April 20, 2016, 12:00 am
in Anti-Malware Research , by Liviu Arsene

The Petya ransomware that has been encrypting the NTFS Master File Table has recently been analyzed by the Bitdefender research team and found to sport similarities with other ransomware families, such as Chimera and Rokku. Continue reading

March 28, 2016, 1:56 pm
in Free Tools , by Razvan Stoica

Bitdefender anti-malware researchers have released a new vaccine tool which can protect against known and possible future versions of the CTB-Locker, Locky and TeslaCrypt crypto ransomware families by exploiting flaws in their spreading methods. Continue reading

March 25, 2016, 10:03 am
in Anti-Malware Research , by Alexandra GHEORGHE

Bitdefender researchers examined the security stance of four Internet-connected consumer devices. The team scrutinized the way each device connects to the Internet and to the cloud, as well as the communication between the device and corresponding mobile application.

Results show that current authentication mechanisms of internet-connected devices can still be bypassed to expose households and their inhabitants to discomfort, mass surveillance, privacy exposure and data theft.


Read the full paper here.

The report is based on the technical information provided courtesy of Bitdefender researchers Dragos Gavrilut, Radu Basaraba and George Cabau.

Comments Off on IoT Hacking Report Confirms Privacy is Dead
March 10, 2016, 6:15 pm
in Anti-Malware Research , by Razvan Stoica

The Angler exploit kit took over from Blackhole as the tool of choice for the discerning malware writer, achieving a position of prominence among web exploit kits, not last due to the extreme variety of exploits used. While Angler doesn’t actually do zero-day exploitation, the team developing it tries to stay ahead of the defenses by developing working exploit code before possible targets actually get patched.

In this new Labs research paper, Bitdefender researcher Mihai Neagu takes an in-depth look at the Angler exploit kit code, detailing exploitation techniques and possible mitigation strategies for Silverlight:
Analysis of Angler Silverlight Exploit

Comments Off on How Angler Exploited Silverlight
March 8, 2016, 5:05 pm
in Anti-Malware Research , by Bogdan Botezatu

According to Bitdefender researchers, the trojaned Transmission torent client update dubbed KeRanger racks up a number of firsts, being the world’s first piece of fully functional Mac OS X ransomware, first Mac OS X malware distributed via a signed software update from a legitimate developer, and the first cross-platform ransomware ever.

Continue reading

1 Comment
March 3, 2016, 3:00 pm
in Uncategorized , by Bogdan Botezatu

[UPDATE] The main protection mechanism provided by the Cryptowall Vaccine relied on exploiting a programming flaw in the Cryptowall Trojan itself. The Cryptowall operators have modified the way they check whether a system has been infected or not, which renders the Cryptowall Vaccine ineffective in some cases.

Because we cannot guarantee the proper functioning of the vaccine anymore, we decided to discontinue providing the tool. Stay tuned for further updates.

Meanwhile, please consider implementing the measures delineated here.

Comments Off on Cryptowall vaccine discontinued
February 24, 2016, 4:24 pm
in Uncategorized , by Liviu Arsene

Windows ransomware has inflicted financial losses for the past couple of years, especially since almost half of victims end up paying to recover their files.

However, cybercriminals have apparently been eyeballing other platforms as well, as our Android report for the last half of 2015 has revealed the threat not only targets specific countries, but it’s also increasing in complexity.

With 45.53 percent of all globally reported Android ransomware pointing to the US and 78.36 percent of all globally SMS-sending malware targeting the US users, cybercriminals seem to be exploiting Android’s market share.

Amongst our key findings, in Germany, UK and Australia, ransomware ranks as the most popular malware family. Other threats include fake apps that either install malware or aggressive adware, amounting to 19.55 percent of globally reported threats.

For more details on Android malware developments during the second half of 2015, check out the full report here.

Comments Off on Ransomware and SMS-Sending Trojans: Top Threats in Bitdefender Android H2 2015 Report
February 5, 2016, 2:08 pm
in Uncategorized , by Razvan Stoica

The Bitdefender CTF Team  – PwnThyBytes – came in fifth in the SECCON international capture the flag competition finals that took place in Tokyo, Japan, improving on the 6th position obtained in the online qualifiers round that pitched 1251 teams from 65 countries against each other. Continue reading

Comments Off on Big in Japan
January 5, 2016, 5:16 pm
in Anti-Malware Research , by Bogdan Botezatu

A new variant of the Linux Encoder ransomware is now targeting vulnerable servers worldwide. As of the moment of writing, more than 600 servers have been infected. The good news is that we still can decrypt the files held at ransom for free.

Continue reading

December 17, 2015, 10:35 am
in Uncategorized , by Liviu Arsene

Bitdefender researchers have uncovered a massive global intelligence-gathering operation and performed an in-depth analysis of the cyber-espionage malware used to harvest intelligence from top political figures, government institutions, telecommunication, e-crime services and aerospace companies

Read the fully detailed APT28 whitepaper (click to read the whitepaper) detailing everything from targeted victims and attack flow to its probing process, as well as a detailed analysis of all its components, used tools and capabilities.

“While advanced persistent threat first became a popular term after the discovery of Stuxnet in an Iranian nuclear processing facility more than five years ago, some other threat actors such as the operators of APT28 have managed to covertly gather intelligence for almost a decade,” said Viorel Canja, Head of Antimalware and Antispam Labs at Bitdefender. “Our investigation focused on the APT28 infrastructure and operation particularities, which allowed us to link the threat with its operators and offer a glimpse of how one APT works and who it targets.”

Comments Off on APT28 Under the Scope – A Journey into Exfiltrating Intelligence and Government Information