Reports regarding a new malware threat dubbed “CryptoFortress” started to appear since the 2015-03-02. Some users complained online that their files had been encrypted, all the encrypted file names featuring a suspicious “.frtrss” extension [1]. The malware analyst Kafeine also […]

Analysing a Ransomware: Cryptolocker

Jérome Robert from Lexsi gave a lecture on cyber-extortion during the 2015 FIC convention.  What is today’s situation concerning ransomware? (This article is drawn from our cybercrime insight: “Analysing a Ransomware – Cryptolocker”) What’s up, doc ? Only 2 months after […]

Certificate theft

This article is drawn from our cybercrime insight: “Cybercrime Overview of Certificate Theft” Digital certificates play a major role in data exchanges. They are offering security services which enable the relying parties to trust each other. However, this trust provided […]

Kronos: decrypting the configuration file and injects

In the previous post, we have presented the rootkit used by Kronos. Let’s carry on investigating this banking malware by decrypting its configuration file and injects.   Replaying C&C network traffic Executing Kronos in a sandbox shows it uses a command-and-control (C&C) server […]

Microsoft Bulletin Advance Notification for December, 2014

Microsoft has released [1] an advance notification for the December patchday. This month, 7 security bulletins are being published: 3 rated as critical allowing three remote code executions in Windows, Internet Explorer and Office 4 rated as important allowing two […]