Kovter – Computer Security Articles

Fileless malware: getting the lowdown on this insidious threat

August 29, 2018 admin file history, fileless infections, fileless malware, fileless malware attacks, Kovter, magnitude EK, malware, poweliks, Powershell, Ram, SamSam, samsam ransomware, semi-fileless, SOC team, Threat analysis, windows

Credit to Author: Vasilios Hioureas| Date: Wed, 29 Aug 2018 16:48:35 +0000

In this series of articles, we provide an in-depth discussion of fileless malware and their related attacks. In part one, we cover a brief overview of the problems with and general features of fileless malware, laying the groundwork for technical analysis of various samples employing fileless and semi-fileless methods.

Categories:

Tags: file history fileless infections fileless malware fileless malware attacks kovter magnitude EK poweliks powershell RAM samsam samsam ransomware semi-fileless SOC team windows

Kaspersky Security

Malware spread through PornHub

October 10, 2017 admin KovCoreG, Kovter, malvertising, malware, news, porn, pornhub, Threats

Credit to Author: Jeffrey Esposito| Date: Tue, 10 Oct 2017 16:38:09 +0000

One of the most popular porn sites in the world was serving malware through ads to millions of its users.

MalwareBytes Security

Report: Second quarter dominated by ransomware outbreaks

July 6, 2017 admin ad fraud, adam kujawa, Adam McNeil, Adware, Amazon Phishing, Armando Orozco, astrum, boaxxee, breach, breaches, Cerber, cybercrime tactics & techniques, cybercrime tactics and techniques, dok, DoublePulsar, EK, EternalBlue, EternalPetya, exploit kit, Findzip, fireball, handbrake, Jaff, Jean-Philippe Taggart, Jerome Segura, Kovter, Locky, Magnitude, Malwarebytes, malwarebytes labs, Malwarebytes news, Marcelo Rivero, Nathan Collier, NotPetya, NSA, nymain, Petya, Pieter Artnz, proton, proton RAT, Q2 2017, RIG, second quarter, ShadowBrokers, Tamy Stewart, tech support scams, Thomas Reed, Troldesh, WannaCry, WDFLoad, William Tsing

Credit to Author: Malwarebytes Labs| Date: Thu, 06 Jul 2017 19:06:53 +0000

The second quarter of 2017 left the security world wondering, “What the hell happened?” With leaks of government-created exploits being deployed against users in the wild, a continued sea of ransomware constantly threatening our ability to work online, and the lines between malware and potentially unwanted programs continuing to blur, every new incident was a wakeup call.In this report, we are going to discuss some of the most important trends, tactics, and attacks of Q2 2017, including an update on ransomware, what is going on with all these exploits, and a special look at all the breaches that happened this quarter.

Categories:

Malwarebytes news

Tags: ad fraud adam kujawa Adam McNeil adware Amazon Phishing Armando Orozco astrum boaxxee breach breaches cerber cybercrime tactics & techniques cybercrime tactics and techniques dok DoublePulsar EK EternalBlue EternalPetya exploit kit Findzip fireball handbrake Jaff Jean-Philippe Taggart Jerome Segura kovter Locky Magnitude Malwarebytes malwarebytes labs Marcelo Rivero Nathan Collier NotPetya NSA nymain petya Pieter Artnz proton proton RAT Q2 2017 RIG second quarter ShadowBrokers Tamy Stewart tech support scams Thomas Reed Troldesh WannaCry WDFLoad William Tsing

MalwareBytes Security

Malwarebytes Labs Presents: The Cybercrime Tactics and Techniques Report

March 6, 2017 admin 2016, ad fraud, Cerber, cybercrime, Kovter, Locky, malware, malwarebytes labs, predictions, ransomware, report, Threat analysis, trends

Credit to Author: Malwarebytes Labs| Date: Mon, 06 Mar 2017 18:04:31 +0000

In our first wrap-up of the threat landscape, we are going to cover the trends observed during the last few months of 2016, provide an analyst’s view of the threats, and offer some predictions for the beginning of 2017. Moving forward, every quarter we will bring you a view of the threat landscape through the eyes of Malwarebytes researchers and analysts.

Categories:

Tags: 2016 ad fraud cerber cybercrime kovter Locky malwarebytes labs predictions ransomware report trends

Microsoft Security

Improved scripts in .lnk files now deliver Kovter in addition to Locky

February 2, 2017 admin .Lnk embedded PowerShell command, Antimalware research for IT pros and enthusiasts, Kovter, Locky, Powershell, ransomware

Cybercriminals are using a combination of improved script and well-maintained download sites in trying to install Locky and Kovter on more computers. A few months ago, we reported an email campaign distributing .lnk files with a malicious script that downloaded Locky ransomware on target computers. Opening the malicious .lnk files executed a PowerShell script that…

Microsoft Security

Kovter becomes almost file-less, creates a new file type, and gets some new certificates

January 23, 2017 admin Antimalware research for IT pros and enthusiasts, Kovter, malvertising, Trojan

Trojan:Win32/Kovter is a well-known click-fraud malware which is challenging to detect and remove because of its file-less persistence on infected PCs. In this blog, we will share some technical details about the latest changes we have seen in Kovter’s persistence method and some updates on their latest malvertising campaigns. New persistence method Since June 2016,…

Microsoft Security

Large Kovter digitally-signed malvertising campaign and MSRT cleanup release

January 23, 2017 admin Kovter, Locky, Macro-based malware, Malvertising campaign, maps, MSRT, ransomware, Trojan, Windows Defender, Windows Defender for Windows 10

Kovter is a malware family that is well known for being tricky to detect and remove because of its file-less design after infection. Users from United States are nearly exclusively being targeted, and infected PCs are used to perform click-fraud and install additional malware on your machine. Starting April 21, 2016, we observed a large…