CYREN Security Blog




NEWSFLASH: The Cyber-Grinch and Cyber-Scrooge Trying to Steal Christmas!

by Ólöf Kristjánsdottir

Filed under Miscellaneous, Web Security.

“The Cyber-Grinch and Cyber-Scrooge hated Christmas!

The whole Christmas season!

Now, please don't ask why. No one quite knows the reason.

It could be their monitors weren't screwed on just right.

It could be, perhaps, that their USB ports were too tight.

But I think that the most likely reason of all,

May have been that their hard drives were two sizes too small.”

Tis the season for laughter, cheer, mulled wine, and carols sung with kindly Old Fezziwig’s ghost smiling down upon your merry band of friends and family. And it is also time for the annual Christmas scam.

Fake BACS Remittance Emails Delivers Dridex Malware

by Maharlito Aquino

Filed under Anti-Malware, Malware Analysis, Security Research & Analysis.

A couple of days ago, we received a spam email sample which was reported to contain a malicious attachment. The email content poses as a remittance advice for a specific BACS payment. BACS also known as Banker’s Automated Clearing Services, is a scheme used for electronic processing of financial transactions within the UK. This suggests that victims of this spam campaign would be concentrated in this country as well.

The attachment, BAC_296422H.xls, is an Excel document found to contain a malicious macro set to run automatically upon opening if macros have been enabled in Microsoft Office. CYREN detects this malicious document as X97M/DownldExe.A. 

Wiper family of malware targeting Sony Pictures entertainment grows

by Rommel Ramos

Filed under Malware Analysis, Security Research & Analysis.


SHA1 - CB39C8639A2F74A3424D040D22A856859AB559A8

Similar to W32/Wiper.A, this is also seemed to be the other one being distributed by the people behind this threat. I may arrive in different filenames based on how it is distributed. Most common filename used are diskpartmg16.exe and dpnsvr16.exe

For this example we will use diskpartmg16.exe

This particular sample uses and accepts only the parameters "-i" and "-k". When any other parameter is used, it will just display a window as shown below, although, it will not likely be seen by normal users.

Wiper.A: Follow-up Analysis of Malware Targeted at Sony Pictures Entertainment

by Rommel Ramos

Filed under Anti-Malware, malware, Malware Analysis, Security Research & Analysis, sony analysis, Sony Pictures Entertainment.

Last week, CYREN issued an early analysis of the Wiper A. Trojan/Backdoor malware, within less than 24-hours of malware identification. After further analysis, we have also found some interesting details that suggest that this malware is really targeted to the Sony Pictures Entertainment Company’s network.

Wiper.A: An Analysis of the Destructive and Dangerous Malware Targeted at Sony Pictures Entertainment

by Rommel Ramos

Filed under Malware Analysis, Security Research & Analysis.

It looks like the highly destructive malware Wiper.A was behind the latest attack on Sony Pictures Entertainment last week. According to a report issued by the FBI, the Wiper.A malware overrides all hard drive data, including the master boot record.