Mylobot Malware

45f6ca06-eec3-4ffc-9a71-7659da5cd9f7

 

The new malware, dubbed Mylobot, pulls together a variety of techniques to gain a foothold and remain undiscovered. Among the strategies employed are:

  • Anti-VM techniques
  • Anti-sandbox techniques
  • Anti-debugging techniques
  • Wrapping internal parts with an encrypted resource file
  • Code injection
  • Process hollowing (a technique where an attacker creates a new process in a suspended state and replaces its image with the one that is to be hidden)
  • Reflective EXE (executing EXE files directly from memory, without having them on disk)
  • A 14-day delay before accessing its C&C servers.

It can be purposed to download and install any type of payload, from spambot or DDoS engine to keylogger or banking Trojan. Mylobot leverages several techniques to make sure no other botnet is active on a machine it infects.

Source: Dark Reading

How do you protect yourself?

Proper security measures must be in place to defend against Mylobot Malware and similar threats. Having proper up-to-date endpoint and firewall security provides a cross-generational blend of threat defense techniques to protect systems from cryptocurrency-mining malware.

 

CVE-2018-12592

Threat Meter

 

Polycom RealPresence Web Suite before 2.2.0 does not block a user’s video for a few seconds upon joining a meeting (when the user has explicitly chosen to turn off the video using a specific option). During those seconds, a meeting invitee may unknowingly be on camera with other participants able to view.

Source: CVE

How do you protect yourself?

Polycom says to update RealPresence Web Suite’s software to version 2.2.0 or later in order to fix this vulnerability.

 

 SamSam Ransomware

Threat Meter

 

New versions of the SamSam ransomware will not execute unless the person running the malware’s payload enters a special password via the command-line.

This is a new protection mechanism added by the SamSam crew in a recent SamSam version analyzed and detailed by Malwarebytes, Sophos, and Crowdstrike researchers.

The password has been added to prevent security researchers from executing the ransomware binary, in case they stumble upon a working version, and limit what kind of information they can gather about the SamSam’s latest version.

Researchers say this is a new addition to the SamSam ransomware, a strain that has slowly evolved in the past year.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against SamSam ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.