Trickbot: From dyre straits to most valuable Trojan

12. October 2017 Banking, Trojan 0
Trickbot: From dyre straits to most valuable Trojan
Trickbot is the new big player in Trojan town. It appeared at the end of 2016 and has since been successful enough to be distributed alongside Locky. Functionality-wise, Trickbot is a regular trojan with a modular architecture. It can be used to pilfer into your computer data and intercept logins to banks or business sites. ...

NotPetya, FakeCry, and after?

NotPetya, FakeCry, and after?
In the past weeks, we have seen interesting developmentsĀ on the use of malicious code against business victims. Generally, businesses are victims of Trojans or Ransomwares via massive spam (botnet) or by more subtle mailing (mimicking business entities). Worms were a thing of the past until Wannacry (or Wannacrypt) ransomware appeared in May. Its use of ...

JBifrost: In Cold Blood

11. January 2017 Java RAT 0
JBifrost: In Cold Blood
Following the last blog post, we will do a more technically-oriented analysis of the Adwind/JBifrost RAT. First we will do a quick review of the RAT since last September.   Latest news concerning JBifrost   The site jbifrost.com is no more hosting the forum and store. Now it’s simply redirecting to a developer website called ...

JBifrost: A Song of Ice and Malware

14. September 2016 Java RAT 0
JBifrost: A Song of Ice and Malware
In this new post, I’ll talk about a current and active threat which is nowadays known as JBifrost, but previously known as JSocket/Alienspy/Unrecom/Adwind/Frutas (a lot of names since 2012!). The most generic name being Adwind. This malware is categorized as a Remote Access Trojan (RAT) and has the particularity to be coded in Java. Adwind ...

CryptoLocker – the Pioneer

CryptoLocker – the Pioneer
Overview Name: CryptoLocker Other names: – Apparition: 2013-09 Peek in popularity: 2013-11 (based on Google Trends) Status: Extinct Disappearance: 2014-06 (cause: Operation Tovar) Distribution vectors: Malspam: used massively at the beginning, then marginally with PPI Pay-Per-Install: via GOZ botnet (Game-Over Zeus) Affiliation program: Yes (exclusively with GOZ?) Group ties: Zeus or “business club” (Slavik and ...

Beginnings: Ransomware

Beginnings: Ransomware
To inaugurate this blog, I’ll first make a series of post on the most prolific crypto-ransomware (past and present). The goal is to produce a clear timeline of the birth and death of the different families of crypto-ransomware. This article is just a guide to the series to come. First things first: What is a ...