We regret to inform you that over the weekend, Malwarebytes was under direct, targeted attack from a new type of malware of unknown origin. The malware was shutting down systems left and right at our headquarters. We were able to cut off its spread through our network and obtain a sample of it from the infected systems before their hard drives were completely erased. It took our lead analysts over 10 hours to obtain a small amount of information that they could and we decided it was important to share it with you.
First of all, the malware appears to have been completely destructive in nature, it was able to infect every type of operating system with every current security patch. Once infected, it mapped out a method of exit to another uninfected system then copied and executed itself on the new system. Finally, it began completely erasing everything on the system by writing over data with the hex characters 53:4b:59:4e:45:54 until nothing remained of the original data.
Further analysis of the attack has lead researchers to assume the attack was indeed targeted. In fact, the first files overwritten by the malware were identified as files and folders concerning the development of Malwarebytes Anti-Malware 2.0. It was discovered that the malware was able to search specifically for these files and destroy them before anything else. This information leads us to believe that the attack was to prevent the development and launch of our most powerful tool yet.
Our users have nothing to worry about however, as our team was able to secure all essential systems and keep the flow of updates coming to you. In addition, 10 minutes after obtaining the malware, Malwarebytes Anti-Malware is able to protect against it and any other similar malware.
As far as who was behind the attack, analysts are still baffled due to the unique and custom programming language it appears to be written in (being converted into C++ by an onboard translation tool and executed in real time). We are currently in the process of investigating the original entry point of the attack. However, some are saying it came from an e-mail received by our newest developer: J.Connor. One thing is for sure though, the file had been heavily modified due to the file properties claiming the malware was originally compiled on April 1, 2023.
The Malwarebytes Staff
On March 20th, reports were circulating that a cyberattack had been conducted against broadcast networks and banks in South Korea. In typical reaction, it was suspected that North Korea may have been to blame, although no evidence has surfaced supporting this idea. However, it’s recently been reported that at least one of the bank attacks traces back to a Chinese IP address.
BBC news provided more details that same day, stating “two South Korean banks, Shinhan Bank and Nonghyup, and three TV stations KBS, MBS and YTN, all reported that their networks had suddenly shut down on Wednesday afternoon.” Read more…
A hoax ( to trick into believing or accepting as genuine something false and often preposterous ) is the word we use for a fake warning. Since they are not only annoying and confusing, but sometimes even potentially harmful, they deserve some attention.
We often hear about botnets (networks of infected computers) being used to send out spam, perform Distributed Denial of Service attacks or other nefarious activities by the bad guys. Well, an unidentified researcher thought there was much more that could be done with a botnet and took on an unprecedented mission to map out the Internet by looking at how many single IP addresses were in use. An ambitious goal you might say, but considering the botnet was scanning billions of ports per hour, it provides a never-before seen view and “census” of the Internet IPv4 address space. Read more…