Check Point Threat Emulation Finds “Joke-of-the-day” Chain Letter is No Joke

 
Summary Check Point’s Threat Emulation Cloud Service recently detected an Excel document that runs a macro in order to change the computer’s background “as a joke”. Like other email chain letters, the message propagates when end users receive the document via email, open it, and then forward it to colleagues and friends at other organizations. An analysis shows that while this document does not carry a malicious payload, it highlights how even today end users remain unwary of simple attacks, creating a ready distribution mechanism for a malware among many organizations. Details Detection of Suspicious Document in an Email Message On October 28, a user working at a large ...

Android Rooting Tools Recently Released: “VROOT” and “Motochopper”

 
Two new rooting tools against a wide spectrum of Android devices, ranging from version 4.0 till 4.4, were recently found. These tools allow an adversary to bypass the Android permission model and gain full control of the smartphone/ tablet - essentially enabling an attacker to execute attacker-controlled code under system (administrator) privileges, access files and sensitive information on the device. Furthermore, these tools allow an attacker to inject a persistent backdoor on the device for complete remote control of the device. Both rooting tools are available as a free download in various mobile forums. The tools require minimal ...

Defeating Cryptolocker with ThreatCloud and Gateway Threat Prevention

 
Summary Check Point’s Malware Research Group has been investigating the ‘Cryptolocker’ malware that has recently been reported to be on the rise. As part of the analysis, the researchers created a ‘sinkhole’ – a system pretending to be a Cryptolocker command and control (C&C) server – in order to study and gauge infections in the wild. An analysis of live communication from infected clients confirms that the number of victims is rising, with the majority of victims affected being in the US and UK. This research yielded smart Anti-Bot and Antivirus signatures that were then relayed to Check Point ThreatCloud. These signatures block all C&C communications, ...

Threat Emulation Exposes Widespread Malware Campaign

 
Summary On October 24, 2013, the Check Point ThreatCloud Emulation Service received six PDF document files from a European Union official agency running a Check Point threat prevention gateway. Automated analysis in the Threat Emulation sandbox determined that these documents exploited an Adobe Reader vulnerability, and additional research revealed that these files were delivered via a dynamic URL scheme and were, at the time, detected by only 8% of antivirus solutions. The result was a potentially powerful targeted attack tool that would have evaded many other vendors’ defenses. After we added detections to ThreatCloud, where they became available to Check Point threat prevention ...