The Unbearable Lightness of Operating Web-Based Attacks: How easy it is to steal money from IE 8.0-11.0 users

 
Looking back at the past year, there is no doubt that the malware-as-a-service industry, which sells and trades malware samples, attack tools, and a variety of services, is thriving. It means that cyber criminals with low technical skills can easily purchase attack tools from more advanced hackers, vastly increasing the number of potential attackers, attacks, and victims. Cerber, a ransomware-as-a-service operation, was one of the most dominant and profitable ransomware variants of 2016. Last December, a new DDoS (Distributed Denial of Service) collaborative effort dubbed Sledgehammer made headlines due to its unique operation mode. Participants were asked to attack targeted political ...

Microsoft Word Intruder RTF Sample Analysis

 
  Background Check Point researchers obtained a sample of a malicious Word document that was used in an attack attempt against one of our customers. The sample itself is a Rich Text Format (RTF) file with a .DOC extension. Recently, there has been a resurgence of the trend to use malicious macro code inside office documents. However, this wasn’t the case here.   Launching the sample resulted in two GET requests with a small time difference between them: http:////img.php?id= - Response is a 1x1 white JPG http:////img.php?id=&act=1 - Response is a malicious payload   There were other HTTP requests as well, but they were generated by the ...

CapTipper – Malicious HTTP Traffic Explorer

 
The Problem   In recent years, the Internet has experienced a large number of “drive-by” attacks, mostly by exploit kits. Exploit kits are a type of malicious toolkit which exploit security holes, such as insecure or outdated software applications, for the purpose of spreading malware. When a victim visits a website whose server has been compromised, he or she is redirected through various intermediary servers until they land at the server hosting the exploit kit. From there, the exploit kit can gather information from the victim’s system to determine which exploit to use, and then download and execute the malware on the victim’s computer.   The complication for the ...