circumstantial and the source never positively identified.
In our previous post on Operation Hangover, we revealed the existence of an attack group, apparently operating from within India, who were mainly targeting systems in Pakistan. In this post, we will analyze the Mac OS X samples that have been linked to this group and will provide new evidence that the Mac and Windows spywares are related.
As an earlier article here noted, the recent report from the Commission on the Theft of American Intellectual Property shows a great deal of concern about the “scale of international theft of American intellectual property” which it estimates to be “hundreds of billions of dollars per year.” However, there’s also been a certain amount of
Recently we realized that from time to time when people find a live link in one of our blogs, they click on it to see where it goes, even though the context might suggest that the link could be malicious. So we thought it might be a good idea to set up a link so
Detailed analysis of a targeted campaign that tries to steal sensitive information from different organizations throughout the world, but particularly in Pakistan.
Some 400 web servers found infected with Linux/Cdorked.A. including 50 in Alexa’s top 100,000 websites. And this backdoor has been applied to Lighttpd and nginx binaries in addition to Apache.
We clarify that the Linux/Cdorked backdoor malware leaves no traces on the hard drive “other than its modified httpd binary” which can be scanned for detection in several ways.
The mysterious Avatar rootkit, detected by ESET as Win32/Rootkit.Avatar, appears to reflect a heavy investment in code development, with an API and a SDK available, plus an interesting abuse of Yahoo Groups for C&C communications.
Analysis of a malicious backdoor serving Blackhole exploit pack found on Linux Apache webserver compromised by malware dubbed Linux/Cdorked.A, together with remediation tool and techniques.
Technical analysis of Power Loader, a special bot builder for making downloaders for other malware families and yet another example of specialization and modularity in malware production.