Andromeda is a botnet that has had a long history. The latest version is now 2.09, which most active bots would have already received. Recently, however, our FortiGuard Labs Threat Intelligence system was able to capture the activities of a previous variant of Andromeda that is apparently still alive. During our analysis, we found that it is a cracked version of an old variant, and the author used it for spreading a Bitcoin miner. Andromeda 2.06 The network traffic of most Andromeda variants are very similar - the sent data is Base64-encoded,... [Read More]
by RSS He Xu  |  Jan 07, 2015  |  Filed in: Security Research
CryptoWall is another entry in the popular category of malware known as ransomware. This type of malware holds your data hostage by encrypting your files and then charging a ransom to decrypt the files. The malware displays a message informing the victim that their files have been encrypted and that they have a limited time to pay the ransom before the cost of recovery goes up. To maximize their anonymity, the malware authors use the TOR network and require the ransom to be paid in Bitcoins, a trend that we are seeing more and more often. Figure... [Read More]
by RSS Brian Cheng  |  Aug 05, 2014  |  Filed in: Security Research