Tag Archives: malware

Three easy steps to stay clear of ransomware in 2018

In 2017, Avast blocked more than 122 million WannaCry attacks, the infamous ransomware that caused tears to be shed around the globe. That attack, along with the Petna and Bad Rabbit ransomware attacks, cost consumers and businesses around the world more than 5 billion dollars. Without a doubt, ransomware was the year’s biggest threat. And this terrible trend will unfortunately continue rising in 2018.

Downloaders on Google Play spreading malware to steal Facebook login details

Multiple downloaders, malicious apps that download further malicious apps to infected devices, have made it onto the Google Play Store. The downloaders are capable of downloading further apps that pose as system apps, some of which are capable of steal…

Locky’s JavaScript downloader

      No Comments on Locky’s JavaScript downloader

Locky is a considerable security threat that is now widely spread.

It seems that Locky’s authors are now predominately using one campaign to spread the ransomware. Last week, we published a blog post about Locky Ransomware, the ransomware that is most likely being spread by the infamous Dridex botnet. In our last blog post, we described three campaigns the Locky authors are using to spread their malware. Now Locky’s authors are mainly using the campaign with javascript packed into a zip file sent to people through phishing emails.

A closer look at the Locky ransomware

      No Comments on A closer look at the Locky ransomware

Today, we bring you a deep look into the latest ransomware called Locky. This new file encryptor, targeting PC users, has most likely been created by authors of the well-known Dridex botnet and is spread the same way.

Locky uses all “top class” features, such as a domain generation algorithm, custom encrypted communication, TOR/BitCoin payment, strong RSA-2048+AES-128 file encryption and can encrypt over 160 different file types, including virtual disks, source codes and databases.

We monitored the Locky family this past month and discovered a second variant of the malware, which has new features and program code improvements. Locky’s authors added a new hard-coded seed to the domain generation algorithm, which allows them to deactivate Locky on Russian PCs.

Infection vector

Locky is spreading via spam email campaigns that are similar to those used by the Dridex botnet. They use similar file names, obfuscation, email content and structure of download URLs.

We have observed three different campaign versions of Locky and have described them below.

Below is an example of one of the spam emails. The emails are designed to make people believe they were sent from large companies such as Nordstrom, Symantec and Crown Holdings.

May the force, but not the malware, be with you!

      No Comments on May the force, but not the malware, be with you!

Not very long ago, in a galaxy not far away, a group of cybercriminals decided to take advantage of the Star Wars effect to spread malware among the most impatient fans. A lot of people cannot wait to see Star Wars: The Force Awakens, and that’s something cybercrooks know. That’s why a lot of links […]

Popularity of Apple devices prompts surge of new threats

Apple users can no longer be complacent about security, as the number of infections and new threats rises.Read More

Terror-alert spam targets the Middle East, Canada to spread malware

Cybercriminals spoof law enforcement officials in Dubai, Bahrain, Turkey, and Canada to send terror-alert spear-phishing emails containing Backdoor.Sockrat.Read More

Sticking unknown USB devices into your computer is risky business

If you found a USB stick, would you plug it into your laptop to see what’s on it? Sounds like a risky thing to do, but in a recent experiment in four major U.S. cities, that’s exactly what happened when 200 unbranded USB devices were left in public places. One in five people let their […]

?????????????????????????

      No Comments on ?????????????????????????

日本国内のプリンタなどの機器販売業者から送信された注文確認に偽装した偽メールが、Infostealer.Shiz を拡散しています。心当たりのないメールには十分に警戒してください。

Read More