botnet

July 22, 2020

SECURITY

Prometei botnet and its quest for Monero

1 min read

Attackers are constantly reinventing ways of monetizing their tools. Cisco Talos recently discovered a complex campaign employing a multi-modular botnet with multiple ways to spread and a payload focused on providing financial benefits for the attacker by mining the Monero online currency. The actor employs various methods to spread across the network, like SMB with […]

March 13, 2019

THREAT RESEARCH

GlitchPOS: New PoS malware for sale

1 min read

Warren Mercer and Paul Rascagneres authored this post with contributions from Ben Baker. Executive summary Point-of-sale malware is popular among attackers, as it usually leads to them obtaining credit card...

July 3, 2018

THREAT RESEARCH

Smoking Guns – Smoke Loader learned new tricks

1 min read

Cisco Talos has been tracking a new version of Smoke Loader — a malicious application that can be used to load other malware — for the past several months following...

March 6, 2018

THREAT RESEARCH

Gozi ISFB Remains Active in 2018, Leverages “Dark Cloud” Botnet For Distribution

1 min read

Gozi ISFB is a well-known and widely distributed banking trojan, and has been in the threat landscape for the past several years. Banking trojans are a widely distributed type of...

January 18, 2018

THREAT RESEARCH

The Many Tentacles of the Necurs Botnet

1 min read

This post was written by Jaeson Schultz. Introduction Over the past five years the Necurs botnet has established itself as the largest purveyor of spam worldwide. Necurs is responsible for emailing massive amounts of banking malware, ransomware, dating spam, pump-n-dump stock scams, work from home schemes, and even cryptocurrency wallet credential phishing. Necurs sends so much […]

May 23, 2017

THREAT RESEARCH

Modified Zyklon and plugins from India

1 min read

Streams of malicious emails Talos inspects every day usually consist of active spamming campaigns for various ransomware families, phishing campaigns and the common malware family suspects such as banking Trojans and bots.. It is however often more interesting to analyze campaigns smaller in volume as they might contain more interesting malware. A few weeks ago […]

September 29, 2016

THREAT RESEARCH

Want Tofsee My Pictures? A Botnet Gets Aggressive

1 min read

This post was authored by Edmund Brumaghin Summary Tofsee is multi-purpose malware that has been in existence for several years, operating since at least 2013. It features a number of modules that are used to carry out various activities such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Once infected, systems become […]

December 15, 2014

THREAT RESEARCH

Ancient Mac Site Harbors Botnet that Exploits IE Vulnerability

6 min read

This post was authored by Alex Chiu and Shaun Hurley. Last month, Microsoft released a security bulletin to patch CVE-2014-6332, a vulnerability within Windows Object Linking and Embedding (OLE) that could result in remote code execution if a user views a maliciously crafted web page with Microsoft Internet Explorer. Since then, there have been several […]

July 28, 2014

SECURITY

Far East Targeted by Drive by Download Attack

4 min read

This blog was co-authored by Kevin Brooks, Alex Chiu, Joel Esler, Martin Lee, Emmanuel Tacheau, Andrew Tsonchev, and Craig Williams.   On the 21st of July, 2014, Cisco TRAC became aware that the website dwnews.com was serving malicious Adobe Flash content. This site is a Chinese language news website covering events in East Asia from a […]