Posts Categorized: F-Secure

  • F-Secure, English-Italian Translations

    Petya: Disk Encrypting Ransomware

    Posted on by

    Updated 2016-04-03: Edited to add more details about the encryption scheme. Petya is a new ransomware with an evil twist: instead of encrypting files on disk, it will lock the entire disk, rendering it pretty much useless. Specifically, it will encrypt the filesystem’s master file table (MFT), which means the operating system is not able… Read more »

  • F-Secure, English-Italian Translations

    Whatever Happened to Facebook Likejacking?

    Posted on by

    Back in 2010, Facebook likejacking (a social engineering technique of tricking people into posting a Facebook status update) was a trending problem. So, whatever happened to likejacking scams and spam? Well, Facebook beefed-up its security — and the trend significantly declined, at least when compared to peak 2010 numbers. But you can’t keep a good… Read more »

  • F-Secure, English-Italian Translations

    Android Hack-Tool Steals PC Info

    Posted on by

    Yeh, one of our Security Response Analysts, came across an interesting report on a Chinese forum over the weekend about an Android app that basically turns the device into a hack-tool capable of stealing information from a connected Windows machine. He managed to find a sample (Md5:283d16309a5a35a13f8fa4c5e1ae01b1) for further investigation. When executed, the sample (we… Read more »

  • F-Secure, English-Italian Translations

    ZeuS Ransomware Feature: win_unlock

    Posted on by

    Earlier today, while doing our daily data mining, we came across a new variant of ZeuS 2.x. It includes a new backdoor command called: win_unlock. Very interesting, turns out this slightly modified ZeuS 2.x includes a ransomware feature. When this particular variant is executed, it opens Internet Explorer with a specific page (lex.creativesandboxs.com/locker/lock.php) and prevents… Read more »

  • F-Secure, English-Italian Translations

    Anonymous Anonymous Claims Anonymous is Not Anonymous

    Posted on by

    You’ve probably heard about the stratfor.com hack by now. Anonymous claimed responsibility. Then Anonymous denied being responsible. But then today, “Anonymous” claimed that the earlier anonymously posted pastebin post wasn’t Anonymous, but was really Stratfor employees claiming to be Anonymous. Wait… doesn’t Anonymous claim that “we are all Anonymous”? If that’s true, then maybe it… Read more »

  • F-Secure, English-Italian Translations

    Trojan:BASH/QHost.WB

    Posted on by

    We come across a fake FlashPlayer.pkg installer for Mac: Once installed, the trojan add entries to the hosts file to hijack users visiting various Google sites (e.g., Google.com.tw, Google.com.tl, etc) to the IP address 91.224.160.26, which is located in Netherlands. The server at the IP address displays a fake webpage designed to appear similar to… Read more »

  • F-Secure, English-Italian Translations

    On Android threats Spyware: Android/SndApps.A and Trojan:Android/SmsSpy.D.

    Posted on by

    Android malware seems to be all the rage at the moment. Here’s a few comments on a couple interesting side issues we’ve been discussing as we’ve seen them crop up during analyses. First up: there was a recent report on suspicious applications found the official Android Market. The apps in question have since been taken… Read more »

  • F-Secure, English-Italian Translations

    Another Android malware utilizing a root exploit

    Posted on by

    Another Android malware utilizing the root exploit “Rage Against The Cage” has been found, and we detected it as Trojan:Android/DroidKungFu.A. This new malware was embedded on a trojanized application that may require a root access in order to conceal itself. The infection occurs in two parts: Infection: Part 1 The first part is the installation… Read more »

  • F-Secure, English-Italian Translations

    New DroidDream Variant Found on Android Phones

    Posted on by

    Android has become the main target for mobile malware. Here’s “Hot Girls 1”, which was still yesterday available for download to your Android phone from Android Market: This application was originally harmless. However, a malicious developer called “Magic Photo Studio” downloaded the original application, modified it and re-uploaded it to Android Market. As an end… Read more »

  • F-Secure

    Phishing Sites Hosted on Google’s Servers

    Posted on by

    Google Docs allows users to create documents, spreadsheets, et cetera at google.com (hosted in Google’s cloud): Spreadsheets can even contain functionality, such as forms, and these can be published to the whole world. Unfortunately, that means we regularly see phishing sites via Google Docs spreadsheets and hosted on spreadsheets.google.com. Here are some examples: These are… Read more »