Bomp-bomp-bomp-bomp. It’s not even close to “Shark Week,” but Megalodon is making news in the form of a new DDOS HTTP botnet.
While researching a newer sample of Destover, we came across two files that were identified by one antivirus product at the time under a generic signature. After analyzing further, we found two utilities closely related to Destover.
We received a fascinating request the other day from a company called darknetshop located in Thailand. The proprietor, Waipot Sompa, expressed an interest in acquiring a copy of Pony Loader as well as install support.
Data breaches, or hacks, have impacted nearly every business and consumer. When a criminal steals private, or personally identifiable information, which may include a username, password and other sensitive data.
Crypter is a software used by cybercriminals to encrypt their malware to evade detection. It can add features to the malware like sandbox, virtual machine checks, autorun creation and more, depending on the software.
Today Zerodium, a Zero-Day buy and sell market launched by Vupen, (a vulnerability and exploit broker) announced they would offer a $1 million dollar bounty for any iOS 9 exploit or jailbreak.
Just like legitimate web commerce, the dark side of the web has become a place where you can find nearly anything, no matter how much of a niche. Thieves are taking entrepreneurial pursuits to new levels by offering cybercrime-as-a-service. Damballa’s Threat Discovery Center selected a few posts from forums we monitor that are interesting and even disturbing. They show an underground economy that is thriving and diversifying.
The Corebot’s author included the ability to add plugins to the malware in order to incorporate more features. The features are usually a specific function the malware will perform or turned the bot in, such as being a socks proxy or adding the possibility for the malware to spread via USB drives, grab certificates, or even perform DDOS.