RSS Reader for Computer Security Articles
We at the MMPC are constantly tracking new and emerging ransomware threats so we can be one step ahead of active campaigns and help protect our users. As part of these efforts, we recently came across a new variant of the Win32/Troldesh ransomware family. Ransomware, like most malware, is constantly trying to change itself in…
Read MoreRecently, we blogged about the basic functionality and features of the DUBNIUM advanced persistent threat (APT) activity group Stage 1 binary and Adobe Flash exploit used during the December 2015 incident (Part 1, Part 2). In this blog, we will go through the overall infection chain structure and the Stage 2 executable details. Stage 2 executables…
Read MoreWe are alerting Windows users of a new type of ransomware that exhibits worm-like behavior. This ransom leverages removable and network drives to propagate itself and affect more users. We detect this ransomware as Ransom:Win32/ZCryptor.A. Infection vector Ransom:Win32/ZCryptor.A is distributed through the spam email infection vector. It also gets installed in your machine through…
Read MoreDUBNIUM (which shares indicators with what Kaspersky researchers have called DarkHotel) is one of the activity groups that has been very active in recent years, and has many distinctive features. We located multiple variants of multiple-stage droppers and payloads in the last few months, and although they are not really packed or obfuscated in a…
Read MoreRecently, we’ve seen reports of malicious files that misuse the legitimate Office object linking and embedding (OLE) capability to trick users into enabling and downloading malicious content. Previously, we’ve seen macros used in a similar matter, and this use of OLE might indicate a shift in behavior as administrators and enterprises are mitigating against this…
Read MoreWe recently came across a file (ORDER-549-6303896-2172940.docm, SHA1: 952d788f0759835553708dbe323fd08b5a33ec66) containing a VBA project that scripts a malicious macro (SHA1: 73c4c3869304a10ec598a50791b7de1e7da58f36). We added it under the detection TrojanDownloader:O97M/Donoff – a large family of Office-targeting macro-based malware that has been active for several years (see our blog category on macro-based malware for more blogs). However, there wasn’t…
Read MoreFor the past three months, we have seen ransomware hop its way across globe. Majority of the ransomware incidents are found in the United States, then Italy, and Canada. The prevalence of large-scale ransomware incidents led the United States and Canadian governments to issue a joint statement about ransomware. Due to the global ransomware incidents, the…
Read MoreEvery month, Microsoft’s Malicious Software Removal Tool (MSRT) scans more than 500 million Windows devices for malware and malicious software. This tool aids in the detection and removal of malware from 1 to 2 million machines each time, even on those devices running antivirus software. Meanwhile, many Windows customers continue to use the Microsoft Safety…
Read More