Exploit This

Security News, Exploits, and Vulnerabilities.

Malicious code and the Windows integrity mechanism

My goal wasn’t to review the techniques of elevating system privileges. Here, I wanted to look at the overall picture and talk about the whole range of Windows operating systems in all their diversity dating back to Windows Vista, but without discussing specific versions.

Kaspersky Security Bulletin. Predictions for 2017

Yet another year has flown past and, as far as notable infosec happenings are concerned, this is one for the history books. Drama, intrigue and exploits have plagued 2016 and, as we take stock of some of the more noteworthy stories, we once again cast our gaze forward to glean the shapes of the 2017 threat landscape.

Inside the Gootkit C&C server

In September 2016, we discovered a new version of Gootkit with a characteristic and instantly recognizable feature: an extra check of the environment variable ‘crackme’ in the downloader’s body. Just as interesting was the fact that we were able to gain access to the bot’s C&C server, including its complete hierarchal tree of folders and files and their contents.

Shade: not by encryption alone

We recently found that a new logic in the latest version of the Shade encryptor currently being spread widely within the territories of Russia and CIS. On the basis of this logic, the ransomware checks the computer for any involvement in accounting activities and, if the check is successful, installs remote control tools into the compromised system instead of encrypting the victim’s files.

Lurk Banker Trojan: Exclusively for Russia

We have written about this banker Trojan before. It caught our attention almost as soon as it appeared because it used a fileless spreading mechanism – malicious code was not saved on the hard drive and ran in memory only. However, until now no detailed description of Lurk had been published.

Locky: the encryptor taking the world by storm

In February 2016, the Internet was shaken by an epidemic caused by the new ransomware Trojan Locky. The Trojan has been actively propagating up to the present day. Kaspersky Lab products have reported attempts to infect users with the Trojan in 114 countries around the world. Analysis of the samples has shown that this Trojan is a brand new ransomware threat, written from scratch. So, what is Locky, and how can we protect against it?

Kaspersky Security Bulletin 2015. Overall statistics for 2015

In 2015, virus writers demonstrated a particular interest in exploits for Adobe Flash Player. The proportion of relatively simple programs used in mass attacks was growing. Attackers have mastered non-Windows platforms – Android and Linux: almost all types of malicious programs are created and used for these platforms.

Kaspersky Security Bulletin 2015. Top security stories

The end of the year is traditionally a time for reflection – for taking stock of our lives before considering what lies ahead. We’d like to offer our customary retrospective of the key events that have shaped the threat landscape in 2015.

Coinvault, are we reaching the end of the nightmare?

After obtaining the new MD5 hashes for the CoinVault files, we set out to find more clues, more files, and to analyse what these new malware variants had to reveal. However, the best thing was that, based on our analysis, the National High Tech Crime Unit of the Dutch police was able to apprehend two suspects last Monday.

The Shade Encryptor: a Double Threat

A family of ransomware Trojans emerged in late 2014/early 2015, and quickly established itself among the top three most widespread encryptors. This threat has been assigned the verdict Trojan-Ransom.Win32.Shade according to Kaspersky Lab’s classification. The original name given to the encryptor by its creator is not known.

%d bloggers like this: