Malware

Posts tagged “Malware”

China’s Great Cannon

This post describes our analysis of China’s “Great Cannon,” our term for an attack tool that we identify as separate from, but co-located with, the Great Firewall of China. The first known usage of the Great Cannon is in the recent large-scale novel DDoS attack on both GitHub and servers used by GreatFire.org.

Morgan Marquis-Boire on Babar and Casper malware

Citizen Lab Senior Security Researcher Morgan Marquis-Boire contributed to research related to Babar, a piece of malware believed to have been produced by the French government. The software is capable of eavesdropping on online conversations, such as those held on Skype, MSN, and Yahoo Messenger.

Tibetan Uprising Day Malware Attacks

Hundreds of members of the Tibetan community are being targeted by email-based malware attacks that leverage the March 10 Tibetan Uprising anniversary as a theme. This report analyzes two March 10 related attacks. One using a new malware family we call MsAttacker , and another using the ShadowNet malware family and command and control infrastructure related to previous campaigns that targeted the Tibetan community.

Forbes on Citizen Lab’s Syria research

An article by Forbes magazine discusses FireEye’s recent report on Syria, authored by Daniel Regalado, Citizen Lab Technical Advisory Board member Nart Villeneuve, and Citizen Lab Research Fellow John Scott Railton.

Behind the Syrian Conflict’s Digital Frontlines

Citizen Lab Research Fellow John Scott-Railton is one of the authors of a report entitled “Behind the Syrian Conflict’s Digital Frontlines,” released today by FireEye, that documents a hacking operation that successfully breached the Syrian opposition.

Malware Attack Targeting Syrian ISIS Critics

This report describes a malware attack on a Syrian citizen media group critical of Islamic State of Iraq and Syria (ISIS). Though we are unable to conclusively attribute the attack to ISIS or its supporters, a link to ISIS is plausible. The malware used in the attack differs substantially from campaigns linked to the Syrian regime, and the attack is against a group that is an active target of ISIS forces. In the interest of highlighting a developing threat, this post analyzes the attack and provides a list of Indicators of Compromise.

Canadian Cyberbullying Legislation Threatens to Further Legitimize Malware Sales

By getting into the malware business the federal and potentially provincial governments of Canada would be confronted with an ongoing reality: is the role of government to maximally protect its citizens, including from criminals leveraging vulnerabilities to spy on Canadians, or is it to partially protect citizens so long as such protections do not weaken the state’s ability to secure itself from persons suspected of violating any Act of Parliament?

Maliciously Repackaged Psiphon Found

In the past 24 hours The Citizen Lab has identified a maliciously repackaged copy of the popular circumvention software Psiphon 3. This post describes the malware and outlines steps to be taken.