News Clipping

Malspam pushing Locky ransomware tries HoeflerText notifications [source: sans.edu]

During past two weeks or so, we’ve seen plenty of botnet-based malicious spam (malspam) pushing Locky ransomware.  In recent days, I’ve noticed multiple waves of malspam every weekday.  It gets a bit boring after a while, but as 2017-08-31 came to a close, I noticed a different technique from this malspam. Today’s malspam had links to fake Dropbox pages.  If you viewed the pages in...

Read More


Active ransomware attack uses impersonation and embedded advanced threats [source: barracuda]

In the last 24 hours, the Barracuda advanced security team has observed about 20 million attempts at a ransomware attack through an email attachment “Payment_201708-6165.7z.” In this attack, the source of the email is a spoofed address, and the attachment name and number is included in the subject line and body of the message.  The full subject line in this example is “Emailing: Payment_201708-6165” and...

Read More


RIG exploit kit distributes Princess ransomware [source: malwarebytes]

We have identified a new drive-by download campaign that distributes the Princess ransomware (AKA PrincessLocker), leveraging compromised websites and the RIG exploit kit. This is somewhat of a change for those tracking malvertising campaigns and their payloads. We had analyzed the PrincessLocker ransomware last November and pointed out that despite similarities with Cerber’s onion page, the actual code was much different. A new payment page seemed to have...

Read More


Cobian RAT – A backdoored RAT [source: zscaler]

The Zscaler ThreatLabZ research team has been monitoring a new remote access Trojan (RAT) family called Cobian RAT since February 2017. The RAT builder for this family was first advertised on multiple underground forums where cybercriminals often buy and sell exploit and malware kits. This RAT builder caught our attention as it was being offered for free and had lot of similarities to the njRAT/H-Worm...

Read More


Mining Adminers – Hackers Scan the Internet For DB Scripts [source: blog.sucuri]

Hackers are constantly scanning the internet for exploitable sites, which is why even small, new sites should be fully patched and protected. At the same time, it is not feasible to scan the whole internet with 330+ million domains and billions of web pages. Even Google can’t do it, but hackers are always getting better at reconnaissance. Despite these limitations, scanning just 1% of the internet allows...

Read More


Page 100 of 123« First...102030...9899100101102...110120...Last »