A new Master Boot Record (MBR) rootkit has recently taken the threat spotlight. The Microsoft Malware Protection Center (MMPC) noted a new malware variant that is capable of overwriting a system’s MBR. In MMPC’s post, Microsoft also clarified that using the Windows Recovery Console is enough to return the infected MBR to a clean state and…
Read MoreJoseph Cepe
Threats Analyst
Here at Trend Micro, we have seen all kinds of cybercrime and digital threats. For the first-ever Cybersecurity Awareness Day in Singapore, one of my colleagues, Richard Sheng, has taken time out to explain what so-called “Advanced Persistent Threats” (a.k.a. APT) are. Singapore is one of the first Asian countries to come up with a…
Read MoreApproximately a month ago we released our full analysis of the new file-patching ZeuS variants in the paper “File-Patching ZBOT Variants: ZeuS 2.0 Levels Up“. Recently, however, we received a new LICAT sample (passed along to us via trusted collaborative channels) that communicates with its command-and-control (C&C) server using a pseudo-random domain that was not among…
Read MoreLast September, several individuals were arrested for using information-stealing Trojans created with the well-known ZeuS toolkit. Following this, security researchers anticipated the inevitable “upgrade” to the toolkit/Trojans that will allow cybercriminals to continue their money-making ploy. Soon enough, we received reports on a ZeuS Trojan Trend Micro detects as TSPY_ZBOT.BYZ with the following new features:…
Read MoreWe have been continuously analyzing this new ZeuS “upgrade” known as LICAT (aka Murofet) for some time now. In this update, I will delve on the monitored URLs and domains that LICAT contacts as well as the latest detection names associated with them. The primary difference between LICAT and ZeuS is LICAT’s capability to contact…
Read More