Author: Clemens Kolbitsch

Authored by: Clemens Kolbitsch and Arunpreet Singh Another week comes to an end, another wave of evasive malware is attacking users. This week: Shifu. This malware family, termed an Uber Patchwork of Malware Tools in a recent DarkReading post, combines a plethora of evasive tricks to bypass traditional analysis systems,...

Authored by: Clemens Kolbitsch, Joe Giron, and Arunpreet Singh Over recent years, we have seen a rapid evolution of security products. Whenever a new technology is introduced, it tackles shortcomings of its predecessor, but also faces new challenges as attackers adapt to the changing security landscape. Just to give...

New information about the Advanced Persistent Threat (APT) is hitting media headlines every day. In just the last few months alone, we have read horror stories of sophisticated malware like Duqu2 (which uses a kernel mode exploit to load its kernel mode component), targeted attacks...

Recent media coverage drew a lot of attention to a new variant of the Dyre/Dyreza malware family that is evading traditional sandbox-based analysis systems. At the same time, F-Secure highlighted similar tricks found in Tinba malware. Not only are individual families starting to detect and...

Authored by: Kevin Hamacher, Dario Filho, Clemens Kolbitsch One notorious functionality present in many variants of today’s advanced malware is the ability to steal sensitive user information. Taking control of a targeted machine, an adversary has basically unlimited abilities to secretly monitor the actions performed...

A look at Zeus Trojan variant called Citadel evading traditional sandboxes Fighting traditional sandboxes (or dynamic analysis systems in general) typically comes in the form of detecting the analysis environment or evading analysis through means of behavior triggers as mentioned in a previous blog...