Point of Sale Malware Threats
October 04, 2014 |
2014 is shaping up to be the year of retail data breaches. Through news coverage of high-profile data breaches, Point of sale malware has become a mainstream term with several malware families gaining notoriety. The chart below provides a snapshot of today’s most relevant POS malware threats and their respective capabilities.
Attributes of Malicious Files
June 30, 2012 | Filed in: Malware Analysis
Malware has become a common component to most modern intrusions. Confirming a system is infected or finding the attacker-‐planted backdoor can be a daunting task. To compound the situation, attackers are taking steps to actively evade traditional detection mechanisms. The foundations laid in this paper begin to develop an alternate and supplementary approach for identifying malware through detecting anomalies in the low‐level attributes of malicious files. Over 2.5 million malicious samples were analyzed and compared with a control set of non-malicious files to develop the indicators presented.
Read More
Read More
Low Tech Ransomware
October 26, 2011 | Filed in: Species Analysis
Recently, I had the opportunity to analyze a new ransomware Trojan. What I found was an interesting sample that relied more on social engineering than on advanced tech to extort money from the end user. Read More
Building A Malware Zoo
July 30, 2010 | Filed in: Malware Analysis
Today malware circulates in mass volume. New samples appear at a rate of thousands per day. In order to keep pace and manage this analysis demand two key needs emerge: automation and organization. This paper seeks to lay the foundation for a basic Malware Zoo that will provide a framework for both.
Read Paper
Read Paper
PDF Malware Overview
July 19, 2010 | Filed in: Malware Analysis | Species Analysis
As far back as 2001 (Peachy Worm) we have seen cyber criminals utilize embedded malicious scripts and other dynamic PDF features to install malware and steal user credentials. While the goals and technical payloads of these PDFs have changed over the years, the pattern for creating a malicious PDF remains largely unchanged.
[Report posted as part of the SANS Malware FAQ: Read Report ]
[Report posted as part of the SANS Malware FAQ: Read Report ]
PDF Malware: Pidief
May 26, 2010 | Filed in: Species Analysis
PDF viewers can be found (and normally pre-installed) on all major computing and mobile platforms making it the most popular document format available today. Without surprise this popularity and adoption has gained the attention of malware authors.
[Report posted as part of the SANS Malware FAQ: Read Report ]
[Report posted as part of the SANS Malware FAQ: Read Report ]
Malicious Social Networking: Koobface Worm
May 03, 2010 | Filed in: Species Analysis
The popularity of social networking sites such as MySpace and Facebook has sky rocketed in recent years. Today nearly everyone has a profile and established friends lists that are used to keep tabs on your two hundred closest friends. For most, the motive behind these sites lies somewhere between a genuine interest in keeping in touch with friends and family to keeping up with the latest gossip. This popularity hasn't gone unnoticed to the malcode authors. To these authors, social engineering is a key tactic used to get their wares installed on unsuspecting victims. Social networking sites makes socially engineering victims almost too easy.
[Report posted as part of the SANS Malware FAQ: Read Report ]
[Report posted as part of the SANS Malware FAQ: Read Report ]
Mac OS X Malware Analysis
September 02, 2009 | Filed in: Malware Analysis | Mac OS X
As Apple's market share raises so will the Malware! Will incident responders be ready to address this rising threat? The intent of this paper is to begin building a basic Mac OS X malware analysis capabilities to deal with the potential of Mac Malware. Read Paper
Simple Method For Defeating Automated Analysis Tools
August 25, 2009 | Filed in: Reverse Engineering
When analyzing a recent sample of koobface, I came across the following snippet.
At first glance it was easy to see that the names of some very common libraries/functions were split across multiple strings followed by an indirect call to LoadLibrary. Simple to see from manual inspection but most automated tools would blow past without identification. A simple but effective anti-analysis technique.
At first glance it was easy to see that the names of some very common libraries/functions were split across multiple strings followed by an indirect call to LoadLibrary. Simple to see from manual inspection but most automated tools would blow past without identification. A simple but effective anti-analysis technique.
OS X Tored.A: Lameware
May 11, 2009 | Filed in: Species Analysis | Mac OS X
This new OS X “Worm” is one poorly written piece of malware. Written in RealBasic the malware utilizes no encryption, no packing technology, and most of the time just doesn’t work. It was quite amusing reading the embedded strings -- I will spare you the profanity. One thing that did catch my eye was all the hard coded SMTP servers the “worm” utilizes were in France. So I decided to plot the SMTP servers using whois/google maps ...
So where do you think our vxer is from?
So where do you think our vxer is from?
OS X Puper.A (RS-Plug.F)
May 02, 2009 | Filed in: Species Analysis | Mac OS X
OS X Puper.A by most accounts has been the most popular Mac OS X malware in the past 18 months. What is most fascinating is how little sophistication is involved in this threat and yet how it continues to be a viable threat for the Mac platform. Read the analysis report for details. Read Report
Fujacks: A Modern File Infector
May 01, 2009 | Filed in: Species Analysis
Fujacks was an interesting malware species that helped re-introduced the file infector behavioral into today’s blended threat. This analysis report focuses on the reproductive behavioral of this modern file infector. Read Report
Site Launch
April 30, 2009 |