spam


Hancitor is one of the better-known malware downloaders due to its numerous SPAM runs and evolving delivery technique. It reminds us of Upatre, which gained notoriety status over the past two years but has now died down, possibly due to the takedowns of its major payloads. In the case of Hancitor, it still seen as a favourite carrier of very much active malware families such as Pony and Vawtrak. Just recently, we found a new spam campaign of Hancitor with some notable developments that may have been in the previous variants, but were not discussed... [Read More]
by RSS Joie Salvio and Rommel Joven  |  Nov 02, 2016  |  Filed in: Security Research
Recently we received a SPAM with an attachment, which is a password-protected Word document. Its MD5 is 6619356e9e0c9d2445bf777a8bea5d6a, which is detected as “WM/Agent.60F9!tr” by the Fortinet AntiVirus service. When the document is opened, the attached malicious VB script code is executed and additional malware is created and executed. Based on our analysis, this is information-stealing malware. In this blog, we’ll show you how the malware works, what information is stolen from a victim’s system, and how the stolen data... [Read More]
by RSS Xiaopeng Zhang  |  Oct 24, 2016  |  Filed in: Security Research
Spam has been an constant and chronic problem since the early days of the internet.  The first unsolicited mass e-mailing (later termed SPAM) was sent on May 1, 1978 by Gary Thuerk of Digital Equipment Corp (DEC) advertising the VAX T-series to 400 of the then 2600 ARPAnet users. The SMTP protocol we still use today for emailing, grew out of these early mail protocols used in ARPANET (Postel RFC788 and RFC821) in the early 1980's, and has changed relatively little since.  From its inception, the SMTP protocol had little (no)... [Read More]
by RSS Carl Windsor  |  Sep 09, 2016  |  Filed in: Security Research
Malware-as-a-Service (MaaS) business models continue to thrive in the cyber underground. It has allowed cyber crooks to generate renewable income through renting malware rather than selling their tool for a one-time payment. As a result, the business model has been adopted in various underground commodities such as exploit kits and remote access trojans. Recently, we saw the emergence of Ransomware-as-a-Service (RaaS) platforms. During our monitoring, we discovered that this same business model is also being used in phishing schemes in the form... [Read More]
by RSS Roland Dela Paz and Rommel Joven  |  Aug 31, 2016  |  Filed in: Security Research
Remote Administration Tools (RAT) have been around for a long time. They provide users and administrators with the convenience of being able to take full control of their systems without needing to be physically in front of a device. In this age of global operations, that’s a huge deal. From troubleshooting machines across countries to observing employees across rooms, RAT solutions have become widely used tools for remote maintenance and monitoring. Unfortunately, malware authors often utilize these same capabilities to compromise systems.... [Read More]
by RSS Floser Bacurio Jr. and Joie Salvio  |  Aug 29, 2016  |  Filed in: Security Research
As if using the Internet -- the Web in particular -- weren't already fraught with cyber-perils, users -- in offices on company LANs, as well as home-based and mobile individual users -- have to add "malvertising" to the list of things from which they need to protect themselves. "Malvertising," like the name suggests, means "ads that contain malware." Like other malware infection vectors, some mal-ads aren't dangerous unless you click on them -- but others can do "drive-by downloads," sneaking their... [Read More]
by RSS Daniel Dern  |  Jun 02, 2015  |  Filed in: Industry Trends
I’ve spent a lot of time over my career talking about education. K12, higher ed, virtual and blended learning, educational technology, you name it. I’ve even looked extensively at continuing education and professional development. As my focus has turned more to enterprise technologies and security over the last several years, I still couldn’t help but see many of the challenges we face in IT through an educational lens. After all, security pros and hackers aren’t born with deep security and networking expertise - why should... [Read More]
by RSS Chris Dawson  |  May 04, 2015  |  Filed in: Industry Trends
Lethic is a proxy bot with an extremely long history that started in January 2010. It is most known for spreading spam emails to earn as much money from the underground market as possible. In March 2014, our botnet monitoring system found that Lethic has now transformed into a clicker bot. Lethic's Spamming Method As a proxy bot, Lethic only transfers data between its command-and-control (C&C) server and its target. When spreading spam emails, the bot receives the business SMTP email server's IP address and port from the C&C server (see... [Read More]
by RSS He Xu  |  May 06, 2014  |  Filed in: Security Research
Recently, Proofpoint security researchers published two blog entries (part one and part two) that they have been observing a series of spam campaigns originating in more than 25 % of cases by Internet of Things (IoT) devices. The compromised devices which were reported to send spam included "multi-media centers, televisions and at least one refrigerator". The first blog entry wasn't sufficiently detailed and raised several doubts. The second entry clarifies several points, though not all, so here's my intake on IoT. Are malware on Internet of... [Read More]
by RSS Axelle Apvrille  |  Jan 27, 2014  |  Filed in: Security Research
Advanced Persistent Threats (APTs) usually start off with using a common tactic, which is through a spear phishing email. Disguised as coming from a well-known organization, the email certainly draws the user's attention, as seen in the one that I've recently received. Figure 1: Spear phishing email The unsuspecting user may open up the attached ZIP file and double click the extracted file, which turns out to be malware. This particular malware, which we detect as W32/Bublik.BDYG!tr, is found to be a simple downloader which is relatively small... [Read More]
by RSS Danny Choi  |  Oct 28, 2013  |  Filed in: Security Research