Advances in spam detection meant that spam operators had to find ways to circumvent new technologies. For instance, Asprox made significant improvements in their spam and module architecture whereas Pushdo made use of decoy network traffic.Recently, we have discovered a new simple method used by a spam botnet we named StealRat. It consists of 3 […]
This is a loose sequel to the Cutwail botnet analysis blogpost published on the malwaremustdie.blogspot.com. In this blogpost I will primarily focus on the downloaded PE executable itself (SHA256: 5F8FCC9C56BF959041B28E97BFB5DB9659B20A6E6076CFBA8CB2D591184C9164) and the network traffic that it generates. I will also reveal a hidden C&C server.But first let’s quickly go through the things it does at […]
?We added three new families to this month’s Malicious Software Removal Tool (MSRT): Win32/FakeDef, Win32/Vicenor, and Win32/Kexqoud. In this blog, we will talk about the rogue antivirus family Win32/FakeDef. It’s not a big player in rogues’ world, but it holds its own unique characteristics. We found this family in the wild in December 2012. Initially […]
Latest Comments