A Week in Security (Apr 05 - 11)

A Week in Security (Nov 09 – 15)

To start off this week’s roundup, here’s a good news: Our CEO shared with us an announcement from Deloitte declaring Malwarebytes as  one of the fastest growing companies across industries in its annual Fast 500 awards.

Even better news: Malwarebytes Anti-Rootkit version 1.08 (the latest one as of this writing) can now clean systems affected by Powerliks, a sophisticated malware “that runs without a filesystem object, completely from the registry and memory using rundll32.exe, JavaScipt and create on-the-fly DLL from memory.” If you may recall, Powerliks was discussed by Senior Security Researcher Jérôme Segura in the blog post, “Fileless Infection from Exploit Kit: An Overview”.

Last week, we touched on some interesting and timely topics. First off, Nathan Collier, one of our go-to senior researchers for mobile, continue to spot Trojanized apps on the Google Play store, one of which was called “Thai Fun Content”, which he discussed in a recent blog post. Malware Intelligence Analyst Chris Boyd also found a fake Flash Player update at the same time Adobe released a fix for 18 vulnerabilities for the said player.

A fresh malware campaign similar to what we documented months ago continue to circulate in Steam. Boyd discussed a sample he retrieved based on user reports as well.

Notable news stories:

  • Hackers hit Pizza Hut with PoS malware. “The campaign, which hit the Hut last year, also caused order transmissions to fail. According to IT news, 60 of its 300 Australian stores suffered varying amounts of downtime as a result of ‘steadily increasing’ malware infections over the 12-month period.” (Source:  IT Security Guru)
  • G DATA: Fresh RAT ‘COMpfun’ Employs New Persistence Mechanism. “Cybercriminals leveraged the technique to enter Yahoo Mail accounts in case of IcoScript and use them for C & C communications. Researchers observed at that time that the attackers could have used other webmail services also like Gmail.” (Source: Spam Fighter)
  • DAY ZERO, and COUNTING: EVIL ‘UNICORN’ all-Windows vuln – are YOU patched? “Security researcher Robert Freeman has discovered an 18-year-old, critical, remotely-exploitable vulnerability di tutti vulnerabiliti which affects just about ALL versions of Windows – all the way back to Windows 95.” (Source: The Registry)
  • Fake malware-laden Amazon emails target UK, US shoppers. “As the holiday season slowly approaches, and users increasingly turn to the Internet to do their holiday shopping before the seasonal madness begins, cyber crooks are trying to take advantage of the fact.” (Source: Help Net Security)
  • Expired Antivirus Software No. 1 Cause Of Unprotected Windows 8 PCs. “Trial anti-malware products can continue to run and block threats they detect even after they expire. But it is a mistake to assume that the software therefore offers at least some level of protection.” (Source: Dark Reading)
  • New Twist to the Telephone Tech Support Scam. “In a new twist to the tech support scam, cyber criminals attempt to defraud using another avenue. The scam is executed while a user is browsing the Internet.” (Source: IC3)

Safe surfing, everyone!

The Malwarebytes Labs

ABOUT THE AUTHOR