Monthly Archives: August 2017

RIG exploit kit distributes Princess Ransomware

We have identified a new drive-by download campaign that distributes the Princess Ransomware, leveraging compromised websites and the RIG exploit kit. This is somewhat of a change for those tracking malvertising campaigns and their payloads. We had analyzed the Princess … Continue reading

Posted in Antivirus | Comments Off on RIG exploit kit distributes Princess Ransomware

Locky ransomware adds anti sandbox feature

By Marcelo Rivero and Jérôme Segura The Locky ransomware has been very active since its return which we documented in a previous blog post. There are several different Locky campaigns going on at the same time, the largest being the one … Continue reading

Posted in Antivirus | Comments Off on Locky ransomware adds anti sandbox feature

Locky ransomware adds new anti sandbox feature

By Marcelo Rivero and Jérôme Segura The Locky ransomware has been very active since its return which we documented in a previous blog post. There are several different Locky campaigns going on at the same time, the largest being the one … Continue reading

Posted in Antivirus | Comments Off on Locky ransomware adds new anti sandbox feature

BSides Manchester: Malvertising – under the hood

I’ve talked about malvertising a fair bit at security events down the years and I was lucky enough to be able to add to the tally at this month’s BSides Manchester conference. Whether your preferred variety is desktop, mobile, or even … Continue reading

Posted in Antivirus | Comments Off on BSides Manchester: Malvertising – under the hood

Introducing WhiteBear

As a part of our Kaspersky APT Intelligence Reporting subscription, customers received an update in mid-February 2017 on some interesting APT activity that we called WhiteBear. Much of the contents of that report are reproduced here. WhiteBear is a parallel … Continue reading

Posted in Antivirus | Comments Off on Introducing WhiteBear

Malware vaccination tricks: blue pills or red pills

First, let me explain what I mean by malware vaccination tricks. Most of you will have heard about some of these. Vaccination tricks are in fact techniques that use safety checks done by malware against that same malware. The malware … Continue reading

Posted in Antivirus | Comments Off on Malware vaccination tricks: blue pills or red pills

Jimmy Nukebot: from Neutrino with love

“You FOOL! This isn’t even my final form!”style=”text-align:right”> In one of our previous articles, we analyzed the NeutrinoPOS banker as an example of a constantly evolving malware family. A week after publication, this Neutrino modification delivered up a new malicious … Continue reading

Posted in Antivirus | Comments Off on Jimmy Nukebot: from Neutrino with love

419 spam: 10 million US dollars, courtesy of “Rev. Goodluck Ebola”

I’m not saying an email claiming to be from the “Central Bank of Nigeria” with a contact handler named “Rev. Goodluck Ebola” will raise too many red flags, but… Click to Enlarge CENTRAL BANK OF NIGERIA OFFICE OF THE GOVERNOR … Continue reading

Posted in Antivirus | Comments Off on 419 spam: 10 million US dollars, courtesy of “Rev. Goodluck Ebola”

Inside the Kronos malware – part 2

In the previous part of the Kronos analysis, we took a look at the installation process of Kronos and explained the technical details of the tricks that Kronos uses in order to remain more stealthy. Now we will move on … Continue reading

Posted in Antivirus | Comments Off on Inside the Kronos malware – part 2

A week in security (August 21 – August 27)

In our blog posts, we announced the introduction of, and explained the necessity for, real-time protection for our Mac and Android users. Also explaining what you can expect them to do for you and answering the questions that we expect … Continue reading

Posted in Antivirus | Comments Off on A week in security (August 21 – August 27)