Yesterday our colleagues from Sophos reported a new piece of Trojan malware titled Troj/ZBot-EUM. The attack delivers a ZIP file which contains an executable.
Our investigation shows that the Trojan we received (the title Trojan.Malaria.13001 uses our own naming convention) is a variation of the one detected by Sophos (first seen on 26th of April 2013) and we are hopeful that the evidence we have collected will help other security researchers, AV and Anti-Malware companies. (more…)
Our colleagues from FireEye recently discovered a zero-day malware attack which made use of an exploit for Adobe as described in and article titled “Adobe Investigating Reports of Reader Zero-Day Exploit”. In addition to this, Symantec Security Response published some interesting details of the inner workings of this attack in their article New Adobe PDF Zero-day Unleashes Trojan.Swaylib.
We have done additional research using a malicious file titled Mandiant.pdf (2A42BF17393C3CAAA663A6D1DADE9C93) and found additional details or what is possibly a newer variation on this attack. With our research we not only confirm the prior findings that several files were being dropped, but also have observed even more malicious files being dropped in the overall attack than have been reported. This is a sophisticated attack and we are sure there will be more details to come. (more…)