PhishMe Blog

STAY CURRENT ON INDUSTRY TRENDS & PHISHME NEWS

Upatre Malware Anti-Sandboxing Mechanism Uncovered

BY PhishMe IN Malware Analysis

Researchers have been studying the Upatre malware anti-sandboxing mechanism over the course of the past few days, after capturing a number of samples of the malware. The Upatre malware anti-sandboxing mechanism involves a delay in activity. A 12-minute delay to be precise. That is how long it takes before the malware downloads its malicious payload. The delay is an anti-sandboxing tactic to ensure that the malware is not being executed in a sandbox environment where its actions can be analyzed and studied by security researchers. An early example of this technique can be found in any of the binaries delivered…

READ MORE

0 comments

Using Yara to Break CryptoWall Phishing

BY Ronnie Tokazowski IN Phishing

Over two months ago, we wrote about phishing emails that contained zip files containing html downloaders to versions of CryptoWall. Fast forward to now, and we’re still seeing the same phishing story, but different attachments. Here’s a screenshot:

READ MORE

0 comments

A Peek Inside an Affiliate’s Malspam Operation: Kovter and Miuref/Boaxxe Infections

BY Paul Burbage IN Phishing

In March of this year, reports of malspam campaigns utilizing an email attached “.doc.js” files, which tied back to the Kovter and Boaxxe clickfraud trojans. The analysis of these malware families have already been well documented here and here. Therefore, this post will concentrate on the botnet behind the malspam delivery and subsequent download for these recent malspam campaigns. It is believed that the miscreants behind the development of these trojans use an affiliate model to have their malicious wares infect victims via botnet or exploit kit operators.

READ MORE

0 comments

Yara CTF – The Answers

BY Ronnie Tokazowski IN Internet Security Awareness

Hello everyone, and thank you for coming to check out the Yara CTF answers! We had a TON of folks who were interested in the challenge, many submitted answers, and many folks enjoyed the challenges. Some of the best feedback we received was “This was the shortest plane ride over to Vegas. Thanks, PhishMe!”

READ MORE

0 comments

Yara CTF, Blackhat 2015

BY Ronnie Tokazowski IN Phishing

Welcome and good luck on the CTF! Password: “Go forth and hack!!##one1”, no quotes. PM_Yara_CTF_2015 One of the challenges is to write an exploit, so please exercise responsible disclosure on this one! We will be working with the developers to get the code patched ASAP! Please note: Challenge #4 contains a typo, it needs a Yara rule, not a key. Sorry for the error. Deadline for submissions: We will close the contest at 8 AM (PDT) on Thursday, August 6.

READ MORE

0 comments

The Danger of Sensationalizing Phishing Statistics

BY Rohyt Belani IN Phishing

People are often curious about what percentage of users will fall for a phishing attack, and it’s tempting to try to create this kind of statistic. At PhishMe, we’ve found that trying to assign a blanket statistic is counterproductive – however this hasn’t stopped others in the industry from trying to do so. The most recent company to try is Intel Security (formerly McAfee), which declared that 97% of people globally were unable to correctly identify phishing emails. While this statistic certainly makes for a nice headline, it is broad-based and flawed in a number of ways.

READ MORE

0 comments