Malware

The Children of CryptoLocker, Part 1. Critroni, CryptoWall, DirCrypt

Date: 10/12/2015

Author: Drobotun

The first examples of malware that encrypts files and then demands money for decryption appeared a long time ago. Just remember Trojan.Xorist with its primitive encryption algorithm based on XOR, or Trojan.ArchiveLock written in PureBasic, which used regular WinRAR for encryption and Sysinternals SDelete for deleting encrypted files, and demanded as much as five thousand dollars for decryption. However, it was CryptoLocker that established the bad trend among virus writers to use the latest achievements in cryptography as quite stable encryption algorithms. Today, we will investigate several encryption-based trojans which emerged after the notorious spread of CryptoLocker on the internet (or at the same time).

Read full article →

Crypto-Ransomware: Russian Style. Large-scale Research on Russian Ransomware

Date: 19/11/2015

Author: Fyodor Sinitsyn

Nowadays the Russian segment of the Web is not dominated by CryptoWall or CTB-Locker, Russia has seen the formation of an "ecosystem" consisting of other types of ransom trojans, which generally don't enter the global arena. Today, we will learn about some of them and, as a bonus, we will briefly run through some "fashionable" trends in global ransomware.

Read full article →

What data Windows 10 sends to Microsoft and how to stop it

Date: 14/10/2015

Author: hackmag

Since its rise Windows was a natural habitat for all kinds of malware. Now the OS itself seems to have become one big trojan. Right after being installed it starts acting weird. The data flows in rivers to dozens of servers belonging to Microsoft and its partner companies. We will try to look into complaints of espionage manners of Windows 10 and find out what data it sneaks and where it sends it.

Read full article →

Сode injections for Windows applications

Date: 14/10/2015

Author: hackmag

Code Injection is a process of injection code (often malicious) into third party application’s memory. A lot of software is using this technique: from malware to game bots. To show this approach, let’s try to execute third party application’s internal function with our own parameters, hacking simple application. Warning, C and debugger knowledge are required!

Read full article →

How to use WSUS to get control over Windows

Date: 14/10/2015

Author: Alexey Turin

This was one of the most interesting attacks showed on Black Hat Las Vegas 2015. Let’s imagine the situation: there’s a large park of Windows computers in a large organization, and they all need to be updated. Obviously, getting all of them to download updates over the Internet is both pricy and uncomfortable. The common solution is a WSUS (Windows Server Update Services) server, which is used to manage updates. It downloads the updates and delivers them to all other computers.

Read full article →

Malware for OS X: Full Chronicle

Date: 14/09/2015

Author: Vladimir Tregubenko

According to Kaspersky Lab, the number of malicious programs targeting Apple products is nearing 1800. In the first eight months of 2014 alone, researchers have found some 25 new families of malware for OS X.

Read full article →

The Smallest Trojan of Modern Age

Date: 22/09/2014

Author: hackmag

It all started two years ago, when many antivirus companies tried to outdo each other with reports on catching a new malware with full-fledged functionality aimed at taking away cash from users of different online banking systems while fitting just in 19968 bytes of code.

Read full article →