The AlienVault Blogs: Taking On Today’s Threats
Latest

The most recent posts from across the AlienVault blogs.

Labs

Late-breaking discoveries and in-depth analysis.

How-To

Practical, how-to advice, tips and guidance.

Hot

Perspectives on trends and industry happenings.

Category: Attacks

Posted in Blog: Labs Blog

Looking at the evolution of ransomware, accepting bitcoin as a payment method is probably taking too long for most common ransomware families. Not long ago, we have seen a ransomware family that accepts MoneyPak, Ukash, cashU and Bitcoin as payment methods. Its name is CryptoLocker and is detected by Microsoft as Crilock.A. Just one month after Microsoft… Read more

Posted in: Attacks, Malware, Crimeware
Tags: malware, bitcoin, ransomware

Posted in Blog: Labs Blog

A few days ago Microsoft Malware Protection Center published a great blog post about some undocumented instruction tricks being used by several malware families. As you can read in the post, they found some malware samples using FPU instructions  that lead to incorrect disassembly in several debuggers and disassemblers. I decided to write a small Python script to help us… Read more

Posted in: News, Attacks, Malware, Python, Crimeware
Tags: malware, assembly, fpus

Posted in Blog: Labs Blog

Have you ever had a server open to the internet with SSH service running? Then you know how common it is to receive break in attempts against your servers produced by automated bots that scan wide ranges of hosts trying weak combinations of user/password to log into remote machines. But what happens next? What is the business behind these… Read more

Posted in: Attacks, Crimeware
Tags: criminals, cracking, store, roots, underground

Posted in Blog: Labs Blog

Ransomware is popular among bad actors. Reveton malware family (based on Citadel) made a difference last year, now it is loosing popularity in favor of Urausy, just another lock-screen ransomware. There are a plenty of them living in the wild, but in this post we are going to focus on Urausy. These malware families are being spread by using exploit… Read more

Posted in: Attacks, Malware
Tags: malware, ransomware, urausy

Posted in Blog: Labs Blog

Last week, our friends from Norman published a great report on a cyber espionage campaign named Operation Hangover.  We have released some Yara rules to detect most of the payloads mentioned on the paper. You can download the rules from our Github space: On the other hand the Hangover attackers have been using several payloads with network capabilities to steal… Read more

Posted in: News, Attacks, Malware, Exploits, Snort, APT
Tags: malware, apt, hangover