Just recently, Microsoft shut down the command-and-control infrastructure (C&C) of Win32/Nitol malware – one of the most active DDoS-performing malware families today. The take down, dubbed as “Operation b70“, was a great success. To amplify its disruption, DDoS:Win32/Nitol was included in this month’s Malicious Software Removal Tool (MSRT) release. Microsoft’s study [PDF] behind Operation b70 found […]
A few weeks ago, we wrote about the Oracle Java Runtime Environment Remote Code Execution Vulnerability (CVE-2012-4681) being used in a targeted attack campaign by the Nitro attackers. Recently, we have discovered another group exploiting this vulnerability in the wild: the Taidoor attackers.The Taidoor attackers began utilizing the vulnerability when the proof of concept (POC) […]
Just after we published a blog about a 64-bit obfuscator, we very quickly discovered another malware family following the same trend. Claretore is also using two-layer 64-bit obfuscation, although it does it a little differently to Ursnif. The first layer simply decrypts the code of the second layer and passes it control. There’s even a 64-bit […]
Latest Comments