Analysing a Ransomware: Cryptolocker

Jérome Robert from Lexsi gave a lecture on cyber-extortion during the 2015 FIC convention.  What is today’s situation concerning ransomware? (This article is drawn from our cybercrime insight: “Analysing a Ransomware – Cryptolocker”) What’s up, doc ? Only 2 months after […]

Certificate theft

This article is drawn from our cybercrime insight: “Cybercrime Overview of Certificate Theft” Digital certificates play a major role in data exchanges. They are offering security services which enable the relying parties to trust each other. However, this trust provided […]

Kronos: decrypting the configuration file and injects

In the previous post, we have presented the rootkit used by Kronos. Let’s carry on investigating this banking malware by decrypting its configuration file and injects.   Replaying C&C network traffic Executing Kronos in a sandbox shows it uses a command-and-control (C&C) server […]

Microsoft Bulletin Advance Notification for December, 2014

Microsoft has released [1] an advance notification for the December patchday. This month, 7 security bulletins are being published: 3 rated as critical allowing three remote code executions in Windows, Internet Explorer and Office 4 rated as important allowing two […]

SpamHaus’ website leveraged as phishing bait

Phishing Initiative is a joint project led by Lexsi, Microsoft and Paypal which allows users and organisations to report phishing attempts. Every single case is analysed and leads, when appropriate, to a ban in Chrome, Internet Explorer, Firefox and Safari. […]