Earlier this year, Action Fraud, the UK’s fraud and cybercrime reporting center, issued a warning that cyber criminals were taking advantage of generous individuals by sending phishing emails purportedly from Migrant Helpline, a charity organization dedicated to assisting migrants across the country. These emails contain a link that is supposed to lead to a donations page. However, instead of landing on a legitimate website, the user instead unwittingly downloads one of the most tenacious malwares in the wild: the veteran Trojan known as RAMNIT, which staged a comeback in 2016.Read More
On November 30th, an international law enforcement operation stamped out Avalanche, a large-scale content and management platform designed for the delivery of bullet-proof botnets. Avalanche’s scale and scope spanned victims from 180 countries, over 800,000 domains in 60+ top-level domains (TLD), more than one million phishing and spam e-mails, 500,000 infected machines worldwide, and 130TB of captured and analyzed data.
The coordinated effort from international law enforcement agencies that include Germany’s Public Prosecutor’s Office Verden and the Lüneburg Police, the U.S.’s Attorney Office for the Western District of Pennsylvania, Department of Justice and the Federal Bureau of Investigation (FBI), Europol, and Eurojust as well as partners in ShadowServer, resulted in one of the most successful anti-cybercrime operations in recent years.Read More
The thing about takedowns is that these do not necessarily wipe out the cybercriminal operations. In 2014, the ZeroAccess takedown has affected the botnet’s click fraud operation, but its infections continued to soar. DRIDEX’s case is similar as it continues to figure predominantly in the threat landscape despite takedown of its multiple command-and-control servers last October 2015.Read More
The resurgence and continued prevalence of macro malware could be linked to several factors, one of which is their ability to bypass traditional antimalware solutions and sandboxing technologies. Another factor is the continuous enhancements in their routines: just recently, we observe that the macro malware related to DRIDEX and the latest crypto-ransomware variant, Locky Ransomware used Form object in macros to obfuscate the malicious code. With this improvement, it could further aid cybercriminals or attackers to hide any malicious activity they perform in their target network or system.Read More
DRIDEX is steadily regaining its footing in the US just over a month after its takedown orchestrated by US and UK law enforcement agencies. Taking down servers is a significant step in crippling botnets, but unless all infrastructure are destroyed and all threat actors are caught, threats like DRIDEX are bound to resurface. As such, it…Read More