Wednesday, April 29, 2015
Blaze's Security Blog: Thoughts on Absolute Computrace
Blaze's Security Blog: Thoughts on Absolute Computrace: Introduction Not too long ago my friend and colleague from Sweden, Jimmy, contacted me in regards to a strange issue. In the firewall, he...
TorrentLocker changes it's name to Crypt0L0cker and bypasses U.S. computers - News
TorrentLocker changes it's name to Crypt0L0cker and bypasses U.S. computers - News
A new ransomware called Crypt0L0cker (the OHs have been replaced with
ZEROs) has been released that appears to be a new version of TorrentLocker.
This ransomware was first sighted at the end of April in European and
Asian countries and in Australia. Unlike TorrentLocker, for some reason
this variant is Geo-Locked so that it will not install on US based
computers. This ransomware is currently being distributed through emails
that pretend to be traffic violations or other government notices. At
this point it is unknown what encryption method is used and if its
possible to recover encrypted files. The ransom amount is currently set
for 2.2 Bitcoins.
A new ransomware called Crypt0L0cker (the OHs have been replaced with
ZEROs) has been released that appears to be a new version of TorrentLocker.
This ransomware was first sighted at the end of April in European and
Asian countries and in Australia. Unlike TorrentLocker, for some reason
this variant is Geo-Locked so that it will not install on US based
computers. This ransomware is currently being distributed through emails
that pretend to be traffic violations or other government notices. At
this point it is unknown what encryption method is used and if its
possible to recover encrypted files. The ransom amount is currently set
for 2.2 Bitcoins.
Monday, April 27, 2015
Without a Trace: Fileless Malware Spotted in the Wild | Security Intelligence Blog | Trend Micro
Without a Trace: Fileless Malware Spotted in the Wild | Security Intelligence Blog | Trend Micro
With additional analysis from David Agni
Improvements in security file scanners are causing malware authors to
deviate from the traditional malware installation routine. It’s no
longer enough for malware to rely on dropping copies of themselves to a
location specified in the malware code and using persistence tactics
like setting up an autostart feature to ensure that they continue to
run. Security file scanners can easily block and detect these threats.
A tactic we have spotted would be using fileless malware. Unlike most
malware, fileless malware hides itself in locations that are difficult
to scan or detect. Fileless malware exists only in memory and is written
directly to RAM instead of being installed in target computer’s hard
drive. POWELIKS
is an example of fileless malware that is able to hide its malicious
code in the Windows Registry. These use a conventional malware file to
add the entries with its malicious code in the registry.
With additional analysis from David Agni
Improvements in security file scanners are causing malware authors to
deviate from the traditional malware installation routine. It’s no
longer enough for malware to rely on dropping copies of themselves to a
location specified in the malware code and using persistence tactics
like setting up an autostart feature to ensure that they continue to
run. Security file scanners can easily block and detect these threats.
A tactic we have spotted would be using fileless malware. Unlike most
malware, fileless malware hides itself in locations that are difficult
to scan or detect. Fileless malware exists only in memory and is written
directly to RAM instead of being installed in target computer’s hard
drive. POWELIKS
is an example of fileless malware that is able to hide its malicious
code in the Windows Registry. These use a conventional malware file to
add the entries with its malicious code in the registry.
Simple and easy ways to keep your computer safe and secure on the Internet
Simple and easy ways to keep your computer safe and secure on the Internet
This tutorial was created to provide tips and techniques for smart and
safe computing. When using these techniques you will not only protect
yourself and your data from hackers and viruses, but also keep your
computer running more smoothly and reliably. The advice in this tutorial
applies to all computer users and all operating systems, but we have
tried to point out specific steps for various operating systems as it
becomes necessary. By Lawrence Abrams
This tutorial was created to provide tips and techniques for smart and
safe computing. When using these techniques you will not only protect
yourself and your data from hackers and viruses, but also keep your
computer running more smoothly and reliably. The advice in this tutorial
applies to all computer users and all operating systems, but we have
tried to point out specific steps for various operating systems as it
becomes necessary. By Lawrence Abrams
Threat Spotlight: TeslaCrypt – Decrypt It Yourself
Threat Spotlight: TeslaCrypt – Decrypt It Yourself
This post was authored by: Andrea Allievi, Earl Carter & Emmanuel Tacheau
After the takedown of Cryptolocker, we have seen the rise of
Cryptowall. Cryptowall 2 introduced “features” such as advanced
anti-debugging techniques, only to have many of those features removed
in Cryptowall 3. Ransomware is becoming an extremely lucrative business,
leading to many variants and campaigns targeting even localized regions
in their own specific languages. Although it is possible that these
multiple variants are sponsored by the same threat actor, the most
likely conclusion is that multiple threat actors are jumping in to claim
a portion of an ever increasing ransomware market. One of the latest
variants is called TeslaCrypt and appears to be a derivative of the
original Cryptolocker ransomware. Although it claims to be using
asymmetric RSA-2048 to encrypt files, it is making use of symmetric AES
instead. Talos was able to develop a tool which decrypts the files
encrypted by the TeslaCrypt ransomware...
This post was authored by: Andrea Allievi, Earl Carter & Emmanuel Tacheau
After the takedown of Cryptolocker, we have seen the rise of
Cryptowall. Cryptowall 2 introduced “features” such as advanced
anti-debugging techniques, only to have many of those features removed
in Cryptowall 3. Ransomware is becoming an extremely lucrative business,
leading to many variants and campaigns targeting even localized regions
in their own specific languages. Although it is possible that these
multiple variants are sponsored by the same threat actor, the most
likely conclusion is that multiple threat actors are jumping in to claim
a portion of an ever increasing ransomware market. One of the latest
variants is called TeslaCrypt and appears to be a derivative of the
original Cryptolocker ransomware. Although it claims to be using
asymmetric RSA-2048 to encrypt files, it is making use of symmetric AES
instead. Talos was able to develop a tool which decrypts the files
encrypted by the TeslaCrypt ransomware...
Subscribe to:
Posts (Atom)