HelloBridge Trojan Uses Heartbleed News to Lure Victims

The Dell SecureWorks Counter Threat Unit™ (CTU) research team analyzed a malware sample on April 9, 2014 that takes advantage of recent news reports focusing on the “Heartbleed” vulnerability. The filename used by the attacker, shown in Figure 1, literally translates to “Heartbleed vulnerability testing tool.exe,” but CTU researchers are referring to it as the HelloBridge backdoor trojan. On April 9, the VirusTotal analysis service showed low detection for this malware, with only 3 of 51 antivirus (AV) vendors detecting it as malicious. As of April 17, 27 of 51 AV vendors detected it as malicious.

Continue reading

Using Unicode to hide malware within the file system

Dell SecureWorks Counter Threat Unit™ (CTU) analysts previously observed the use of Unicode characters within the Windows Registry to obscure the presence of malware on a system. Similar techniques can be used within the file system. CTU analysts examined a system infected with the Win32/Vercuser.B worm, which was obscured, in part, through the use of a Unicode character.

Continue reading

Cutwail Spam Swapping Blackhole for Magnitude Exploit Kit

Shortly after reports that the developer of the Blackhole exploit kit was arrested, one of the groups leveraging the Cutwail spam botnet changed tactics, switching which exploit kit they use to distribute malware. Cutwail has historically distributed the Gameover Zeus trojan through various themed spam campaigns (see Figure 1) in combination with malicious embedded links that led to the Blackhole exploit kit. Dell SecureWorks Counter Threat Unit™ (CTU) researchers have observed a shift by one of the groups using the Cutwail botnet from Blackhole to another exploit kit known in the security community as Magnitude (formerly known as Popads).

Continue reading

How to Hide Malware in Unicode

Unicode character sets are used throughout Windows systems, largely to make it easier to present the same information (warning messages, alerts, notices, etc.) in different languages. Windows applications, including the Windows Explorer shell, understand Unicode character sets, control characters, and know how to present them to the user. This functionality can also be subverted for malicious purposes in order to hide the presence of malware, often in plain sight.

Continue reading

Dell SecureWorks’ Brand Surveillance Team Warns Organizations of Hacktivists and Disgruntled Employees Mounting Multi-Prong Cyber Attacks, not Just DoS Attacks

Hactivists, disgruntled employees, and other cyber threat actors intent on sabotaging an organization, are expanding their tactics beyond Distributed Denial of Service (DDoS) attacks, warns Dell SecureWorks’ Enterprise Brand and Executive Threat Surveillance team. This team is constantly monitoring social media sites, forums, and other public information sources, looking for conversations and other indicators that a customer’s brand or its executives might be the target of a cyber-attack. Using their highly honed investigative skills, the team has worked numerous cases where they have obtained solid intelligence of an attack being planned by the threat actors. Dell SecureWorks has then worked with the organizations to quickly shut down the attack before it could happen or implemented countermeasures to block the attack, effectively protecting the organization’s infrastructure, assets and brand.

Continue reading

Assess & Evaluate your Information Security Strategy: Lessons from Dell SecureWorks CTU

The Dell SecureWorks Counter Threat Unit (CTU) has observed cyber threats becoming more advanced as hackers seek new ways to breach information security or disrupt operations. Distributed Denial of Service (DDoS) attacks and Advanced Persistent Threats (APTs) are a big concern. Organizations must evaluate and develop their IT security controls to protect themselves from these sophisticated and unpredictable cyber-attacks.

Continue reading

WordPress Users Beware

WordPress is an open-source blogging platform and content management system (CMS). Since its inception in 2003, WordPress has become widely used and is very active. It is made up of more than 200,000 lines of code (written mostly in the PHP scripting language) and is used by more than 64 million websites on the Internet. Although WordPress is considered a mature platform, regular updates address serious security vulnerabilities that may be used by an attacker targeting a WordPress site.

Continue reading

Learning from Cyber Security Competitions (NECCDC edition)

The Northeast Collegiate Cyber Defense Competition (NECCDC) is a three-day event designed to give college students the opportunity to handle the challenges of administering and defending a mock corporate network infrastructure. This year, Dell SecureWorks was a sponsor of the event. Winning teams from the NECCDC and other regional qualifying rounds are invited to take part in a national championship.

Continue reading

Online Tools

  • Print this Page
  • Share This Resource

By completing this form you'll be opting in to receiving future communications about products and services from Dell SecureWorks.