RTF (Rich Text Format) files have been used before by cybercriminals, but of late it seems their use of this format is becoming more creative. We’d earlier talked about how CPL files were being embedded in RTF files and sent to would-be victims as an e-mail attachment. These CPL files would then proceed to download malicious…
Read MoreJeffrey Bernardino
Threat Researcher
In the past few weeks, we have seen increasing numbers of infections related to the TROJ_GATAK, especially in the North American region. This malware family is not particularly well known; we discussed it in 2012 in relation with file infectors that were hitting Dutch users. In checking for its possible causes, we’ve found the malware…
Read MoreAttackers are always looking for new ways to attain their goals. Spammed email with malicious file attachments are a frequently used tool. These attachments are usually compressed (frequently as .RAR or .ZIP files) and contain malicious payloads, like the notorious UPATRE malware family. Other common attachments include document files that drop malware. However, since September we have…
Read MoreDuring the past few months, we’ve been observing increases in the number of systems infected by VBS (visual basic scripting) malware, specifically VBS_SOSYOS, VBS_JENXCUS and VBS_DUNIHI. Most of these systems were found in Latin America, a region typically targeted by the Banker/Bancos Trojan. Figure 1. VBS malware activity for the past months in Latin America…
Read MoreI very recently attended the RSA Conference along with my colleagues in San Francisco. Like my colleague Marco who shared some of his key takeaways from the conference, I was able to learn a lot from the presentations. Below are a few of the topics I found particularly interesting. Adobe—Evaluating the World’s Most Exploited Software I have…
Read More