malware
How Malformed RTF Defeats Security Engines
This post is authored by Paul Rascagneres with contributions from Alex McDonnell Executive Summary Talos has discovered a new spam campaign used to infect targets with the well known Loki Bot stealer. The infection vector is an RTF document abusing an old exploit (CVE-2012-1856), however the most i…
Threat Round-up for the Week of Mar 13 – Mar 17
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed over the past week. As with previous round-ups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavior characteri…
Indicators of Compromise and where to find them
Indicators of Compromise (“IOC”) are used to suggest a system has been affected by some form of malware. An Indicator of Compromise can be anything from a file name to the behavior observed while malware is actively running on an infected system. Where do they look? Social media, new feeds, industry…
Floki Bot Strikes, Talos and Flashpoint Respond
This blog post was authored by Ben Baker, Edmund Brumaghin, Mariano Graziano, and Jonas Zaddach Executive Summary Floki Bot is a new malware variant that has recently been offered for sale on various darknet markets. It is based on the same codebase that was used by the infamous Zeus trojan, the sou…
The 3 S’s of Success: Security. Software. Simplicity.
Our most profitable partners sell security. And the underpinning of security solutions is software. Yet profit isn’t the only reason you should amp up your security practice. With cyberattacks increasing in both sophistication and volume, cybersecurity is on the top of everyone’s mind. Our security…
Malicious Microsoft Office Documents Move Beyond InkPicture
In late August we began to detect malicious Microsoft Word documents that contained VisualBasic (VB) macro code and the code appeared to be triggering when the document was opened. However, the documents did not contain any of the standard events used to launch VB macro code when a document is opene…
Three New Security Realities That Every CSO Should Face
Anyone responsible for keeping their Enterprise information secure has to understand three events that have changed the nature of Cyber-Security forever: 1. The Perimeter has Disappeared There used to be a strong perimeter defined by the network endpoints, which were all inside secured corporate bui…
Advanced Malware Evasion Techniques HTTP-Evader
Malware doesn’t play by the rules, so today’s IT infrastructure needs to provide several layers of defense for end-users. Some of the more common devices used to protect modern networks are Intrusion Prevention systems (IPS) and Firewalls. In recent years, there has been a lot of research on…
DNSChanger Outbreak Linked to Adware Install Base
[Ed. note: This post was authored by Veronica Valeros, Ross Gibb, Eric Hulse, and Martin Rehak] Late last autumn, the detector described in one of our previous posts, Cognitive Research: Learning Detectors of Malicious Network Traffic, started to pick up a handful of infected hosts exhibiting a new…