CryptoPHP a week later: more than 23.000 sites affected

On November 20th we published our report on CryptoPHP. Since publishing we have, together with other parties, been busy dealing with the affected servers and taking down the CryptoPHP infrastructure. Sinkhole statistics With the help of the NCSC, Abuse.ch, Shadowserver and Spamhaus we have been able to gather data about the scale of the operation … Continue reading CryptoPHP a week later: more than 23.000 sites affected

CryptoPHP: Analysis of a hidden threat inside popular content management systems

Update: We've published statistics on CryptoPHP and some advice: CryptoPHP a week later: more than 23.000 sites affected CryptoPHP is a threat that uses backdoored Joomla, WordPress and Drupal themes and plug-ins to compromise webservers on a large scale. By publishing pirated themes and plug-ins free for anyone to use instead of having to pay … Continue reading CryptoPHP: Analysis of a hidden threat inside popular content management systems

Cryptolocker variant Torrentlocker making new victims in NL

This posting is an update to Torrentlocker blog postings of October 15 and October 21. Introduction Since past weekend, the Netherlands were hit with another spam run spreading the Cryptolocker variant known as Torrentlocker. Torrentlocker presents itself to victims as Cryptolocker in all cases, however this is a completely different malware. Fox-IT received multiple reports … Continue reading Cryptolocker variant Torrentlocker making new victims in NL