HackDig : Dig high-quality web security articles for hackers

A Glimpse at Petya Ransomware

Ransomware has become an increasingly serious threat. Cryptowall, TeslasCrypt and Locky are just some of the ransomware variants that infected large numbers of victims. Petya is the newest strain and the most devious among them. Petya will not only encrypt files but it will make the system completely useless, leaving the victim no choice but to pay for the r
Publish At:2016-11-21 23:35 | Read:8798 | Comments:0 | Tags:Featured ThreatTrack Security Labs cybersecurity information

A Look at the Cerber Office 365 Ransomware

Reports of a Zero-day attack affecting numerous Office 365 users emerged late last month (hat tip to the researchers at Avanan), and the culprit was a new variant of the Cerber ransomware discovered earlier this year. As with the other Zero-day threats that have been popping-up like mushrooms of late, the main methods of infection is through the use of Offic
Publish At:2016-11-21 23:35 | Read:6683 | Comments:0 | Tags:Featured ThreatTrack Security Labs cerber cerber office 365

Zepto Ransomware Packed into WSF Spam

ThreatTrack Labs has recently observed a surge of spam containing a zip attachment with a WSF (Windows Scripting File) to deliver Zepto ransomware. This tactic is a change from the common JavaScript and macro documents being spammed previously. Here are actual emails featuring familiar social engineering tactics: The zip attachments contain the WSF. &nbs
Publish At:2016-11-21 23:35 | Read:9620 | Comments:0 | Tags:Featured Security news Technology news ThreatTrack Security

Donoff Macro Dropping Ransomware

Recently, we’ve spotted Zepto ransomware spreading through spam email containing fake invoices (see image below). These attachments contain a Macro-Enabled word document file known as Donoff, which downloads the Zepto executable that encrypts all your files and will later ask for payment of the decryption key. We decided to take a closer look on the D
Publish At:2016-11-21 23:35 | Read:5837 | Comments:0 | Tags:ThreatTrack Security Labs Web threats donoff infected macro

JSE File Downloads Zepto then Cerber 3 Ransomware

It’s like the Russian nesting doll of ransomware. We found this new ransomware delivery tactic particularly interesting and took a deeper look. Let’s start with some facts about a JSE File. A JSE File is an encoded JScript. The acronym stands for JScript Encoded File. This encoding can be done by the executable “screnc.exe” or by using Microsoft’s Scri
Publish At:2016-11-21 23:35 | Read:9668 | Comments:0 | Tags:ThreatTrack Security Labs cerber cerber 3 new cerber new zep

CryptoWall 4 Targets Booking.com Customers

ThreatTrack Security Labs researchers caught wind of a phishing email masking itself as a Booking.com email. The malware-disguised email includes an “E-TICKET_CONFIRM.doc” attachment that, once downloaded, walks the user through steps to enable embedded macro codes that infect the computer with CryptoWall. CryptoWall 4 masked as a Bookings.com email. How It
Publish At:2016-01-29 04:50 | Read:5645 | Comments:0 | Tags:ThreatTrack Security Labs CryptoWall cybersecurity ransomwar

Microsoft Help File Malware Targets JPMorgan Chase Customers

A fresh malware sample was recently spotted using an attached Microsoft Compiled HTML (Help file) attached to spam messages. A Microsoft Help file is a binary file, which encompasses a set of HTML files; it usually has a .chm or .hlp extension. The malicious help file malware analyzed – a .chm file – arrived via spam email posing as coming from J
Publish At:2015-06-09 06:40 | Read:4081 | Comments:0 | Tags:Featured ThreatTrack Security Labs Vulnerabilities chm Dyre

Dyre Botnet Using Malicious Microsoft Word Macros

The Dyre group, a major malware spam producer, has changed their initial malware dropper to utilize Microsoft Word document macros instead of the usual executable types, such as .exe files contained in a .zip. Dyre’s Hedsen spambot, responsible for the bulk of Upatre emails we’ve been tracking, now uses a template to send infected-macro Word files as s
Publish At:2015-06-09 06:40 | Read:5824 | Comments:0 | Tags:Featured ThreatTrack Security Labs botnet Dyre macro microso

Dyre Spreading Using Code-Signing Certificates, HTTPS

ThreatTrack Security Labs researchers have confirmed the credential-stealing Trojan Dyre  is using a new dropper — and a valid digital certificate — to carry out its dirty work over HTTPS connections. The Ruckguv downloader works by injecting a dll into an instance of Windows Service Host (svchost.exe). Windows Service Host then uses HTTPS to download Dyreza
Publish At:2015-04-22 05:50 | Read:5030 | Comments:0 | Tags:Featured ThreatTrack Security Labs certificate Dyre https ru

FREAK SSL Bug Forces Security Makers to Scramble for a Fix

On March 3, security researchers noted that an age-old SSL bug—in existence for more than 10 years—allows hackers under the right conditions to exploit a man-in-the-middle attack and gain access to potentially sensitive information. FREAK (Factoring RSA-EXPORT Keys) SSL relies on outdated ‘export grade’ cryptography settings, which are still contained within
Publish At:2015-03-11 01:45 | Read:3659 | Comments:0 | Tags:Featured ThreatTrack Security Labs bug FREAK rsa SSL web bro

Dyre Targets More Websites

The Dyre Trojan has expanded its attack vectors, aiming to harvest sensitive data from an expanding list of targeted websites. Previously, Dyre had been known to seek out banking credentials as its primary targets, but ThreatTrack Security Labs researchers recently discovered multiple new types of domains, which have become part of Dyre’s standard target ind
Publish At:2015-03-07 01:40 | Read:3397 | Comments:0 | Tags:Featured ThreatTrack Security Labs Dyre file hosting income

Dyre Spambots Use JJencode to Broaden Distribution

January was a busy month for the developers of Dyre/Dyreza. The group reintroduced their Upatre link spam with some additional subterfuge. This article will explore two types of spambots that Dyre utilizes;  the following diagram presents a simplified visual on how each type executes. Differences between two current Dyre spambots. Dyre bot operators have sta
Publish At:2015-02-10 01:45 | Read:5902 | Comments:0 | Tags:Featured ThreatTrack Security Labs Dyre Dyreza jjencoded spa

Spammers Accelerate Dyre Distribution

ThreatTrack Security Labs researchers continue to monitor the evolution Dyre (aka Dyreza), the banking-credential-stealing Trojan that appears to be quickly filling the gap left by the takedown of GameOver Zeus. We reported earlier on how Dyre has been associated with malicious spam utilizing the Upatre downloader, and our researchers also cited how Dyre’s l
Publish At:2014-12-12 23:00 | Read:6944 | Comments:0 | Tags:Featured ThreatTrack Security Labs ADP Spam American Express

Dyre Recruiting CareerBuilder.com Users

Job seekers beware. A login-credential-stealing Trojan is trying to steal your email address and password when you access CareerBuilder.com. We recently reported on the evolution of Dyre as observed by ThreatTrack Security Labs. The latest developments to this data-stealing Trojan, also known as Dyreza, is an expanded list of targeted sites, including the ad
Publish At:2014-12-12 23:00 | Read:5741 | Comments:0 | Tags:Featured ThreatTrack Security Labs careerbuilder scam career

Spammers Cast Email Snares for Holiday Shoppers

ThreatTrack Security Labs recently identified some unsurprising holiday shopping threats via a seasonal malware delivery ploy: malicious holiday shopping spam. This particular campaign targeted customers of major retailers with a Thanksgiving Day message, but it would be best to stay on guard for similar ploys throughout the holiday season as predicted recen
Publish At:2014-12-03 23:00 | Read:8682 | Comments:0 | Tags:Featured Scams ThreatTrack Security Labs asprox best buy hol


Tag Cloud