VIRUS-NEWS
ExPetr/Petya/NotPetya is a Wiper, Not Ransomware
by Anton Ivanov28 Jun 2017 at 6:51pm
After an analysis of the encryption routine of the malware used in the Petya/ExPetr attacks, we have confirmed that the threat actor cannot decrypt victims? disk, even if a payment was made. This supports the theory that this malware campaign was not designed as a ransomware attack for financial ...
Schroedinger?s Pet(ya)
by GReAT27 Jun 2017 at 6:57pm
Earlier today (June 27th), we received reports about a new wave of ransomware attacks spreading around the world, primarily targeting businesses in Ukraine, Russia and Western Europe. Our investigation is ongoing and our findings are far from final at this time. Despite rampant public speculation...
Neutrino modification for POS-terminals
by Sergey Yunakovsky27 Jun 2017 at 11:01am
From time to time authors of effective and long-lived Trojans and viruses create new modifications and forks of them, like any other software authors. One of the brightest examples amongst them is Zeus, which continues to spawn new modifications of itself each year.
KSN Report: Ransomware in 2016-2017
by Kaspersky Lab26 Jun 2017 at 9:00am
In early 2017, Kaspersky Lab?s researchers have discovered an emerging and dangerous trend: more and more cybercriminals are turning their attention from attacks against private users to targeted ransomware attacks against businesses.
Ztorg: from rooting to SMS
by Roman Unuchek20 Jun 2017 at 9:01am
I?ve been monitoring Google Play Store for new Ztorg Trojans since September 2016, and have so far found several dozen new malicious apps. All of them were rooting malware that used exploits to gain root rights on the infected device. In May 2017, a new Ztorg variant appeared on the Google Play S...
Honeypots and the Internet of Things
by Vladimir Kuskov19 Jun 2017 at 9:08am
According to Gartner, there are currently over 6 billion IoT devices on the planet. Such a huge number of potentially vulnerable gadgets could not possibly go unnoticed by cybercriminals. As of May 2017, Kaspersky Lab?s collections included several thousand different malware samples for IoT devic...
Nigerian phishing: Industrial companies under attack
by Kaspersky Lab ICS CERT15 Jun 2017 at 9:00am
In late 2016, the Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team reported on phishing attacks that were primarily targeting industrial companies from the metallurgy, electric power, construction, engineering and other sectors. As further research demonstrated, this was jus...
Two Tickets as Bait
by Nadezhda Demidova10 Jun 2017 at 1:21pm
Over the previous weekend, social networks were hit with a wave of posts that falsely claimed that major airlines were giving away tickets for free. Users from all over the world became involved in this: they published posts that mentioned Emirates, Air France, Aeroflot, S7 Airline, Eva Air, Turk...
SambaCry is coming
by Mikhail Kuzin9 Jun 2017 at 10:07pm
Not long ago, news appeared online of a younger sibling for the sensational vulnerability EternalBlue. The story was about a new vulnerability for *nix-based systems ? EternalRed (aka SambaCry). On May 30th our honeypots captured the first attack to make use of this particular vulnerability, but ...
Dvmap: the first Android malware with code injection
by Roman Unuchek8 Jun 2017 at 8:58am
In April 2017 we started observing new rooting malware being distributed through the Google Play Store. Unlike other rooting malware, this Trojan not only installs its modules into the system, it also injects malicious code into the system runtime libraries.
