File infectors and ZBOT don’t usually go together, but we recently saw a case where these two kinds of threats did. This particular file infector – PE_PATNOTE.A (MD5 871246d00caffdbed56b1374975c368e) – appends its code to all executable files on the infected system, like so: Figure 1. Before infection Figure 2. After infection What does this code…
Read MoreNikko Tamaña (Threat Response Engineer)
Threat Response Engineer
Evasion is always a goal of cybercriminals. They are not above misusing legitimate sites and services to hide malicious activities. One recent example would be BKDR_VERNOT.A, which tried to use Evernote to hide its activities. Another variant of this malware was recently spotted, but this variant uses a Japanese blogging platform as its command-and-control (C&C)…
Read MoreWith its rich functionality and accessibility, Evernote is a popular note-taking tool for its many users. Unfortunately, it may also provide the perfect cover for cybercriminals’ tracks. We recently uncovered a malware that appears to be using Evernote as a communication and control (C&C) server. Detected as BKDR_VERNOT.A, the malware attempts to connect to Evernote…
Read More