Bot Roundup: Avalanche, Kronos, NanoCore

Credit to Author: BrianKrebs| Date: Tue, 27 Feb 2018 19:10:52 +0000

It’s been a busy few weeks in cybercrime news, justifying updates to a couple of cases we’ve been following closely at KrebsOnSecurity. In Ukraine, the alleged ringleader of the Avalanche malware spam botnet was arrested after eluding authorities in the wake of a global cybercrime crackdown there in 2016. Separately, a case that was hailed as a test of whether programmers can be held accountable for how customers use their product turned out poorly for 27-year-old programmer Taylor Huddleston, who was sentenced to almost three years in prison for making and marketing a complex spyware program.

Read more

A state of constant uncertainty or uncertain constancy? Fast flux explained

Credit to Author: Malwarebytes Labs| Date: Tue, 12 Dec 2017 16:00:00 +0000

Although often seen as an illegal cybercriminal tactic, the methodology behind fast flux is actually far from evil. So how is it being abused? Read on to learn more.

Categories:

Tags:

(Read more…)

The post A state of constant uncertainty or uncertain constancy? Fast flux explained appeared first on Malwarebytes Labs.

Read more

Who Is Marcus Hutchins?

Credit to Author: BrianKrebs| Date: Tue, 05 Sep 2017 10:50:03 +0000

In early August 2017, FBI agents in Las Vegas arrested 23-year-old U.K. resident Marcus Hutchins on suspicion of authoring and/or selling “Kronos,” a strain of malware designed to steal online banking credentials. Hutchins was virtually unknown to most in the security community until May 2017, when a British newspaper revealed him as the “accidental hero” who inadvertently halted the global spread of WannaCry, a ransomware contagion that had taken the world by storm just days before. Relatively few knew it before his arrest, but Hutchins for many years authored the popular cybersecurity blog MalwareTech. When this fact became more widely known — combined with his hero status for halting Wannacry — a great many MalwareTech readers quickly leapt to his defense to denounce his arrest. They reasoned that the government was overstepping on flimsy evidence, noting that Hutchins has worked tirelessly to expose cybercriminals and their malicious tools. To date, some 226 supporters have donated more than $14,000 to his defense fund. At first, I did not believe the charges against Hutchins would hold up under scrutiny. But as I began to dig deeper into the history tied to dozens of hacker forum pseudonyms, email addresses and domains he apparently used over the past decade, a very different picture began to emerge. In this post, I will attempt to describe and illustrate more than three weeks’ worth of connecting the dots from what appear to be Hutchins’ earliest hacker forum accounts to his real-life identity. The clues suggest that Hutchins began developing and selling malware in his mid-teens — only to later develop a change of heart and earnestly endeavor to leave that part of his life squarely in the rearview mirror.

Read more

A week in security (August 28 – September 3)

Credit to Author: Malwarebytes Labs| Date: Mon, 04 Sep 2017 17:00:53 +0000

Last week, we looked at what actions Kronos can perform in the final installment of a 2-part post. We also dived into Locky, again, a ransomware that just made a comeback, and found that its latest variant (as of this writing) has anti-sandboxing capabilities. This means that once Locky has determined that it’s residing in…

Categories:

Tags:

(Read more…)

The post A week in security (August 28 – September 3) appeared first on Malwarebytes Labs.

Read more

Inside the Kronos malware – part 2

Credit to Author: Malwarebytes Labs| Date: Tue, 29 Aug 2017 15:00:00 +0000

In part two of our Kronos malware analysis, we look at the malicious actions Kronos can perform.

Categories:

Tags:

(Read more…)

The post Inside the Kronos malware – part 2 appeared first on Malwarebytes Labs.

Read more

A week in security (August 14 – August 20)

Credit to Author: Malwarebytes Labs| Date: Mon, 21 Aug 2017 16:02:37 +0000

A compilation of security news and blog posts from the 14th of August to the 20th of August. We looked at back to school cybersecurity tips, Kronos malware, and the return of Locky ransomware.

Categories:

Tags:

(Read more…)

The post A week in security (August 14 – August 20) appeared first on Malwarebytes Labs.

Read more