The Russo-Ukrainian was continues to rage on in both the physical world and cyberspace, providing an ongoing stream of events to analyze and new security threats to study. While the world is focused on this conflict, other threat actors remains active and mostly unreported.
It’s often surprising how many malware programmers forget to do the simplest things. Mostly because many are so concerned with functionality, stealthiness and other production concerns, that details slip easily of their minds – a clear advantage to forensics. One of these details is the Program DataBase (PDB) information added by Visual Studio, which most malware authors used for Windows development. While it may seem innocuous, this string reveals a lot about the operating system used by the author, its user name and most notably, symbols that can be used by IDA and ease understanding of the disassembly.
As any conflict that happened in the 21st century, there is usually a parallel conflict raging online as well. Either commanded by individuals or groups, which can be helped or not by either government agencies or other interest groups, acts of cyberwarfare are getting more and more common. The conflict in the Gaza strip offers […]
The Register reports that malware creators are already using Mr. Obama’s popularity to distribute the Papras Trojan using spam, social engineering and Google Ads. Users usually receive an email from what seems a legitimate news sources such as CNN and BBC, inviting users to see the speech of Barack Obama on their website. The content […]
Russian criminals who are selling a fake anti-virus, “Antivirus XP 2008/2009” among others, have made more than 150 000$ in a week, according to the Sydney Morning Herald. If you have ever seen those annoying popups warning you that you might be infected with one or more viruses, then you probably came across this scam. “For […]
According to the latest Security Intelligence Report from Microsoft, malicious software installations on computers increased 38% in the U.S for 2008. Also, the number of “High Severity” vulnerabilities detected increased by 13% in the second half of 2007, putting the total of “High Severity” vulnerabilities to 48%. Downloaders and droppers, accounting for 30% of all […]