All your hashes are belong to us: An overview of malware hashing algorithms
VirusTotal's "Basic Properties" tab alone lists eight different hashes and supports even more to use them for queries and hunt signatures. Hashes are important for malware analysis, as well as identification, description and detection. But why do so many of them exist and when should you use which…
Microsoft signed a malicious Netfilter rootkit
What started as a false positive alert for a Microsoft signed file turns out to be a WFP application layer enforcement callout driver that redirects traffic to a Chinese IP. How did this happen?
Picture this: Malware Hides in Steam Profile Images
SteamHide abuses the gaming platform Steam to serve payloads for malware downloaders. Malware operators can also update already infected machines by adding new profile images to Steam. The developers seem to have a few more ambitious goals.
Malware family naming hell is our own fault
EternalPetya has more than 10 different names. Many do not realize that CryptoLocker is long dead. These are not isolated cases but symptoms of a systemic problem: The way we name malware does not work. Why does it happen and how can we solve it?
Perform simple security tests yourself - using Metasploit Framework and nmap
Even with little effort, the security of your own network can be put to the test. We present two tools that make this possible. The best thing about it: the tools are freely available.
11 Biggest cyber security threats in 2021
Cyber security threats persist and continue to emerge during the last years. By now you probably heard about phishing, but did you know about polyglot files yet? This article covers a unique insight to the 11 biggest cyber security threats in 2021.
SectopRAT: New version adds encrypted communication
SectopRAT, also known as 1xxbot or Asatafar, had been an unknown, in-development threat when we discovered it a year ago. Now it infects systems in Germany. What is the new version capable of?
How secure are smart contracts?
Smart contracts are related to cryptocurrencies and offer more efficiency than usual contracts in certain areas. Meanwhile, they are only as secure as the programmer's best knowledge. Due to bad programming practices, some contain exploitable flaws. So what kind of security risks are there? In this…
IceRat evades antivirus by running PHP on Java VM
IceRat keeps low detections rates for weeks by using an unusual language implementation: JPHP. But there are more reasons than the choice of the compiler. This article explores IceRat and explains a way to analyze JPHP malware.
Business as usual: Criminal Activities in Times of a Global Pandemic
The beginning of 2020 has been appalling for most parts of the world being affected by Coronavirus disease 2019 (COVID-19). This brought about a change in the everyday life of every individual in every country striving to sustain their daily tasks while simultaneously preventing further infection.…
Karsten Hahn
Virus Analyst
Tim Berghoff
Security Evangelist
