On March 20th, reports were circulating that a cyberattack had been conducted against broadcast networks and banks in South Korea. In typical reaction, it was suspected that North Korea may have been to blame, although no evidence has surfaced supporting this idea. However, it’s recently been reported that at least one of the bank attacks traces back to a Chinese IP address.
BBC news provided more details that same day, stating “two South Korean banks, Shinhan Bank and Nonghyup, and three TV stations KBS, MBS and YTN, all reported that their networks had suddenly shut down on Wednesday afternoon.” Continue reading
Ransomware is still going strong and infecting countless PCs. We happened to stumble upon an interesting sample part of the Urausy family which bypassed detection on all major antivirus products for almost an entire day before slowly being detected. In this post we will give some information on its background (where it came from) and a detailed analysis of its binary. Continue reading
In this connected world, time is of the essence. The bad guys are counting on releasing their malicious programs and infecting machines before security companies have time to analyze those samples and provide detection signatures to block the threat.
Although antivirus companies have evolved their technologies and can now provide proactive heuristic detections (essentially this means being able to detect new malware without having seen it before), cyber criminals thwart these by first testing their creations against each major security vendor to make sure they aren’t detected. If they are, they simply alter their code enough to bypass detection, at least temporarily. So much for all these fancy algorithmic engines…
This is an arms race and the bad guys always have the head start. If they can infect a few thousand computers in a couple of hours before getting detected, they have achieved their goal. And even in the case of the antivirus software later detecting the threat, it is already too late as many pieces of malware disable the security products installed on a machine therefore rending them useless.
Since December of 2011, the spread of malicious advertisements, or “Malvertisements”, has drastically increased. Along with this trend is the increased spread of some pretty nasty malware. One in particular is called Happili, an adware trojan that installs a browser extension to re-direct legitimate search queries to ad sites.