HackDig : Dig high-quality web security articles for hacker

Zepto Ransomware Packed into WSF Spam

ThreatTrack Labs has recently observed a surge of spam containing a zip attachment with a WSF (Windows Scripting File) to deliver Zepto ransomware. This tactic is a change from the common JavaScript and macro documents being spammed previously. Here are actual emails featuring familiar social engineering tactics: The zip attachments contain the WSF. &nbs
Publish At:2016-11-21 23:35 | Read:8038 | Comments:0 | Tags:Featured Security news Technology news ThreatTrack Security

Donoff Macro Dropping Ransomware

Recently, we’ve spotted Zepto ransomware spreading through spam email containing fake invoices (see image below). These attachments contain a Macro-Enabled word document file known as Donoff, which downloads the Zepto executable that encrypts all your files and will later ask for payment of the decryption key. We decided to take a closer look on the D
Publish At:2016-11-21 23:35 | Read:4238 | Comments:0 | Tags:ThreatTrack Security Labs Web threats donoff infected macro

Zepto Evasion Techniques

We’ve been tracking some more spam dropping Zepto ransomware variants. Like earlier posts, we’re seeing infected attachments with malicious macro scripts used as the entry point for the threat actor. (See images below of some recent spam samples.) As we dig deeper into our analysis, we found out that these macro scripts are not crafted manually.
Publish At:2016-11-21 23:35 | Read:8318 | Comments:0 | Tags:Featured Web threats donoff engine limitation evasion ransom

TESCO Online Banking / Credit Card Customers: Watch where you’re logging in

If you do your online banking with TESCO, or indeed have a credit card with them you may want to be on the lookout for the following website which is hosting a rather large tally of login pages. The site in question is mrqos(dot)com(dot)au/kate/tess/tescr/login(dot)html and that particular site was flagged not so long ago in the Zone-H defacement mirror, wit
Publish At:2014-08-15 09:18 | Read:3662 | Comments:0 | Tags:ThreatTrack Security Labs Web threats banking compromise phi

A Look Inside a CVE-2013-3918 Exploit

Editor’s Note: Berman Enconado is a senior software security engineer in the Security Labs. He’s been in the industry for more than 10 years and has given talks to local universities on several occasions as part of the company’s security awareness drives. Last November 8, our friends at FireEye had discovered an exploit malware that targets
Publish At:2014-08-15 09:18 | Read:3113 | Comments:0 | Tags:Featured ThreatTrack Security Labs Web threats CVE-2013-3918

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud