Viruses & Malware
New analysis of the command and control panel and attack mechanisms of the Dridex banking Trojan shows the malware is being used in a wider range of malicious campaigns -- and likely by a different set of threat actors than before.
Spain-based security vendor buguroo says it recently was able to leverage a surprisingly easy-to-exploit weakness in the C&C infrastructure of Dridex to gain unprecedented visibility into how exactly the malware is being used.
A major UK newspaper is cleaning up its website after a criminals tried to deliver ransomware to thousands of its readers.
The attack affected the blogs section of The Independent newspaper's website, Joseph C. Chen, a fraud researcher with Trend Micro, said in a blog post Tuesday.
"We have already informed The Independent about this security incident and are working with them to contain the situation," Chen wrote. "For their part, the news website staff was quick to respond and take action to mitigate the risk this event posed to the website itself and its user base."
There is a constant cat and mouse game between malware, security software companies and computer users, and the chance of one side winning the battle seems slim at best.
Malwarebytes revealed recently on Malwarebytes Unpacked how Vonteera, a malware previously classified as adware, operates.
While it may not be of interest to many how that particular malware operates, the methods that it uses to infect computer systems and remain on them may very well be as they are used by other malware as well.
Three new families of "auto-rooting adware," detailed by security researchers at Lookout, are "a worrying development in the Android ecosystem" because each can root the device and install itself as a system application, making the contamination virtually impossible to remove as the infection is designed to survive even a "factory data reset" device wipe.
Security firm FireEye has discovered a malicious backdoor program called SYNful Knock that could let hackers use Cisco’s routers to deploy attacks on a broad scale.
The implant is the same size as the Cisco router image, and it’s loaded each time the router is restarted. The program supports up to 100 modules that can be tailored to the attacker’s needs.