You are here:-Anti-Malware


By | 2018-08-15T08:03:38+00:00 August 15th, 2018|Categories: Anti-Malware|

This month’s Microsoft Patch Tuesday includes important updates that patch two zero-day vulnerabilities that are already being actively exploited. The first of these zero day vulnerabilities is CVE-2018-8373, a use-after-free (UAF) vulnerability in VBscript engine that Trend Micro researchers found in Internet Explorer. This vulnerability bears many similarities to CVE-2018-8174, another VBscript engine

By | 2018-08-09T18:56:19+00:00 August 9th, 2018|Categories: Anti-Malware|

We have been observing a malvertising campaign via Rig exploit kit delivering a cryptocurrency-mining malware and the GandCrab ransomware since July 25. On August 1, we found Rig’s traffic stream dropping a then-unknown ransomware. Delving into this seemingly new ransomware, we checked its ransom payment page in the Tor network and saw it

By | 2018-08-09T18:41:28+00:00 August 9th, 2018|Categories: Anti-Malware|

By Federico Maggi, Marco Balduzzi, Ryan Flores, and Vincenzo Ciancaglini Website defacement — the act of visibly altering the pages of a website, notably in the aftermath of a political event to advance the political agenda of a threat actor— has been explored in our various research works. We broke down top defacement campaigns

By | 2018-08-07T18:33:19+00:00 August 7th, 2018|Categories: Anti-Malware|

The financial industry has seen several changes in terms of technology, including new ATM capabilities and the increasing use and popularity of cryptocurrencies. These two intersect in what’s known as a Bitcoin (BTC) ATM. Although it looks similar to a regular ATM, a Bitcoin ATM differs in certain important aspects. Perhaps the most

By | 2018-08-02T16:56:41+00:00 August 2nd, 2018|Categories: Anti-Malware|

The history of antimalware security solutions has shown that malware detection is like a cat-and-mouse game. For every new detection technique, there’s a new evasion method. When signature detection was invented, cybercriminals used packers, compressors, metamorphism, polymorphism, and obfuscation to evade it. Meanwhile, API hooking and code injection methods were developed to evade

By | 2018-08-01T04:30:57+00:00 July 31st, 2018|Categories: Anti-Malware|

By Anita Hsieh, Rubio Wu, and Kawabata Kohei Trend Micro detected a spam campaign that drops the same FlawedAmmyy RAT (remote access Trojan) used by a Necurs module to install its final payload on bots under bank- and POS-related user domains. The spam campaign was also found abusing SettingContent-ms – an XML format

By | 2018-07-23T14:20:15+00:00 July 23rd, 2018|Categories: Anti-Malware|

by Hubert Lin, Lorin Wu, and Vit Sembera The exploitation of open ports on devices has been an on-going problem for many IoT users. TCP port 5555, in particular, has had issues in the past due to product manufacturers leaving it open before shipping, which potentially exposes users to attackers. Recently, we found

By | 2018-07-18T00:51:27+00:00 July 17th, 2018|Categories: Anti-Malware|

Blackgear (also known as Topgear and Comnie) is a cyberespionage campaign dating back to 2008, at least based on the Protux backdoor used by its operators. It targets organizations in Japan, South Korea, and Taiwan, leveling its attacks on public sector agencies and telecommunications and other high-technology industries. In 2016, for instance, we

Comments Off on

By | 2018-07-17T12:40:46+00:00 July 16th, 2018|Categories: Anti-Malware|

In cooperation with IssueMakersLab of South Korea Reconnaissance plays a vital role in criminal operations, and some groups go to great lengths to investigate their targets’ systems. A recent example is the Andariel Group, a known branch of the notorious Lazarus Group. Last month we tracked new scouting techniques coming from Andariel, which

Comments Off on

By | 2018-07-13T23:39:51+00:00 July 13th, 2018|Categories: Anti-Malware|

by Tony Yang and Peter Lee (Consumer Yamato Team) Our IoT Smart Checker allows users to identify if connected devices (e.g. routers, network attached storage devices, IP cameras, and printers) in a given network are vulnerable to security risks and vulnerabilities, such as those related to Mirai, Reaper, and WannaCry. IoT Smart Checker

Comments Off on