CryptoLocker ransomware intelligence report

In the beginning of September 2013, the CryptoLocker malware variant appeared in the wild, spread exclusively by the infamous P2P ZeuS (aka Gameover ZeuS) malware. CryptoLocker had a simple purpose: to act as ransomware, encrypting important files such as images and documents, and then asking the victim for money to unlock the files. Image source: … Continue reading CryptoLocker ransomware intelligence report

Malicious advertisements served via Yahoo

Detection of the infection Fox-IT operates the shared Security Operations Center service ProtACT. This service monitors the networks of our clients for malicious activity. On January 3 we detected and investigated the infection of clients after they visited yahoo.com. Infection Clients visiting yahoo.com received advertisements served by ads.yahoo.com. Some of the advertisements are malicious. Those … Continue reading Malicious advertisements served via Yahoo

Analysis of malicious advertisements on telegraaf.nl

Starting on Wed, 31 July 2013, 18:54:50 Fox-IT's monitoring system detected a redirect occurring on telegraaf.nl. It was another case of advertisement provider abuse. One of the advertisement providers loaded ads from an outside resource which returned an exploit kit named "FlimKit" exploit kit. After first being removed from telegraaf.nl a second exploit kit redirect … Continue reading Analysis of malicious advertisements on telegraaf.nl