This is a loose sequel to the Cutwail botnet analysis blogpost published on the malwaremustdie.blogspot.com. In this blogpost I will primarily focus on the downloaded PE executable itself (SHA256: 5F8FCC9C56BF959041B28E97BFB5DB9659B20A6E6076CFBA8CB2D591184C9164) and the network traffic that it generates. I will also reveal a hidden C&C server.But first let’s quickly go through the things it does at […]
A new “ransomware” campaign uses a novel approach to extort money from Internet users. It locks your computer and displays a localized webpage that covers your desktop and demands the payment of a fine for the possession of banned material.The following system changes may indicate the presence of this malware:<startup folder>\<random file name>.dll.lnk<startup folder>\<random file […]
SophosLabs has been monitoring a new strain of the infamous ZeroAccess rootkit that has been hitting the internet over the last few weeks.ZeroAccess is a sophisticated kernel-mode rootkit that enslaves victim PCs, adding them to a peer-to-peer botnet from which they receive commands to download other malware. The rootkit has undergone several revisions since its […]
Latest Comments