Subscribe to ThreatSTOP feed
Updated: 1 hour 26 min ago

Zloader/Terdot – That Man in the Middle

Fri, 07/21/2017 - 19:04

The ZeuS malware family was first seen in July 2007, and is the poster child for long-lasting bots. Zbot, one of the aliases of ZeuS, has a familial relation to Terdot. When ZeuS's source code leaked in 2011 bad actors jumped at the chance to start updating its capabilities based on their campaigns. One of these offspring was Terdot. MalwareBytes has made a study of the ZeuS family, and have noted a recent increase in Terdot/Zloader infections.

Dynamic DNS Providers – Offering Options on IP Addresses

Thu, 07/20/2017 - 23:13

ThreatSTOP has compiled a list of Dynamic DNS (DynDNS) services and providers. The list itself can is useful for both black lists as well as white lists.

El Machete Malware is Still "Sharp"

Wed, 07/19/2017 - 19:19

In the rapid cycle rise and disappearance of malware campaigns, there are only a few campaigns that last for several years. One of these, is the El Machete malware, which was first discovered by Kaspersky, and is thought to have been active since 2010.

Magnitude EK: What's Shakin?

Tue, 07/18/2017 - 21:22

The Magnitude EK, active since 2013, is one of the longest-running exploit kits used, with many of its most recent victims coming from Asia. It is usually seen distributing Cerber ransomware.

Winnti Aims to Win the Game

Fri, 07/14/2017 - 00:23

The Winnti group is a Chinese-linked cybercriminal group that is most well-known for its 2011 attacks against online video game producers.

A Rough Time for Web-browsing: The RoughTed Campaign

Wed, 07/12/2017 - 18:42

One family of malware that even the most vigilant of users has to be careful of is malvertising. Malvertising's dangers come from the fact that malware infection can occur from visiting a common legitimate website, as the malware is embedded within the ads on the website, rather than the website itself.

RIG Exploit Kit Takedown: Operation Shadowfall

Tue, 07/11/2017 - 18:01

Similar to Terror EK, the RIG EK gained a lot of footing in the EK market after the downfall of the Angler, Neutrino, and Nuclear exploit kits.

BankBot and BankBotAlpha – Banking Android Malware

Mon, 07/10/2017 - 21:32

BankBot is a malware targeting Android OS, and has appeared in the Google Play Store in different forms, often impersonating well-known application icons or names.

Bi-Weekly Security Update 7/7/2017

Fri, 07/07/2017 - 23:14

WildFire Locker – Ransomware Disguised as Missed Delivery

Wed, 07/05/2017 - 18:20

Ransomware operators do not usually target specific victims as a source of money, but this campaign might change that.

Adylkuzz - Quietly Mining Cryptocurrency

Fri, 06/30/2017 - 22:07

In May 2017, the WannaCry Ransomware Attack was all over the news being, what some will say, is the biggest cyberattack to date.

DiamondFox Jumps over the Competition

Thu, 06/29/2017 - 19:11

DiamondFox, also known as Gorynych, is a modular malware that highlights the growth of the malware-as-a-service industry. With accessible how-to videos on YouTube showing aspiring cybercriminals how to set up DiamondFox and a user-friendly interface, it’s easy to see how this malware allows even the least sophisticated attacker to potentially compromise victims.

NotPetya Ransomware Attack Hits Europe Moving On To U.S.

Tue, 06/27/2017 - 19:56

This post will update as the situation develops – check back for more information.

NotPetya ransomware, also known at PetrWrap, is a new virus currently ripping through Europe and is showing signs of moving onto the U.S. So far over 2,000 targets have been hit. These include Russia’s top oil producer, and Ukrainian Banks and Power Grid. Attacks have also been noted on the German Metro system, Denmark, France, Spain, and more. The name itself is derived from the original belief that this was a subset of the Petya malware on closer inspection, Kaspersky Labs has declared that this was incorrect and redubbed the new virus NotPetya.

Bi-Weekly Security Update 6/22/2017

Thu, 06/22/2017 - 22:11

Terror EK Fails to Scare

Tue, 06/20/2017 - 18:14

After the fall of the popular Angler and Neutrino exploit kits, several different exploit kits have been vying for dominance in the resulting power vacuum.

Jaff Ransomware Is Nothing to Laugh About

Thu, 06/15/2017 - 20:42
Jaff ransomware is very similar to other "standard" ransomware in its use of AES encryption to encrypt its victim's files. It’s attributed to the creators of Dridex, Locky and Bart, and has been spreading in high volume through the Necurs botnet.

Steam Stealers Game the System

Wed, 06/14/2017 - 19:54


Bi-Weekly Security Update 6/9/2017

Fri, 06/09/2017 - 17:00

Malicious Content Identified and Inserted:


Want to Learn More?

Request a free, 30-minute online walk-through of the ThreatSTOP Platform.

Request a Free Demo

Already in Prevention Mode?

Sign-up for a free, 14-day trial of the ThreatSTOP Platform.

Start a Free Trial

Prefer a Free Assessment?

Use any of our free assessment tools to better
understand your need for proactive defense.

Get a Real-time Assessment