A modern Sample Exchange System
We open sourced a system to exchange malware samples between partners in the AV industry. In the following post, we explain our motivation, technical details and usage of the system.
A modern Sample Exchange System
We open sourced a system to exchange malware samples between partners in the AV industry. In the following post, we explain our motivation, technical details and usage of the system.
Happy Birthday Virus Bulletin Conference, you’re 30 years old!
The annual Virus Bulletin International Conference has been running since 1991 and is one of the annual highlights in the calendar of events for IT security experts. Eddy Willems attended the Virus Bulletin Conference for the first time 25 years ago and fondly remembers the beginnings.
Interview with Arnas Staude (Part 1): BEAST makes it easy to recognise connections
G DATA is using BEAST technology to break new ground in behavioural analysis. The technology uses a graph database to trace suspicious processes. BEAST can also recognise complex cyber attacks in this way. Even malware that distributes each individual activity over separate processes can be…
DLL Fixer leads to Cyrat Ransomware
A new ransomware uses an unusual symmetric encryption method named "Fernet". It is Python based and appends .CYRAT to encrypted files.
Reverse Engineering and observing an IoT botnet
IoT devices are everywhere around us and some of them are not up to date with todays security standard. A single light bulb exposed to the internet can offer an attacker a variety of possibilities to attack companies or households. The possibilities are endless.
Code-Signing: How Malware Gets a Free Pass
In an ideal world, something that is signed cannot not be altered. A signature implies that the signed item is trustworthy and unaltered. When it comes to signed files, things look a bit different: A signature does not always mean that everything is in order.
ServHelper: Hidden Miners
It is always a good idea to have multiple options when it comes to making a profit. This is especially true for criminals. Having a backdoor is nice, but having the backdoored system directly make money is even better.
Try2Cry: Ransomware tries to worm
Try2Cry ransomware adopts USB flash drive spreading using LNK files. The last ransomware that did the same was the infamous Spora. The code of Try2Cry looks oddly familiar, though.
G DATA threat report: Number of cyber attacks increases significantly in the first quarter
The current threat analysis by G DATA CyberDefense shows that the number of attacks prevented in March 2020 has increased significantly. The cyber defence company averted almost a third more attacks than in February.
Ransomware on the Rise: Buran’s transformation into Zeppelin
Ransomware is still evolving. Evidence for this can be seen every day. Our analysts have taken a look at Buran and Zeppelin, a particularly devastating exhibit of this evolution.