Remove 2010 Remove Accountability Remove Antivirus
article thumbnail

Why Malware Crypting Services Deserve More Scrutiny

Krebs on Security

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or “crypt” your malware so that it appears benign to antivirus and security products. In 2010, someone with the username Pepyak on the Russian language affiliate forum GoFuckBiz[.]com

Malware 251
article thumbnail

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

Megatraffer explained that malware purveyors need a certificate because many antivirus products will be far more interested in unsigned software, and because signed files downloaded from the Internet don’t tend to get blocked by security features built into modern web browsers. “Antivirus software trusts signed programs more.

Malware 283
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Spam Kingpin Peter Levashov Gets Time Served

Krebs on Security

Severa ran several affiliate programs that paid cybercriminals to trick people into installing fake antivirus software. In 2011, KrebsOnSecurity dissected “SevAntivir” — Severa’s eponymous fake antivirus affiliate program — showing it was used to deploy new copies of the Kelihos spam botnet.

Antivirus 332
article thumbnail

Who’s Behind the GandCrab Ransomware?

Krebs on Security

But GandCrab far eclipsed the success of competing ransomware affiliate programs largely because its authors worked assiduously to update the malware so that it could evade antivirus and other security defenses. In 2010, the hottabych_k2 address was used to register the domain name dedserver[.]ru Vpn-service[.]us

article thumbnail

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Krebs on Security

Authorities in the United States and United Kingdom today levied financial sanctions against seven men accused of operating “ Trickbot ,” a cybercrime-as-a-service platform based in Russia that has enabled countless ransomware attacks and bank account takeovers since its debut in 2016. companies and government entities. .”

Hacking 208
article thumbnail

How Did Authorities Identify the Alleged Lockbit Boss?

Krebs on Security

According to Constella, this email address was used in 2010 to register an account for a Dmitry Yurievich Khoroshev from Voronezh, Russia at the hosting provider firstvds.ru. NeroWolfe seems to have abandoned all of his forum accounts sometime in 2016. DomainTools reports that stairwell.ru Image: Shutterstock.

article thumbnail

Tracing the Supply Chain Attack on Android

Krebs on Security

An online search for the term “yehuo” reveals an account on the Chinese Software Developer Network which uses that same nickname and references the domain blazefire[.]com. In July 2017, Russian antivirus vendor Dr.Web published research showing that Triada had been installed by default on at least four low-cost Android models.

Mobile 257