October 2013 -

Archives - October 2013

Tech support scam update: still flourishing, still evolving

[Update 30th October 2013: with regard to the ping gambit discussed below, please note that protection.com now responds to ICMP echo requests – in other words, if you now run the command “ping protection.com” you should now see a screen something like this: Note that this is perfectly normal behaviour for a site that responds

Nymaim: Browsing for trouble

We have already discussed how a system gets infected with Win32/Nymaim ransomware. In this blog post, we reveal a new infection vector, a study of the different international locker designs and ransom prices as well as a complete technical analysis of its communication protocol.