Facebook’s enduring popularity means that cybercriminals find it a tempting lure for their malicious misdeeds. A newly-spotted phishing scam is no exception. We came across a malware sample, which we detected as TSPY_MINOCDO.A. The goal is to redirect users who visit Facebook to a spoofed page, which claims to be a part of the social networking…
Read MoreBlack Hat Europe is a series of highly technical security conferences that gathers professionals, researchers, and leaders of the infosec industry. Below are some of my thoughts about the interesting discussions I attended, which include a compelling talk by Trend Micro threat researcher Kyle Wilhoit about ICS/SCADA. Day 1 My colleague Kyle and I joined…
Read MoreHacktivism and crime is a toxic combination for the health of the Internet. This was shown once again in the recent DDOS attack against Spamhaus.org that peaked at 300 Gbit/s. Spamhaus is a non-profit anti-spam organization that helps to filter spam for millions of Internet users. When Spamhaus goes down a lot of inboxes will…
Read MoreOur investigation and analysis of last week’s MBR wiper attacks in South Korea is still ongoing. This post summarizes our results and available protection. The MBR wiper arrives as a dropper file (detected as TROJ_KILLMBR.SM), which drops four files onto the system: Agentbase.exe –the actual MBR wiper, also detected as TROJ_KILLMBR.SM ~pr1.tmp – a UNIX…
Read MoreWith its rich functionality and accessibility, Evernote is a popular note-taking tool for its many users. Unfortunately, it may also provide the perfect cover for cybercriminals’ tracks. We recently uncovered a malware that appears to be using Evernote as a communication and control (C&C) server. Detected as BKDR_VERNOT.A, the malware attempts to connect to Evernote…
Read More