Exploit This

Security News, Exploits, and Vulnerabilities.

Operation Ghoul: targeted attacks on industrial and engineering organizations

We recently identified a cybercriminal operation targeting a large number of organizations, with focus on few countries more than others. Attackers are utilizing simple tools with proficient social engineering, highly successful with Industrial and engineering SMBs. Attacks are ongoing, slowly crippling businesses, spreading harm and ruin wherever they land, like a Ghoul.

The evolution of Brazilian Malware

Cybercrime in Brazil has changed drastically in the last few years, as it shifted from simple keyloggers to tailored remote administration tools that can run a complete attack by using the victim machine. As we know, they are in touch with cybercriminals from Eastern Europe, mainly Russians.

Spam and phishing in Q3 2015

In Q3 of 2015, the percentage of spam in email traffic accounted for 54.2%. The holiday season saw an increase in tourism-related malicious spam. Cybercriminals sent out fake notifications from well-known booking services, airlines and hotels, as well as emails from individuals. They typically included attached archives with different Trojan downloaders.

I am HDRoot! Part 2

Some time ago while tracking Winnti group activity we came across a standalone utility with the name HDD Rootkit for planting a bootkit on a computer. During our investigation we found several backdoors that the HDRoot bootkit used for infecting operating systems.

The rise of .NET and Powershell malware

The evils of the .NET and PowerShell ecosystems began in quite an innocent manner, gradually evolving into the convoluted cybercrime scene that we’ve come to know nowadays.

I am HDRoot! Part 1

Famous Chinese-speaking cybercriminal APT actor Winnti has been observed targeting pharmaceutical businesses. New threat, which Kaspersky Lab has called “HDRoot” after the original tool’s name “HDD Rootkit”, is a universal platform for a sustainable and persistent appearance in a targeted system, which can be used to launch any other tool.

Spam and phishing in Q2 2015

In Q2 2015, the percentage of spam in email traffic accounted for 53.4%. The USA (14.6%) and Russia (7.8%) remained the biggest sources of spam. China came third with 7.1%. The Anti-Phishing system was triggered 30,807,071 times on computers of Kaspersky Lab users.

The Rush for Windows 10 Infects PCs with Spy Trojan

Due to the high demand for Windows 10, Microsoft is releasing it gradually. This especially applies to certain countries.

Long live REcon – my 10th REcon anniversary

REcon 2015 was a great conference with many interesting talks and people. It is always great to meet other reverse engineers from all over the world and discuss new techniques, tools and research.

The Duqu 2.0 persistence module

We have described how Duqu 2.0 does not have a normal “persistence” mechanism. This can lead users to conclude that flushing out the malware is as simple as rebooting all the infected machines. In reality, things are a bit more complicated.

%d bloggers like this: