We recently investigated a targeted attack against a device manufacturer, and in our analysis, we found that the malware deployed into the target network is a variant of a well-known backdoor, BIFROSE. BIFROSE has been around for many years now, highly available in the cybercriminal underground, and has been used for various cybercriminal activities. One…
Read MoreChristopher Daniel So
Threat Response Engineer
We were alerted to reports of a Crisis/MORCUT malware that supposedly spreads on VMware virtual machines. Our previous post about Crisis/MORCUT cites that it is a backdoor found to specifically target Mac OSX systems. This time around, the Crisis/MORCUT we have on our hands runs in Windows, and interestingly, mounts virtual disks. It does this…
Read MoreWe’ve encountered new malware for Mac OS X systems, which we detect as OSX_MORCUT.A. We found this just as a new Mac OS X version, Mountain Lion (10.8), was being released via the Mac App Store. OSX_MORCUT.A acts as a backdoor into the remote system, giving attackers remote access to infected systems. From there, its…
Read MoreForty websites under the .KR domain, including those managed by the South Korean government and major institutions, suffered from a major distributed denial-of-service (DDoS) attack late last week. The attack was limited to Korea and is very similar to the DDoS attacks in July 2009. The targeted attack, which caused the temporary shutdown of affected…
Read More