Kronos: decrypting the configuration file and injects

In the previous post, we have presented the rootkit used by Kronos. Let’s carry on investigating this banking malware by decrypting its configuration file and injects.   Replaying C&C network traffic Executing Kronos in a sandbox shows it uses a command-and-control (C&C) server […]

Microsoft Bulletin Advance Notification for December, 2014

Microsoft has released [1] an advance notification for the December patchday. This month, 7 security bulletins are being published: 3 rated as critical allowing three remote code executions in Windows, Internet Explorer and Office 4 rated as important allowing two […]

SpamHaus’ website leveraged as phishing bait

Phishing Initiative is a joint project led by Lexsi, Microsoft and Paypal which allows users and organisations to report phishing attempts. Every single case is analysed and leads, when appropriate, to a ban in Chrome, Internet Explorer, Firefox and Safari. […]

Microsoft Bulletin Advance Notification for October, 2014

Microsoft has released [1] an advance notification for the October patchday. This month, 9 security bulletins are being published: 3 rated as critical allowing remote code execution in Internet Explorer, Windows and the .NET Framework 1 rated as moderate allowing […]