HackDig : Dig high-quality web security articles

Three interesting changes in malware activity over the past year

Every day, our Lastline sensors observe millions of files that our customers download from the Internet or receive as email attachments. These files are analyzed and, in many cases, executed or opened inside our sandbox. The sandbox is a secure, instrumented analysis environment where we can safely look for interesting behaviors that indic
Publish At:2016-04-01 04:40 | Read:6896 | Comments:0 | Tags:Evasive Malware Bank Malware Lastline Labs Banking Trojan Br

Defeating Darkhotel Just-In-Time Decryption

Authored by: Arunpreet Singh and Clemens KolbitschThe use of runtime-packing of malware has long become the standard to defeat traditional AV products. At the same time, malicious programs are continuously becoming more evasive to avoid being detected by first-generation sandboxes. New waves of malware are now combining thes
Publish At:2015-11-06 05:35 | Read:5625 | Comments:0 | Tags:Evasive Malware Full-system Emulation APT Just-In-Time Decry

Lifting the Seams of the Shifu "Patchwork" Malware

Authored by: Clemens Kolbitsch and Arunpreet SinghAnother week comes to an end, another wave of evasive malware is attacking users. This week: Shifu. This malware family, termed an Uber Patchwork of Malware Tools in a recent DarkReading post, combines a plethora of evasive tricks to bypass traditional analysis systems,
Publish At:2015-09-05 05:30 | Read:3797 | Comments:0 | Tags:Evasive Malware Full-system Emulation APT Shifu Banking Troj

Turla: APT Group Gives Their Kernel Exploit a Makeover

Authored by: Arunpreet Singh, Clemens KolbitschThe Turla malware family is part of one of the most sophisticated malware families seen in the wild today. Given that the APT group behind this malware is suspected to be state-sponsored, the sophistication of the malicious code comes at no surprise - just like the fact that we
Publish At:2015-07-30 15:20 | Read:4536 | Comments:0 | Tags:Evasive Malware Turla Kernel exploits APT exploit

Exposing Rombertik - Turning the Tables on Evasive Malware

Authored by: Joe Giron, Clemens KolbitschWaves of evasive malware keep rolling in. The latest in the series: Rombertik. This malware variant uses a whole arsenal of ways to hide its functionality, including multiple layers of obfuscation to hinder static analysis, as well as stalling code to bypass execution in a sandbox.But even
Publish At:2015-05-14 15:25 | Read:4863 | Comments:0 | Tags:Evasive Malware Rombertik Malware Stalling Loop

Labs Report at RSA: Evasive Malware’s Gone Mainstream

This afternoon at the RSA Conference in San Francisco, I will present on “Evasive Malware: Exposed and Deconstructed.” During that presentation, I’ll lead a discussion around the dramatic growth of evasive malware, the increasingly sophisticated behaviors observed in the past year, and what that means for enterprise security professionals
Publish At:2015-04-21 22:20 | Read:6095 | Comments:0 | Tags:Evasive Malware Malware Analysis NGO Antivirus Detection Rat

Malware in the Wild: Evolving to Evade Detection

Advanced malware is behind many headline-grabbing data breaches, and untold others. It has evolved to elude detection by sensing its environment and – if anti-malware technology is detected – performing evasive maneuvers. Once it gains entry, the malware can lay dormant until the attacker chooses to strike. Malware has also developed symbi
Publish At:2015-04-15 19:40 | Read:4613 | Comments:0 | Tags:Evasive Malware Malware in the wild SXSW 2015

Dissecting Turla Rootkit Malware Using Dynamic Analysis

Many of today’s advanced persistent threats have been climbing up the ladder - quite literally: Instead of only using user-mode components, APTs more and more frequently include components that are running as part of the operating system kernel. These kernel components run with the same, or even higher, privileges than most security solutions, and are thus o
Publish At:2015-04-08 11:30 | Read:6389 | Comments:0 | Tags:Evasive Malware Turla Kernel Rootkit Analysis

Ninety Five Percent of Carbanak Malware Exhibits Stealthy or Evasive Behaviors

<p>We’ve talked a lot about the increasing sophistication of malware and the serious threats it poses. But it’s rare to be able to analyze malware that is evasive or stealthy and has already been deployed in the wild to carry out cybercrime without being detected by in-place security systems for months.</p> <p>From the Security Analyst Su
Publish At:2015-02-20 07:05 | Read:5285 | Comments:0 | Tags:Evasive Malware Bank Malware Carbanak Kaspersky Labs

Cybercriminals Use Citadel to Compromise Password Management and Authentication Solutions

New Configuration of Citadel Trojan Discovered by IBM Trusteer Researchers In these days of endless breaches, securing user access by enforcing unique, complex passwords and strong authentication is imperative. The onslaught of data breaches in the past year alone, with the majority of the breaches involving compromised credentials, forced users to constantl
Publish At:2014-11-20 03:50 | Read:6177 | Comments:0 | Tags:Banking & Financial Services Energy and Utility Malware Adva

Not so fast my friend - Using Inverted Timing Attacks to Bypass Dynamic Analysis

<div style="background: #FAFAFA; padding: 15px; margin-bottom: 20px; margin-top: -25px;"> <p style="margin-bottom: 0px; margin-top: 0px; font-size: 12px;">We're very happy that a lot of you are enjoying our research. If you'd like to discuss this topic with us, please tweet&nbsp;<a href="https://twitter.com/LastlineLabs">@LastlineLab
Publish At:2014-11-19 03:00 | Read:5873 | Comments:1 | Tags:Evasive Malware Dynamic Malware Analysis

The Malicious 1% of Ads Served

<p>Last week at <a href="http://conferences2.sigcomm.org/imc/2014/">IMC Vancouver 2014</a>, cyber-security researcher<a href="http://scholar.google.com/citations?user=SqRVbvsAAAAJ&amp;hl=en"> Apostolis Zarras</a> of Ruhr-University Bochum presented a research paper entitled “<a href="http://cs.ucsb.edu/~kapravel/publicati
Publish At:2014-11-15 04:30 | Read:4916 | Comments:1 | Tags:Evasive Malware Malvertising Wepawet

Recognizing Evasive Behaviors Seen as Key to Detecting Advanced Malware

Criminals and advanced attackers have long fortified malware with features that help malicious code stay hidden from analysis. We’ve seen malware samples that determine if they’re being executed in a sandbox or virtual machine, or over remote desktop protocol connections, and stay quiet until analysis passes. Other samples use layers and layers o
Publish At:2014-10-16 21:40 | Read:4284 | Comments:0 | Tags:Malware evasive malware Giovanni Vigna malware Malware detec

Automatically Detecting Evasive Malware

Malware has always been in continuous evolution: Throughout the years we have seen simple viruses become polymorphic, autonomous self-replicating code connecting to a master host and becoming a botnet, and JavaScript being used to launch increasingly sophisticated attacks against browsers. This last attack vector has become increasin
Publish At:2014-08-09 12:42 | Read:5259 | Comments:0 | Tags:Malware Research Evasive Malware

Using High-Resolution Dynamic Analysis for BHO Trigger Detection

Looking at how malware analysis engines evolved over the last decade, the trend is quite obvious: Dynamic analysis systems are replacing purely static ones or at least combine elements from both approaches. While the advantages of dynamic analysis are convincing - resilience against code obfuscation or encryption - attackers have various techniques at hand t
Publish At:2014-08-09 12:42 | Read:6353 | Comments:0 | Tags:Evasive Malware Lastline Analyst


Share high-quality web security related articles with you:)
Tell me why you support me <3