June 27, 2017 | Sacha Dawes

New Variant of Petya / PetrWrap Ransomware Strikes

On June 27th the AlienVault Labs Team became aware of a new ransomware, a variant of the Petya malware, that is spreading rapidly and is known to have affected organizations in Russia and the Ukraine, and some other parts of Europe. A pulse detailing the Indicators of Compromise for this variant of Petya can be found in the AlienVault Open…

June 21, 2017 | Chris Doman

SamSam Ransomware Targeted Attacks Continue

Normally new variants of ransomware families aren't particularly interesting.SamSam, however, is different. Whereas most ransomware is automatically propagated, SamSam is deployed manually.In addition, the group behind SamSam charges very high ransoms because of the amount of effort invested in their operations, which made them the subject of two FBI Alerts last year.The attacks seem to peak…

Get the latest security news in your inbox.

Subscribe via Email

June 9, 2017 | Peter Ewane

MacSpy: OS X RAT as a Service

MacSpy is advertised as the "most sophisticated Mac spyware ever”, with the low starting price of free. While the idea of malware-as-a-service (MaaS) isn’t a new one with players such as Tox and Shark the game, it can be said that MacSpy is one of the first seen for the OS X platform.The authors state that…

May 19, 2017 | Eddie Lee

Diversity in Recent Mac Malware

In recent weeks, there have been some high-profile reports about Mac malware, most notably OSX/Dok and OSX.Proton.B. Dok malware made headlines due to its unique ability to intercept all web traffic, while Proton.B gained fame when attackers replaced legitimate versions of HandBrake with an infected version on the vendor’s download site. Another lower profile…

May 12, 2017 | AlienVault Labs

Ongoing WannaCry Ransomware Spreading Through SMB Vulnerability

As of early this morning (May 12th, 2017), the AlienVault Labs team is seeing reports of a wave of infections using a ransomware variant called “WannaCry” that is being spread by a worm component that leverages a Windows-based vulnerability.There have been reports of large telecommunication companies, banks and hospitals being affected. Tens of thousands of networks worldwide have…

May 6, 2017 | Chris Doman

MacronLeaks – A Timeline of Events

It's been a very familiar feeling reading about the documents leaked to impact the elections in France tomorrow.Often the best defence is to have a proper understanding of what has happened. A quick draft timeline of events from an analysis of document meta-data and forum posts is below.Attacks in March and AprilA number of domains, identified…

May 4, 2017 | Jaime Blasco

OAuth Worm Targeting Google Users - You Need to Watch Cloud Services

Yesterday, many people received an e-mail from someone they knew and trusted asking them to open a "Google Doc.” The email looked, felt, and smelled like the real thing—an email that Google normally sends whenever a share request is made. However, the email contained a button that mimicked a link to open a document in Google Docs.…

March 31, 2017 | Chris Doman

New Features in Open Threat Exchange (OTX)

Its been a busy couple of months for the OTX team, making lots of improvements to make OTX more useful for security researchers and InfoSec professionals. Thought it was time to give you and update. Here's what's new in OTX:Easier Way to Create PulsesWe've rebuilt the way you create pulses from scratch. So you can…

March 14, 2017 | Jaime Blasco

Apache Struts Vulnerability Being Exploited by Attackers

Last week a new vulnerability affecting Apache Struts was reported (CVE-2017-5638) that affects the Apache Struts Jakarta Multipart parser. The vulnerability allows an unauthenticated attacker to execute code in the affected system by creating a specially crafted Content-Type HTTP header.Starting last Thursday (March 9, 2017), we have seen a high number of attackers trying to exploit this vulnerability. Different payloads…

October 3, 2016 | Kate Brew

Malware Hiding Techniques to Watch for: AlienVault Labs

I saw a webcast done by Peter Ewane and Javvad Malik recently. The summary of what Peter had to say and Q&A follows; you can also view the recorded webcast.What is Malware?Malware can be a lot of things. It can be a virus, a worm, spyware, a Trojan horse, or ransomware. It’s basically any…

June 27, 2016 | Kate Brew

Reverse Engineering Malware

The AlienVault Labs team does a lot of malware analysis as a part of their security research. I interviewed a couple members of our Labs team, including Patrick Snyder, Eddie Lee, Peter Ewane and Krishna Kona, to learn more about how they do it.Here are some of the approaches and tools and techniques they use for reverse engineering malware,…

April 4, 2016 | Peter Ewane

PowerWare or PoshCoder? Comparison and Decryption

PowerWare was brought to my attention by Carbon Black via their blog post. PowerWare is downloaded by a malicious macro-enabled Microsoft Word document that is distributed via a phishing email campaign. The malicious document in question attempts to convince the user to enable macros by informing them that the file is protected by Microsoft Office. This, of course, is a…

Watch a Demo ›
GET PRICE FREE TRIAL CHAT