Rich Matteo, a researcher here at Malwarebytes, came across an interesting sample that erases files and leaves a not-so-friendly message to its victims.
Once a host PC is infected, the malware enumerates the victim and looks for files of a certain type, replacing their contents with “Because f*** you! That’s why.”
Naturally, this can cause many programs to cease functioning, one of which was my Malcode Analyst Pack. This one produced some rather comical errors post infection.
News reports are coming in that 19-year-old Cassidy Wolf (above) has received emails from an alleged hacker attempting to extort her. Continue reading
Debuggers—a tool traditionally used to find errors (called “bugs”) in code—are also used by security experts. In the field of malware analysis, debuggers are a vital tool used to reverse-engineer malware binaries, helping analysts to understand the purpose and functionality of malware when dynamic analysis isn’t enough.
Because they’re such a valuable tool, sometimes malware authors try to prevent analysts from using them. By employing various techniques in the code (known as “anti-debugging”), malware can successfully thwart junior analysts.
Recently I found an interesting anti-debugging technique I haven’t seen before. I discovered this technique while reversing a ZeroAccess Trojan (seems it’s always ZeroAccess lately, right?).
The technique employs various native Win32 APIs used for debugging a process. By using these APIs, the analyst cannot use their own debugger, since only one debugger can be attached to a process at a time.
To connect to the debugger at the API level, the Trojan uses DbgUIConnectToDbg. This API along with others used to communicate with the Windows Debugger all seem to be undocumented by Microsoft.
Whether you’re lost on a road trip, going deaf at a rock concert, or getting your sun tan on, odds are PC security isn’t the first thing on your mind as you enter this summer season.
A fellow researcher at Malwarebytes put it best, by pointing out that you can keep their PC safe this summer by unplugging it and going to the beach. There’s probably some truth to that.
Nonetheless, in the interest of looking out for our readers, I did some research and came up with seven great tips to keep everyone surfing the web safely all summer long. Here’s what I found.
If you use your debit or credit card to buy groceries or get cash out of an ATM you might want to know that the bad guys could have a piece of it.
Researchers at Russian security firm Group-IB say that customers from some of the largest US banks have been affected by malware that steals credit card data directly from ATMs as well as point-of-sale (POS) terminals found at regular retailers. Cyber-crooks are infecting the Operating System that powers ATMs and point-of-sale terminals with malware capable of stealing financial data.
The business model behind going directly to the source is efficient because criminals only need to compromise a few ATMs to collect hundreds, if not thousands, of credit card numbers which can immediately be sold on the black market.