Category Archives: Stupid malware tricks

Most malware in circulation are Trojans, and resort to some form of trickery in order to get themselves executed. Sometimes these tricks are, well, dumb, don’t work, or otherwise find themselves worthy of derision and mockery. These are their stories. (DUM DUM!)

Cybercriminals generate malicious Java applets using DIY tools

January 30, 2012 – 3:22 pm

By Dancho Danchev Who said there’s such a thing as a trusted Java applet? In situations where malicious attackers cannot directly exploit client-side vulnerabilities on the targeted host, they will turn to social engineering tricks, like legitimate-looking Java Applets, which will on the other hand silently download the malicious payload of the attacker, once the [...]

By ddanchev | Also posted in Backdoors, Downloaders, Firefox, Google Chrome, Internet Explorer, Keyloggers, malware, social engineering, Threat Research, Trojans | Comments (1)

Morto Worm Annoyances Outstrip Functionality

August 31, 2011 – 1:22 pm

By Andrew Brandt The past couple of days have been very busy for a lot of people, following the announcement by Microsoft that they had discovered a new network worm called Morto. After reading the refreshingly thorough writeup about Morto from both Microsoft and our partner Sophos, we were surprised to find that a few [...]

By mguthrie09 | Also posted in Botnet activity, Deep Knowledge, social engineering, Threat Research | Comments (1)

Trojans Employ Misdirection Instead of Obfuscation

August 25, 2011 – 3:49 pm

By Andrew Brandt An unusual family of Trojans, apparently of Chinese origin, engages in rootkit-like behavior which seems designed not to hide the presence of the malware on an infected system, but to misdirect or confuse a technical person who might be using system analysis tools on an infected computer. The Trojans all originated from [...]

By mguthrie09 | Also posted in Backdoors, Botnet activity, Destructive behavior, Threat Research, Website owners | Leave a Comment

Black Hat Redux: Botnet Takedown Mistakes to Avoid

August 17, 2011 – 12:00 pm

By Andrew Brandt I’ve worked in the security industry for nearly five years, and it was apparent early on that the most successful people in this field bring to their work a passion and a commitment to protecting not only one’s customers, but to providing a certain level of information about security threats to the [...]

By mguthrie09 | Also posted in Advanced Malware Removal, Botnet activity, Deep Knowledge, spam, Threat Research | Comments (3)

New Tool Released: Kiss (or Kick) ZeroAccess Goodbye

August 3, 2011 – 2:09 pm

By Andrew Brandt There are fewer types of malware infections more frustrating and annoying than a rootkit with backdoor capabilities. Over the past couple of years, we’ve seen the emergence of this new, tough-to-fight infectious code, and its transformation from nuisance to severe threat. With the hard work and perseverance of Threat Research Analyst and [...]

By mguthrie09 | Also posted in Threat Research, Advanced Malware Removal, rootkit, Deep Knowledge | Comments (21)

This Week: Black Hat Coverage

August 3, 2011 – 9:45 am

By Andrew Brandt As I do every year, I’ve deliberately traveled to the most inhospitable climate zone in the continental US — that is, the city of Las Vegas — to attend the elite technical conference known as the Black Hat Briefings. Black Hat is not just a technical conference, but a kind of calling [...]

By mguthrie09 | Also posted in Deep Knowledge, Threat Research | Leave a Comment

Brazilian “Winehouse” Trojan Sends Hotmail, Bank Passwords to China

July 29, 2011 – 11:18 am

By Andrew Brandt Late Monday, after news about the death of troubled pop singer Amy Winehouse had been circling the globe for a little more than 48 hours, we saw the first malware appear that used the singer’s name as a social engineering trick to entice victims to run the malicious file. Abusing celebrity names, [...]

By mguthrie09 | Also posted in Botnet activity, phishing, Phishing Trojans, social engineering, spam, Threat Research | Comments (3)

Criminals Abuse Amazon Hosting with Rogues, Ransomware

July 20, 2011 – 11:21 am

By Andrew Brandt The criminals who push rogues at the world don’t really care about the reputations of the ISPs or Web hosting services they abuse. They leap from free service to free service until they’ve thoroughly worn out their welcome and, in some cases, destroyed the reputation of the service they abused. But they [...]

By mguthrie09 | Also posted in Advanced Malware Removal, Botnet activity, Ransomware, Rogue Security Products, social engineering, Threat Research | Comments (2)

ZeroAccess Gets Another Update

July 19, 2011 – 10:13 pm

By Marco Giuliani Among the most infamous kernel mode rootkits in the wild, most of them have had a slowdown in their development cycle – TDL rootkit, MBR rootkit, Rustock are just some examples. The same doesn’t apply for the ZeroAccess rootkit. The team behind it is working quite hard, which we know for a [...]

By mguthrie09 | Also posted in Advanced Malware Removal, Backdoors, Deep Knowledge, Destructive behavior, rootkit, Smart Malware Tricks, Threat Research | Comments (7)

Free Anti-Popureb Tool Released

July 8, 2011 – 4:00 pm

By Andrew Brandt Last week, threat researcher and malware reverse-engineer Marco Giuliani wrote up a fairly technical description of a bootkit — a rootkit that infects the master boot record of the hard drive, making it very difficult to remove — called Popureb. Marco’s report made it clear that the bootkit does not require Windows [...]

By mguthrie09 | Also posted in Advanced Malware Removal, Threat Research | Comments (2)
Follow

Get every new post delivered to your Inbox.

Join 526 other followers