Last week, an unidentified malware (with SHA-256 171693ab13668c6004a1e08b83c9877a55f150aaa6d8a624c3f8ffc712b22f0b) was discovered and circulated on Twitter by researcher @JAMES_MHT. Many researchers - including us - were unable to identify the malware so we decided to dig a bit further. In this post, we will share our findings about this malware: its targets, technical analysis, the related attacks and the threat actor behind it. Targets One of the first things we wanted to know is if this malware has a specific target--thanks to researcher... [Read More]
by RSS Floser Bacurio and Roland Dela Paz  |  Jun 21, 2016  |  Filed in: Security Research
Introduction The Zeus malware, a.k.a. Zbot, is a bot that is capable of stealing private and sensitive information including personal passwords and banking information from infected hosts. Its command-and-control (C&C) server can also control the action of its remote bots by sending various command strings, such as updating malware, executing other malware files, and so on. Recently, we have discovered a new variant of this malware that we are calling Lite Zeus. Aside from being shorter with fewer functionalities, it has several other distinct... [Read More]
by RSS Kan Chen  |  Jun 26, 2014  |  Filed in: Security Research
[Read More]
by RSS Michael Perna  |  Jun 07, 2014  |  Filed in: Industry Trends
Earlier this week, the United States Computer Emergency Readiness Team (US-CERT) released an advisory regarding the GameOver Zeus P2P Malware. Along with that advisory was a national press release from the US Department of Justice and the FBI that announced a multi-national effort against the GameOver Zeus botnet. GameOver Zeus, a.ka. P2P Zeus, is a sophisticated type of malware that is used by cybercriminals to steal infected hosts' banking information, install other malware, and perform DDoS attacks and other cybercrime-related activities.... [Read More]
by RSS Margarette Joven  |  Jun 06, 2014  |  Filed in: Industry Trends
Special Technical Contribution by He Xu, Senior Antivirus Analyst P2P Zeus, a.k.a. Zbot, has evolved into a powerful bot since its discovery in 2007. It is capable of stealing infected hosts' banking information, installation of other malware, and other cybercrime-related behavior. Currently, P2P Zeus supports both the UDP and TCP protocols for its various communication tasks including peer list exchange, command-and-control (C&C) server registration, and malware binary updates. Early this month, our Fortinet botnet monitoring system found... [Read More]
by RSS Kan Chen  |  Apr 21, 2014  |  Filed in: Security Research