Lately, we have seen a number of communications through our automated framework from the Neutrino botnet. While analyzing this botnet, we found that it has a number of anti-debugging, anti-virtual machine, and sandbox-detection techniques that we have seen before. The botnet looks to be at an early stage, based on factors such as no obfuscation/packer […]

Last year we reported on the Athena HTTP botnet, which targets Windows XP systems, mostly for distributed denial-of-service attacks. Now we have examined the botnet Plasma HTTP, whose infections seem to be widespread and target all Windows systems. Attacker use this HTTP-based botnet primarily as a CPU and GPU cryptocurrency miner. Once a machine is […]

A new banking Trojan in the news, known as Neverquest, is active and being used to attack a number of popular banking websites. This Trojan can identify target sites by searching for specific keywords on web pages that victims are browsing. After infecting a system, the malware gives an attacker control of the infected machine […]

Lately, we have seen a lot of active samples of the Athena HTTP botnet. The builder tool for Athena has already been leaked to Internet forums; we got a hold of a few active samples that have caused some pretty serious infections. The statistics found for the following web panel shows that an HTTP botnet […]

Last month, I posted a blog about an increase in the use of AutoIt scripts by malware authors to carry out malicious activities. Attackers have used AutoIt scripts for a long time, and they are gaining in popularity due to their flexible and powerful nature. We have now come across another piece of malware (which […]