Last year we reported on the Athena HTTP botnet, which targets Windows XP systems, mostly for distributed denial-of-service attacks. Now we have examined the botnet Plasma HTTP, whose infections seem to be widespread and target all Windows systems. Attacker use this HTTP-based botnet primarily as a CPU and GPU cryptocurrency miner. Once a machine is […]

A new banking Trojan in the news, known as Neverquest, is active and being used to attack a number of popular banking websites. This Trojan can identify target sites by searching for specific keywords on web pages that victims are browsing. After infecting a system, the malware gives an attacker control of the infected machine […]

Lately, we have seen a lot of active samples of the Athena HTTP botnet. The builder tool for Athena has already been leaked to Internet forums; we got a hold of a few active samples that have caused some pretty serious infections. The statistics found for the following web panel shows that an HTTP botnet […]

Last month, I posted a blog about an increase in the use of AutoIt scripts by malware authors to carry out malicious activities. Attackers have used AutoIt scripts for a long time, and they are gaining in popularity due to their flexible and powerful nature. We have now come across another piece of malware (which […]

Lately, we have seen a good number of samples generating some interesting network traffic through our automated framework. The HTTP network pattern generated contains a few interesting parameters, names like “&av” (for antivirus?) and “&vm=”(VMware?), The response received looked to be encrypted, which drew my attention. Also, all the network traffic contained the same host […]