Manage Digital Risk
Address Critical Business Needs
Why Malware Installers Use TMP files and The Temp folder when infecting Windows
Ever wonder why there are too many TMP files detected on an infected system? Even if they have different names, the file are exact copies of one another, why? The first thing a malware installer (first stage of infection) does when executed on a target system – be it a dropper or downloader – is...
Read more
Beyond Your Bank Account: Ten Astounding Finds Uncovered by Financial Malware
Learn what finds RSA has uncovered stolen by malware beyond just your bank account.
Ramnit Malware Makes a Return with New Tricks
Financial malware attacks have increased 80 percent in 2019 as old Trojans make a comeback.
Blank Slate: A Tale of Two Malware Servers
In March 2017, Palo Alto Networks Unit 42 published research on a new malicious spam campaign dubbed “Blank Slate.” Named as such because the malspam message is empty. Only the malicious attachment is present, as seen in Figure 1. Figure 1: Blank Slate malspam e-mail Recently, Blank Slate struck deploying Cerber ransomware once again, affording...
Black Hat Asia NOC: Malware visibility
By Chris Thomas and Mike Sconzo In the Black Hat Asia NOC we worked to ensure the wireless network was available for presenters and attendees. As part of our monitoring, we kept an eye open for any malware present on the network. RSA NetWitness® Suite’s Malware Detection capabilities look for network sessions containing file-types typically...
POS Malware and Other Hacks Plague the Hospitality Industry
The days of making “analog accommodations” at hotels — filling out a reservation slip, taking ownership of a door key and having only a telephone handset to communicate with the outside world— are long over. Today’s hotels are rife with digital trapdoors, metaphorical sinkholes that have the capacity to compromise your personal information and identity....
Threat Detection Techniques - ATM Malware
There once was a time when stealing money from a bank ATM required actual physical manipulation of the terminal itself. Many criminal schemes have been repeated throughout the years, ranging from physical destruction of the terminal (ramming it with a vehicle) to the use of ‘skimmers’ to steal customer credentials. Successful ATM capers were not...
How Ransomware uses TMP files and the Temp folder
In my previous blog, Why Malware Installers Use TMP files and the Temp folder, I discussed the advantages malware can have by using atomic writes instead of simply copying the malware to the intended location. In this blog, I discuss how ransomware uses the same technique for its purpose and how it is different from...
A Different Take on Keystroke Logging
On March 29th a file was uploaded to VirusTotal containing a fake Microsoft Update Authenticode certificate. Soon thereafter, RSA Research investigated the sample based on certain artifacts that matched those present on Shell_Crew malware RSA Research previously reported on. This Windows DLL file was compiled on October 28th, 2014 at 06:35:47 GMT (Table 1). File...
Cat-Phishing Hackers for Fun and Profit
On June 14th, 2017, a new variant of ZXShell appears to have been uploaded from the Marmara region of Turkey. The Trojan itself is well known and contained x32 and x64 rootkits. This blog describes the functionality of ZXShell, as well as the associate rootkits. The Trojan source code is available here. Metadata File Name:...
Blog posts by category
Around RSA
Industry Perspectives
Products & Solutions
Securing the Digital World
The Language of Cybersecurity
Need help? Click on the button below to begin a chat session.
