Recently, we observed an attack campaign using link files attached to emails in Japan. We have blogged about threats utilizing link files before and this type of attack is still alive and well. The target of the link is disguised to make it look like it is linking to a text file, tricking the user […]
Noted for its stealth routine, PlugX and its developers now appear to be using several legitimate applications, in particular those used by Microsoft, Lenovo, and McAfee, in an effort to remain under the radar.PLUGX variants are known for its use of normal applications to load its malicious .DLL components. This .DLL hijacking technique is not […]
Thanks to the Websense® ThreatSeeker™ Network, we have detected that an Iranian website has been compromised to serve a Remote Administration Tool (RAT) called VertexNet. This website does not have a high Alexa rank, but is one of a few cases which has caught our attention. The targeted website (reachable at the URL: hxxp://www.sarifire.ir) seems to be a portal documenting the activities of firefighters in the […]
Latest Comments