Trojan.Malaria.13001– New Adobe PDF Trojan Malware Found

Yesterday our colleagues from Sophos reported a new piece of Trojan malware titled Troj/ZBot-EUM. The attack delivers a ZIP file which contains an executable.

Our investigation shows that the Trojan we received (the title Trojan.Malaria.13001 uses our own naming convention) is a variation of the one detected by Sophos (first seen on 26th of April 2013) and we are hopeful that the evidence we have collected will help other security researchers, AV and Anti-Malware companies. (more…)

CVE-2013-0640 – Further Investigation into an Adobe PDF Zero-day Malware Attack

Our colleagues from FireEye recently discovered a zero-day malware attack which made use of an exploit for Adobe as described in and article titled “Adobe Investigating Reports of Reader Zero-Day Exploit”. In addition to this, Symantec Security Response published some interesting details of the inner workings of this attack in their article New Adobe PDF Zero-day Unleashes Trojan.Swaylib.

We have done additional research using a malicious file titled Mandiant.pdf (2A42BF17393C3CAAA663A6D1DADE9C93) and found additional details or what is possibly a newer variation on this attack. With our research we not only confirm the prior findings that several files were being dropped, but also have observed even more malicious files being dropped in the overall attack than have been reported. This is a sophisticated attack and we are sure there will be more details to come. (more…)

The Social Engineering Behind a Malware Campaign


Many of you have experienced phishing attacks, which often come in the form of attempts to illicitly gather personal information by impersonating a person or organization that is a known entity to the target. This may come in the form of an email purporting to be from your bank that actually connects to a compromised web site being used to gather your bank login information, or an email pretending to be from a friend or relative who claims to be stranded in Cyprus without cash or credit cards, and is in desperate need of $3,000 to “get out of a bind.”  Attacks such as these have in the past been relatively easy for the moderately cautious netizen to recognize—one phone call can verify that a relative is at home in Jersey and not in Cyprus, and a close look at the link in the bank email usually reveals a URI that does not actually resolve to the bank’s servers. (more…)

Go to Top