Virus News

July 27th, 2009

Welcome to our RSS – Virus and Spyware Related News Feed section. This page might take some time loading up as it has to extract and load data from other sources.

Microsoft – Security at Home

PCAdvisor – Security News

Computerworld – Viruses News

Kaspersky – Virus News

Norton Security Articles

Trend Micro malware Blog

  • Ransomware as a Service Princess Evolution Looking for Affiliates -

    We have been observing a malvertising campaign via Rig exploit kit delivering a cryptocurrency-mining malware and the GandCrab ransomware since July 25. On August 1, we found Rig's traffic stream dropping a then-unknown ransomware. Delving into this seemingly new ransomware, we checked its ransom payment page in the Tor network and saw it was called Princess Evolution (detected by Trend Micro as RANSOM_PRINCESSLOCKER.B), and was actually a new version of the Princess Locker ransomware that emerged in 2016. Based on its recent advertisement in underground forums, it appears that its operators are peddling Princess Evolution as a ransomware as a service (RaaS) and are looking for affiliates.

    The post Ransomware as a Service Princess Evolution Looking for Affiliates appeared first on .

  • How Machine Learning Can Help Identify Web Defacement Campaigns -

    Website defacement — the act of visibly altering the pages of a website, notably in the aftermath of a political event to advance the political agenda of a threat actor— has been explored in our various research works. We broke down top defacement campaigns in a previous paper and, in another post, emphasized how machine learning in our security research tool can help Computer Emergency Readiness Teams (CERTs)/Computer Security Incident Response Teams (CSIRTs) and web administrators prepare for such attacks. The latter took off from the analysis done in our most recent paper, Web Defacement Campaigns Uncovered: Gaining Insights From Deface Pages Using DefPloreX-NG. Here we expound on why machine learning (ML) was an ideal method for our analysis to better understand how web defacers operate and organize themselves.

    The post How Machine Learning Can Help Identify Web Defacement Campaigns appeared first on .

  • Malware Targeting Bitcoin ATMs Pops Up in the Underground -

    With the increasing popularity and real-world use of cryptocurrencies and the fact that cybercriminals will always try to exploit something that can make money for them, it shouldn’t come as a surprise that malware targeting Bitcoin ATMs have started appearing in underground markets.

    The post Malware Targeting Bitcoin ATMs Pops Up in the Underground appeared first on .

  • Adversarial Sample Generation: Making Machine Learning Systems Robust for Security -

    The history of antimalware security solutions has shown that malware detection is like a cat-and-mouse game. For every new detection technique, there’s a new evasion method. When signature detection was invented, cybercriminals used packers, compressors, metamorphism, polymorphism, and obfuscation to evade it. Meanwhile, API hooking and code injection methods were developed to evade behavior detection. By the time security solutions started using machine learning (ML)-based detection technologies, it was already expected that cybercriminals would develop new tricks to evade ML.

    To be one step ahead of cybercriminals, one method of enhancing an ML system to counter evasion tactics is generating adversarial samples, which are input data modified to cause an ML system to incorrectly classify it. Interestingly, while adversarial samples can be designed to cause ML systems to malfunction, they can also, as a result, be used to improve the efficiency of ML systems.

    The post Adversarial Sample Generation: Making Machine Learning Systems Robust for Security appeared first on .

  • Spam Campaign Abusing SettingContent-ms Found Dropping Same FlawedAmmyy RAT Distributed by Necurs -

    Trend Micro detected a spam campaign that drops the same FlawedAmmyy RAT (remote access tool) used by a Necurs module to install its final payload on bots under bank- and POS-related user domains. The spam campaign was also found abusing SettingContent-ms – an XML format shortcut file that opens Microsoft's Windows Settings panel. Malicious SettingContent-ms files were found embedded in a PDF document that drops the aforementioned RAT.

    The post Spam Campaign Abusing SettingContent-ms Found Dropping Same FlawedAmmyy RAT Distributed by Necurs appeared first on .

  • The Need for Managed Detection and Response: Persistent and Prevalent Threats in North America’s Security Landscape -

    Current data on the threat landscape of North America shows the need for a comprehensive and proactive approach to security. A traditional approach would be to build a threat response team. However, to be effective against current threats, a threat response team needs to have a considerable amount of skills, time, and resources, which may not be feasible for some organizations. This is only exacerbated by the daily tasks associated with keeping the business up and running. If treated as just a part of the broader job of regular IT staff, threat management can prove overwhelming, as it includes vulnerability assessment, patching, firmware upgrades, vendor management, intrusion detection and prevention systems (IDS/IPS) and firewall monitoring, and other specialized focus areas. And even if enterprises were willing to allot people to react to security incidents, the sheer volume of events and the time-consuming tasks of prioritizing and analyzing them often prove too much to handle.

    These could be handled better by security professionals especially focused on threats — an advantage that managed detection and response (MDR) can bring to organizations. MDR provides advanced threat hunting services, faster alert prioritization, root cause analysis, detailed research, and a remediation plan that empowers organizations with better ability to respond to sophisticated attacks, examples of which have been found throughout North America for the second quarter of 2018.

    The post The Need for Managed Detection and Response: Persistent and Prevalent Threats in North America’s Security Landscape appeared first on .

  • New Underminer Exploit Kit Delivers Bootkit and Cryptocurrency-mining Malware with Encrypted TCP Tunnel -

    We discovered a new exploit kit we named Underminer that employs capabilities used by other exploit kits to deter researchers from tracking its activity or reverse engineering the payloads. Underminer delivers a bootkit that infects the system’s boot sectors as well as a cryptocurrency-mining malware named Hidden Mellifera. Underminer transfers malware via an encrypted transmission control protocol (TCP) tunnel and packages malicious files with a customized format similar to ROM file system format (romfs). These make the exploit kits and its payload challenging to analyze.

    The post New Underminer Exploit Kit Delivers Bootkit and Cryptocurrency-mining Malware with Encrypted TCP Tunnel appeared first on .

  • Open ADB Ports Being Exploited to Spread Possible Satori Variant in Android Devices -

    Recently, we found a new exploit using port 5555 after detecting two suspicious spikes in activity on July 9-10 and July 15. In this scenario, the activity involves the command line utility called Android Debug Bridge (ADB), a part of the Android SDK that handles communication between devices that also allows developers to run and debug apps on Android devices.

    The post Open ADB Ports Being Exploited to Spread Possible Satori Variant in Android Devices appeared first on .

  • Blackgear Cyberespionage Campaign Resurfaces, Abuses Social Media for C&C Communication -

    Blackgear (also known as Topgear and Comnie) is a cyberespionage campaign dating back to 2008, at least based on the Protux backdoor used by its operators. It targets organizations in Japan, South Korea, and Taiwan, leveling its attacks on public sector agencies and telecommunications and other high-technology industries. In 2016, for instance, we found their campaigns attacking Japanese organizations with various malware tools, notably the Elirks backdoor. Blackgear’s operators are well-organized, developing their own tools, which we observed to have been recently fine-tuned, based on their latest attacks.

    The post Blackgear Cyberespionage Campaign Resurfaces, Abuses Social Media for C&C Communication appeared first on .

  • New Andariel Reconnaissance Tactics Hint At Next Targets -

    Reconnaissance plays a vital role in criminal operations, and some groups go to great lengths to investigate their targets' systems. A recent example is the Andariel Group, a known branch of the notorious Lazarus Group. Last month, we tracked new scouting techniques coming from Andariel, used mainly against South Korean targets.

    The post New Andariel Reconnaissance Tactics Hint At Next Targets appeared first on .

  • Washington Post Security Fix

    Comments are closed.
    Wordpress SEO Plugin by Wordpress SEO Plugin