MENUMenuIcon OUR STORY

SLASHNEXT LABS

THE KNOWLEDGE CENTER

VIEW CATEGORIESHIDE CATEGORIES

Author archives

Evolution of Scareware Scams

**YOUR COMPUTER HAS BEEN BLOCKED** Error # 3658eebc53c4218 Please call us immediately at: (8**) 77**-528* Have you ever seen pop-ups on your browser window showing these type of scary warnings? If yes, you are not alone. These pop-ups vary in terms of messaging. Some of them literally scream (using text to speech) that your computer is infected …

Rise and Fall of Sandboxes

Antivirus software initially relied heavily on signatures to identify malware and other object based threats.  Indeed, even today’s current AV products still primarily use a signature engine for detection.  Signatures were and are determined when a malware (or malicious file object) arrives in the hands of an antivirus firm, and is analyzed by malware researchers …

Kirk Ransomware Based on Star Trek Theme

Kirk is a newly discovered ransomeware. It is similar in function to other ransomeware but its authors (presumably fans of Gene Rodenberry’s iconic TV series) have borrowed character names for the encryption and decryption components. Two notable items related to Kirk are: The program is written in python which is quite uncommon for ransomware. The …

Felismus Malware

Felismus is a sophisticated Remote Access Trojan (RAT) and, to date, has been used in highly targeted campaigns. RATs allow an attacker to access the infected machine in much the same way one would access a remote machine using TeamViewer, WebEx, or Windows Remote Terminal, however without the infected user’s knowledge or consent. Felismus implements …

Zero-Hour Multi Brand Phish

Popular global brands like Yahoo, Gmail, Microsoft, and DropBox are commonly used for Credential Phishing attacks. Typically the attacker creates a replica of the brand’s Sign-in or Password recovery page and attempts to lure victims into entering their confidential information into the fake page. Today, at a large customer site, we witnessed a new twist to this …

Yahoo Email Phishing through Data URI

Hackers have come up with new and innovative way to perform credential phishing attacks. Typical credential phishing is done by creating look-a-like web pages hosted on compromised web servers or servers owned by the attacker himself. The problem for an attacker is that eventually signature based technologies catch up and black list these pages. Attackers have found …

Inside a Phishing Network

Credential Phishing is an effective way to snatch someone’s confidential information.  Hacker’s create a look-a-like login page matching a global brand’s login (Google, Yahoo, Microsoft) and send a phishing email containing a link to the fake page. When a victim clicks on the phishing link, the fake page (which exactly resembles the brand’s login page) is …

Jigsaw Ransomware

Jigsaw is the latest in a spate of Ransomware that encrypts files and offers to sell the victim a decryption key to get their data back.  Adding a new twist, Jigsaw threatens to delete one file every hour if the ransom is not paid in a timely manner. Jigsaw is capable of encrypting files that …

PowerWare – A malware built on lies

A couple of weeks ago the folks at Carbon Black discovered a new Ransomware strain that they dubbed “PowerWare”. What makes PowerWare interesting is its ability to encrypt files using the Windows PowerShell scripting language.  Unlike other Ransomware, Powerware doesn’t need to install a binary on the infected machine. When enabled, Macros inside a weaponized …

Mighty TeslaCrypt

Ransomware is not a new concept. Some early examples such as GpCode spread as early as 2006, but the recent surge of new highly advanced Ransomware is like nothing the world has ever seen. Most of what we see today can be traced back to CryptoLocker and CryptoWall.  These two ransomeware alone have netted their …