Support

Archive | Trojan Horses

View all postings from the Malware – Trojan Horses category in “Security to the Core,” the Arbor Networks Security Engineering and Response Team Blog.

Neverquest: A global threat targeting Financials

By: ASERT Research Team On March 31st, Arbor’s Security Engineering & Response Team (ASERT) published a detailed threat brief on the Neverquest malware for Arbor customers. Along with thousands of IOC’s (indicators of compromise), the brief details Neverquest’s current inner workings and describes some reversing techniques ASERT uses to unravel and monitor this stealthy and […]

Continue Reading

Into the Light of Day: Uncovering Ongoing and Historical Point of Sale Malware and Attack Campaigns

Point of Sale systems that process debit and credit cards are still being attacked with an increasing variety of malware. Over the last several years PoS attack campaigns have evolved from opportunistic attacks involving crude theft of card data with no centralized Command & Control, through memory scraping PoS botnets with centralized C&C and most […]

Continue Reading

Happy Holidays: Point of Sale Malware Campaigns Targeting Credit and Debit Cards

Inside Recent Point-of-Sale Malware Campaign Activities Curt Wilson, Dave Loftus, Matt Bing An active Point of Sale (PoS) compromise campaign designed to steal credit and debit card data using the Dexter and Project Hook malware has been detected. Indicators of compromise will be provided for mitigation and detection purposes. Prior to the publication of this […]

Continue Reading

Trojan.Prinimalka: Bits and Pieces

Trojan.Prinimalka is a banking trojan associated with an attack campaign that received quite a bit of press in October 2012. “Project Blitzkrieg” is “a new cybecriminal [sic] project aimed at recruiting 100 botmasters to help launch a series of lucrative online heists targeting 30 U.S. banks. The Trojan installs a proxy on the victim host […]

Continue Reading

Things in 3FN

I think by this time folks know about the FTC action against 3FN (Triple Fiber Network). Here’s some of the stuff we had tracked there over the years. WinReanimator, Cutwail botnet activity. RogueAV in many forms including TubeStreamDrivers, av-pro-2009.com, do-make-progress.com, and related domains Pinch controllers Dialers Fake cracks and tools like Bosmedia.org Pushdo controllers manda.php […]

Continue Reading