We first detected the banking malware EMOTET back in 2014, we looked into the banking malware’s routines and behaviors and took note of its information stealing abilities via network sniffing. After a period of relative inactivity, it appears it’s making a comeback with increased activity from new variants that have the potential to unleash different types of payloads in the affected system.Read More
With more households running smart devices that access the internet, the router is typically their only doorkeeper. And whether an end user has a laptop/desktop and router combo, or a miscellany of other devices connected to the network, the security risks are the same. Based on our research, home routers have been most susceptible to cross-site scripting (XSS) and PHP arbitrary code injection attacks, as well as being involved in carrying out DNS amplification attacks.Read More
On November 30th, an international law enforcement operation stamped out Avalanche, a large-scale content and management platform designed for the delivery of bullet-proof botnets. Avalanche’s scale and scope spanned victims from 180 countries, over 800,000 domains in 60+ top-level domains (TLD), more than one million phishing and spam e-mails, 500,000 infected machines worldwide, and 130TB of captured and analyzed data.
The coordinated effort from international law enforcement agencies that include Germany’s Public Prosecutor’s Office Verden and the Lüneburg Police, the U.S.’s Attorney Office for the Western District of Pennsylvania, Department of Justice and the Federal Bureau of Investigation (FBI), Europol, and Eurojust as well as partners in ShadowServer, resulted in one of the most successful anti-cybercrime operations in recent years.Read More
The creator of the banking malware SpyEye, Aleksandr Andreevich Panin, has just been sentenced on charges related to creating and distributing SpyEye. In early 2014, he pleaded guilty to charges related to creating and distributing SpyEye. Information provided by Trend Micro was used to help find the real identities of Panin and his accomplices.Read More
Last April 2015, we talked about FighterPOS, a point-of-sale (PoS) malware that was used in a one-man cybercriminal operation to steal over 22,000 unique credit card numbers and affected more than 100 PoS terminals in Brazil and other countries. We recently came across new and seemingly improved versions of this malware. Among other things, FighterPOS now has propagation capabilities; meaning, it could spread from one PoS malware terminal to another that is connected to the same network and thereby increasing the number of potential victims in one organization.Read More