La Fabrique du Mensonge sur France 5

La Fabrique du Mensonge sur France 5
Dimanche dernier a été diffusé sur la chaîne de télévision publique France 5 un documentaire inédit intitulé « La Fabrique du Mensonge ». En trois parties, ce film revient sur plusieurs controverses récentes liées à Internet : le Brexit, l’élection présidentielle française de 2017 et les antivaccins. L’occasion de revenir sur les dispositifs mis en ...

Trickbot: From dyre straits to most valuable Trojan

12. October 2017 Banking, Trojan 0
Trickbot: From dyre straits to most valuable Trojan
Trickbot is the new big player in Trojan town. It appeared at the end of 2016 and has since been successful enough to be distributed alongside Locky. Functionality-wise, Trickbot is a regular trojan with a modular architecture. It can be used to pilfer into your computer data and intercept logins to banks or business sites. ...

NotPetya, FakeCry, and after?

NotPetya, FakeCry, and after?
In the past weeks, we have seen interesting developments on the use of malicious code against business victims. Generally, businesses are victims of Trojans or Ransomwares via massive spam (botnet) or by more subtle mailing (mimicking business entities). Worms were a thing of the past until Wannacry (or Wannacrypt) ransomware appeared in May. Its use of ...

JBifrost: In Cold Blood

11. January 2017 Java RAT 0
JBifrost: In Cold Blood
Following the last blog post, we will do a more technically-oriented analysis of the Adwind/JBifrost RAT. First we will do a quick review of the RAT since last September.   Latest news concerning JBifrost   The site jbifrost.com is no more hosting the forum and store. Now it’s simply redirecting to a developer website called ...

JBifrost: A Song of Ice and Malware

14. September 2016 Java RAT 0
JBifrost: A Song of Ice and Malware
In this new post, I’ll talk about a current and active threat which is nowadays known as JBifrost, but previously known as JSocket/Alienspy/Unrecom/Adwind/Frutas (a lot of names since 2012!). The most generic name being Adwind. This malware is categorized as a Remote Access Trojan (RAT) and has the particularity to be coded in Java. Adwind ...

CryptoLocker – the Pioneer

CryptoLocker – the Pioneer
Overview Name: CryptoLocker Other names: – Apparition: 2013-09 Peek in popularity: 2013-11 (based on Google Trends) Status: Extinct Disappearance: 2014-06 (cause: Operation Tovar) Distribution vectors: Malspam: used massively at the beginning, then marginally with PPI Pay-Per-Install: via GOZ botnet (Game-Over Zeus) Affiliation program: Yes (exclusively with GOZ?) Group ties: Zeus or “business club” (Slavik and ...