Threat Insight

Cybersecurity research and commentary on malware, user actions, and other threats to information security
October 06, 2016

Looking for Trouble: Windows Troubleshooting Platform Leveraged to Deliver Malware

Matthew Mesa, Axel F, Proofpoint Staff

Proofpoint researchers discover a new technique for delivering malware via document attachments that leverages the Windows Troubleshooting Platform.

October 05, 2016

Hades Locker Ransomware Mimics Locky

Proofpoint Staff

Proofpoint researchers identify a new ransomware variant known as Hades Locker sent via the same spam botnet as recent CryptFile2 and MarsJoke campaigns.

September 23, 2016

MarsJoke Ransomware Mimics CTB-Locker

Proofpoint Staff

Proofpoint researchers uncover a new ransomware variant called MarsJoke in a large campaign targeting government and educational institutions.

September 20, 2016

Ursnif Banking Trojan Campaign Ups the Ante with New Sandbox Evasion Techniques

Proofpoint Staff

Proofpoint researchers track new tools and techniques for evading sandboxes and improving targeting while an actor distributes personalized lures and the Ursnif banking Trojan to Australian targets.

September 13, 2016

Microsoft Patches CVE-2016-3351 Zero-Day, Exploited By AdGholas and GooNky Malvertising Groups

A newly patched zero-day vulnerability discovered by Proofpoint researchers demonstrates how threat actors are increasingly filtering out researchers and sandboxes in their attacks.

September 12, 2016

Anatomy of a Phish - NABbing Users One Email at a Time

Proofpoint Staff

Proofpoint researchers track a phishing campaign that demonstrates far more sophistication than the vanilla financial and credential phishing attempts with which most users are familiar.

August 30, 2016

Fraudulent Social Media Accounts Continue to Phish for Banking Credentials

Proofpoint Staff

In early 2016, Proofpoint researchers identified a new form of social media-based phishing attack, called angler phishing.

August 25, 2016

Nightmare on Tor Street: Ursnif variant Dreambot adds Tor functionality

Proofpoint Staff

Proofpoint researchers track recent significant updates including Tor network and P2P communications in one of the most active Ursnif variants exploring campaigns across multiple geographies.

August 18, 2016

Dridex Returns To Action For Smaller, More Targeted Attacks

Proofpoint Staff

Proofpoint researchers have been tracking numerous small Dridex campaigns over the past few months, as well as a mid-sized campaign this week that point not to the displacement of Dridex by Locky but rather far more targeted distribution of the infamous banking Trojan, as well as potential impact in new geographies.

August 12, 2016

Bad News Bears - Panda Banker Starts Looking More Like a Grizzly

Proofpoint Staff

Proofpoint researchers track a large 2-day campaign employing the Zeus Panda banking Trojan to target banks in Europe and Australia, international online payment systems, and, interestingly, UK online casinos.