Posts tagged cybersecurity

ChewBacca – a TOR based POS malware

Point-of-sale terminal software appears to be an easy target in general for many attackers. There have recently been several high profile, and most likely non-coordinated, attacks on different retailers across the globe. Not long ago, RSA uncovered a POS malware that steals payment card and personal identification information.

After running the malicious executable through our Vinsula Execution Engine (VEE) to analyze its behavior, I found out that this POS malware is very different from the notorious BlackPOS/Kartoxa malware used in the Target attack. (more…)

Facebook-spread Adobe Update Malware Dissected and Source Code Revealed

A week ago security researcher Dancho Danchev published an excellent post – Fake Adobe Flash Player Serving Campaign Utilizes Google Hosting/Redirection Infrastructure, Spreads Across Facebook

I was curious to learn more about this malware, so I ran the rogue binary (Adobe Flash Update titled FlashGuncelle.exe) through our Vinsula Execution Engine (VEE) to analyze its behavior, and I also delved into specific facets of its source code. (more…)

Scripting Bot Malware: No Need to Learn C to Launch a Cyber Attack

T wo weeks ago we came across a piece of malware that turned out to be a full-blown bot—one that is capable of taking full control over a user’s machine, and all encapsulated within less than 3K lines of source code!  What’s scary is that writing it required no special skills.  Access to some existing tools—and of course the desire to write malicious code—was all the author needed. (more…)

Trojan.Plague.13604.B – Behavioral Signature Analysis of Mutopy Malware using Vinsula

A critical part of recent malware binaries is the executable component responsible for downloading the actual malware from a designated malware server.

Our colleague, security researcher Mila Parkour, published a link to a great post at DeepEnd Research (posted by Andre M. DiMino) with some interesting results about a downloader/trojan dubbed Trojan.Plague.13604.B. This malware is a variation of Mutopy  – Win32 found by Sophos.

Trojan.Malaria.13002 – Malware Behavioral Signature Analysis

Given the widespread continued use of spear phishing campaigns, it generally wise to approach any emails containing attachments or links to archives with a heavy dose of caution—especially when the email comes from an unknown sender.

Over the last two days I received several emails from a sender that I didn’t recognize, and proceeded to analyze the attachment with our own Vinsula Execution Engine, allowing me quickly build a behavioral profile the potential malware. Not surprisingly, the report generated by Vinsula showed clear indications that the attachment is malicious. We have titled this malware Trojan.Malaria.13002. (more…)

The Social Engineering Behind a Malware Campaign


Many of you have experienced phishing attacks, which often come in the form of attempts to illicitly gather personal information by impersonating a person or organization that is a known entity to the target. This may come in the form of an email purporting to be from your bank that actually connects to a compromised web site being used to gather your bank login information, or an email pretending to be from a friend or relative who claims to be stranded in Cyprus without cash or credit cards, and is in desperate need of $3,000 to “get out of a bind.”  Attacks such as these have in the past been relatively easy for the moderately cautious netizen to recognize—one phone call can verify that a relative is at home in Jersey and not in Cyprus, and a close look at the link in the bank email usually reveals a URI that does not actually resolve to the bank’s servers. (more…)

Go to Top