Continuing our analysis of the recent Adobe zero-day exploit, we find that the infection chain does not end with the Flash exploit, detected as SWF_EXPLOIT.MJST. Rather, the exploit downloads and executes malware belonging to the BEDEP family. Ties to BEDEP Malware This detail is rather interesting as this is not the first time an Adobe…
Read MoreAlvin Bacani
Research Engineer
Last week we wrote about a sudden hike in crypto-ransomware variants across the Europe, the Middle East and Africa (EMEA) region, specifically seen in Spain, France, Turkey, Italy, and the United Kingdom. In this blog post we will discuss another strain of ransomware known as REVETON, which was seen infecting systems in the United States…
Read MoreCryptolocker, a refinement of Ransomware with file-encryption capabilities emerged in the wild last October 2013. It continuously evolves as seen in the inclusion of new tactics and methods to avoid early detection and convinces unsuspecting users to pay the ‘ransom’ to get their files back. Cryptographic Locker Ransomware We recently spotted a ransomware variant that claims to…
Read MoreEarlier this year, the Federal Bureau of Investigation disrupted the activities of the Gameover botnet. That disruption had a significant effect on the scale of the ZBOT threat, but it was unlikely that cybercriminals would not respond in some fashion. The use of domain generation algorithms (DGAs) is a key part of Gameover, but new variants like TROJ_ZBOT.YUYAQ…
Read MoreOpera recently disclosed that attackers compromised their network and stole at least one expired Opera code signing certificate. The attackers then used this certificate to sign their malware, which tricked the target system and (even) security software into thinking that the file was legitimate. We obtained a sample of the said malware (which is detected…
Read More