Custom Search

Apache Web Server Attacks Continue to Evolve

For the past few months we have seen a gradual increase in server-level compromises. In fact, every week it seems we’re handling half a dozen or so and it continues to increase. It’s one of the reasons that I have started including this as a trend in my most recent Website Security presentations.

Just last …

Android.Anzhu-new backdoor for Android devices

The Russian anti-virus vendor Doctor Web warns Internet users of a new backdoor for Android. Android.Anzhu can implement a variety of directives received from a remote server, covertly install other applications and change browser bookmarks.

Android.Anzhu is distributed from Chinese sites offering free software for Android. The backdoor is built into the legitimate program Screen …

Anatomy of Bamital: A Prevalent Click-fraud Trojan

(Note: This blog was written on September 2. We decided to postpone publishing it due to an ongoing joint effort to shut down servers and block domain names. The variant studied is not the latest but accurately reflects the functionalities of the threat.)

Trojan.Bamital appeared in the summer of 2010. The threat really became prevalent …

‘Indestructible’ rootkit rumours are greatly exaggerated! Stand down from high alert!

LulzSec has sailed away – if not off the edge of the world, at least into a part of space and time from which it can no longer trigger scary headlines.

It seems we needed something to replace LulzSec, and it looks as though we’ve found it. The indestructible rootkit!

The rootkit in question …

TDSS and hacking the hackers

If you've been following the research we've been publishing (spearheaded by my Russian colleagues Aleksandr Matrosov and Eugene Rodionov) you'll be aware that the TDL rootkit family doesn’t make use of OS’s own file system. Instead, it implements its own hidden storage for the payload, configuration files and so on. The hidden storage is located at the …