TROJ_REGIN.A
Rated as: High Damage Potential
Delivery Method: varies
This malware group has the following capabilities:
Rootkit, Network Port Blocker, Network Capture, Credential
Stealing, C&C Communication, Cryptography Functions, Gather System
Information, UI manipulation (Screenshots, Logs, Keystrokes, Click
Functionalities), File System Manipulation (Create/Read/Write/Delete), Process
and Module Manipulation, IIS Web Server Log Theft, GSM Activity Log.
It connects to Command & Control (C&C) servers to
send and receive information.
TROJ_CRYPAURA.A aka Trojan-Ransom.Win32.Aura.
Rated as: High Damage Potential
Delivery Method: Downloaded from the Internet, Spammed via email
Rated as: High Damage Potential
Delivery Method: Downloaded from the Internet, Spammed via email
This Trojan arrives as an attachment to email messages spammed by other malware/grayware or malicious users. It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
It connects to certain websites to send and receive
information. It deletes itself after execution.
This Trojan drops files in the Windows User Startup folder
to enable its automatic execution at every system startup.
TROJ_POWELIKS.B aka Trojan:Win32/Powessere.A (Microsoft) or Trojan.Win32.Crypt.cya
(Kaspersky)
Rated as: Medium Damage and Information Theft PotentialDelivery Method: Downloaded from the Internet, Dropped by other malware
This Trojan is a data theft tool.
(MS14-068) Vulnerability in Kerberos Could Allow Elevation
of Privilege (3011780)
This update resolves an elevation of privilege vulnerability
found in the Kerberos KDC in certain Windows operating systems. The
vulnerability exists in the improper validation of signatures. For an attacker
to exploit the vulnerability, the attacker must have valid credentials for the
domain where the vulnerable system is hosted.
This isn’t a malware per-se but is a vulnerability in
Microsoft Windows server operating systems and should be patched ASAP by
running Windows Updates on your server(s).
TSPY_DRIDEX.WQJ aka Win32/Dridex.C
(ESET)
Rated as: High Data Theft Potential
Delivery Method: This can be an attachment to spammed messages. It arrives as a malicious macro code.
This spyware arrives on a system as a file dropped by other
malware or as a file downloaded unknowingly by users when visiting malicious sites.
It may be downloaded from remote sites by other malware. It connects to certain websites to send and receive
information. It is used to load and execute a file. It deletes itself after
execution.Rated as: High Data Theft Potential
Delivery Method: This can be an attachment to spammed messages. It arrives as a malicious macro code.
SPAM/Phishing Threats
2014 US Holidays, News Figure in Spam
Delivery Method: principally e-mail but also fake ad inserts
on infected or fake web sites
Holidays, personalities, disasters - all these are regular
targets of cybercriminals. Once something new or something big is known to the
public, cybercriminals find ways to use these in their regular scheming. 2014
holidays are no exception. Trend Micro has spotted several spammed messages
that use the holiday season and some big-named personalities to lure users into
fraudulent activities.
These spammed messages lead to various links where
cyber criminals are urging users to purchase what was stated in the spammed
pages. The email messages are spam and lead to bogus online shopping websites.
Users are advised not to open email like these.
Ebola Health Scare Spam Mail Leads To
Phishing
Exactly the same day when Texas Governor Rick Perry
announced the formation of a 17-member task force in charge of the state’s
readiness in dealing with the pandemic disease, spammers began to carry out
spam campaigns alerting everyone about people being quarantined in Texas and
how to stay safe including if Martial Law will be declared. This is a typical
approach brought about by social engineering, with this particular instance
capitalizing on people's fears of the deadly disease.
No comments:
Post a Comment