Category Archives: Backdoors

An Evolution of Android Malware “My How You’ve Grown PJAPPS!” (Part 1)

February 17, 2012 – 3:44 pm

By Nathan Collier We’ve all seen software grow.  We watch as our favorite software adds on new features and becomes better at what it does.  Malware writers are no different, they want their software to have more features as well as steal even more information. PJApps is a good example of this. PJApps is a [...]

By Lisa Bongiovanni | Also posted in Android, Deep Knowledge, malware, Mobile security, Trojans | Comments (1)

Cybercriminals generate malicious Java applets using DIY tools

January 30, 2012 – 3:22 pm

By Dancho Danchev Who said there’s such a thing as a trusted Java applet? In situations where malicious attackers cannot directly exploit client-side vulnerabilities on the targeted host, they will turn to social engineering tricks, like legitimate-looking Java Applets, which will on the other hand silently download the malicious payload of the attacker, once the [...]

By ddanchev | Also posted in Downloaders, Firefox, Google Chrome, Internet Explorer, Keyloggers, malware, social engineering, Stupid malware tricks, Threat Research, Trojans | Comments (1)

A peek inside the uBot malware bot

January 26, 2012 – 12:18 pm

By Dancho Danchev Participants in the dynamic cybercrime underground ecosystem are constantly working on new cybercrime-friendly releases in the form of malware bots, Remote Access Tools (RATs) and malware loaders. Continuing the “A peek inside…” series, in this post I will profile yet another DIY (do-it-yourself) malware bot, available at the disposal of cybercriminals at [...]

By ddanchev | Also posted in Downloaders, Keyloggers, malware, Passwords, Threat Research, Trojans | Comments (1)

Researchers intercept a client-side exploits serving malware campaign

January 25, 2012 – 12:14 pm

By Dancho Danchev Security researchers from Webroot have intercepted a currently active, client-side exploits-serving malicious campaign that has already managed to infect 18,544 computers across the globe, through the BlackHole web malware exploitation kit. More details:

By ddanchev | Also posted in Downloaders, Firefox, Google Chrome, Internet Explorer, Keyloggers, malware, Passwords, rootkit, Threat Research, Trojans | Comments (2)

A peek inside the Umbra malware loader

January 20, 2012 – 11:46 am

By Dancho Danchev The thriving cybercrime underground marketplace has a lot to offer. From DIY botnet builders, DIY DDoS platforms, to platforms for executing clickjacking and likejacking campaigns, next to drive-by malware attacks, the ecosystem is always a step ahead of the industry established to fight back. Continuing the “A peek inside…” series, in this [...]

By ddanchev | Also posted in Keyloggers, malware, Threat Research, Trojans | Comments (2)

How malware authors evade antivirus detection

January 18, 2012 – 6:37 pm

By Dancho Danchev Aiming to ensure that their malware doesn’t end up in the hands of vendors and researchers, cybercriminals are actively experimenting with different quality assurance processes whose objective is to increase the probability of their campaigns successfully propagating in the wild without detection. Some of these techniques include multiple offline antivirus scanning interfaces [...]

By ddanchev | Also posted in Uncategorized, Phishing Trojans, Keyloggers, Rogue Security Products, Downloaders, malware, Trojans, Ransomware, Dialers, rootkit | Comments (8)

Trojans Employ Misdirection Instead of Obfuscation

August 25, 2011 – 3:49 pm

By Andrew Brandt An unusual family of Trojans, apparently of Chinese origin, engages in rootkit-like behavior which seems designed not to hide the presence of the malware on an infected system, but to misdirect or confuse a technical person who might be using system analysis tools on an infected computer. The Trojans all originated from [...]

By mguthrie09 | Also posted in Botnet activity, Destructive behavior, Stupid malware tricks, Threat Research, Website owners | Leave a Comment

ZeroAccess Gets Another Update

July 19, 2011 – 10:13 pm

By Marco Giuliani Among the most infamous kernel mode rootkits in the wild, most of them have had a slowdown in their development cycle – TDL rootkit, MBR rootkit, Rustock are just some examples. The same doesn’t apply for the ZeroAccess rootkit. The team behind it is working quite hard, which we know for a [...]

By mguthrie09 | Also posted in Advanced Malware Removal, Deep Knowledge, Destructive behavior, rootkit, Smart Malware Tricks, Stupid malware tricks, Threat Research | Comments (7)

Removing Popureb Doesn’t Require a Windows Reinstall

June 30, 2011 – 7:26 am

By Marco Giuliani Last Wednesday, Microsoft published a blog post detailing a significant update to a piece of malware named Popureb. The malware adds code to the Master Boot Record, or MBR, a region of the hard disk that’s read by the PC during bootup, long before the operating system has had a chance to [...]

By Marco Giuliani | Also posted in Advanced Malware Removal, Destructive behavior, malware, Ransomware, Stupid malware tricks, Threat Research, Trojans | Comments (9)

Fake UPS Document Installs Fake Microsoft Patch Payload

June 17, 2011 – 8:12 am

By Andrew Brandt As if we didn’t have enough to deal with this week — after a Microsoft patch Tuesday that brought with it a boatload of security updates for Windows, Office, Silverlight, Visual Studio, and other programs — some enterprising malware distributor is emailing around bogus tracking number malware dressed up in the icon [...]

By mguthrie09 | Also posted in Botnet activity, Downloaders, hijack search results, Keyloggers, Rogue Security Products, social engineering, spam, Stupid malware tricks, Threat Research | Comments (1)
Follow

Get every new post delivered to your Inbox.

Join 546 other followers