Posts Tagged ‘previous version’

The Shamoon Attacks Continue

Sep

2012

Symantec Security Response has been investigating further reports of infections of W32.Disstrack, the threat used in the Shamoon attacks. W32.Disttrack is a highly destructive threat that destroys files and the master boot record (MBR) of the infected machine, causing maximum disruption.W32.Disttrack uses a hardcoded “wiping date” which is read from a variably named “.pnf” file […]

Category General Written by Symantec Security Response Blog 0 Comments

Trojan.Zeroaccess.C Hidden in NTFS EA

Aug

2012

The latest variant of the Zeroaccess Trojan-Trojan.Zeroaccess.C-makes use of a novel technique to store its malicious content: it exploits a feature provided by the NT File System called Extended Attributes (EA).Even before Zeroaccess.C, malware authors have been looking for new ways to hide their malicious creations by making use of a specialized API provided by […]

Category General Written by Symantec Security Response Blog 0 Comments

Exprez.B Train from Spain to Holland, a.k.a. Dorifel

Aug

2012

Thanks to Denis Carmody for his assistance with this research.In June we blogged about a new version of the threat family that targeted Spanish companies and institutions named Trojan.Exprez.B. More recently, we have encountered a new version of Trojan.Exprez.B that targets companies in The Netherlands and Denmark. It is still the same threat, but with […]

Category General Written by Symantec Security Response Blog 0 Comments

The Latest in IT Security

Posts Tagged ‘previous version’

The Shamoon Attacks Continue

Trojan.Zeroaccess.C Hidden in NTFS EA

Exprez.B Train from Spain to Holland, a.k.a. Dorifel

Categories

Featured

Archives

Latest Comments

About Us

Contact Us