About Cofense
About Cofense

Cofense Phishing Prevention & Email Security Blog


The New GameOver Zeus Variant (newGOZ) Spams Again

July 22, 2014 by Cofense in Malware Analysis

Almost two weeks ago, PhishMe identified a new Trojan based almost entirely on the notorious GameOver Zeus variant. The new GameOver Zeus variant demonstrated many of the same behaviors and characteristics of the original. The most notable change between these two Trojans was the abandonment of the peer-to-peer botnet used by the older GameOver Zeus. Instead, the new variant used a new fast-flux infrastructure. However, much of the behavior—and malicious capabilities— of the original was retained in this newer form of the malware. Today, a large number of spam emails were received and analyzed by PhishMe in one of the...


Slava Ukraini: Dyre Returns

July 17, 2014 by Cofense in Threat Intelligence

It has been a few weeks since the original discovery of the Dyre malware, and the attackers have sent another wave of phishing. This time, the phishing campaign only went to one senior level individual within our enterprise.


Phishing: Stop Paving the Cow Path

July 14, 2014 by Cofense in Phishing

Paving the cow path—why are we still using the same technologies to combat modern phishing attacks? When the city of Boston was new and unpaved, the city fathers decided against laying out a regular street plan. Instead, they merely paved the paths that had been worn by cattle. The results? A chaotic and inefficient street plan that lacks logic. The admonition not to “pave the cow path” is supposed to remind us not to enshrine an existing way of doing something. However, when combating phishing, the #1 threat vector in security*, we are paving the cow path. Let’s start with some facts about...


The E-ZPass Scam: More Information On This Week’s Attacks

July 11, 2014 by Cofense in Phishing

Earlier this week, reports surfaced about a new E-Z Pass scam. The spam campaign used the E-ZPass branding to fool recipients into visiting a malicious website. E-Z Pass is the electronic toll collection system used by several state departments of transportation. The E-Z Pass scam emails are likely to be sent to a large number of individuals who use the system, after all, the toll system is used in many cities. One of the emails we captured is shown in the image below. As you can see, the E-Z Pass scam emails use appropriate branding, and warn the recipient that...


Breaking: GameOver Zeus Mutates, Launches Attacks

July 10, 2014 by Cofense in Malware Analysis

Today, PhishMe’s analysts identified a new banking Trojan that is based heavily on the GameOver Zeus binary. The GameOver Zeus mutation was distributed as an attachment in three spam email templates, utilizing the simplest method of infection to compromise end users’ systems. The E-mail spam campaign From 9:06 AM to 9:55 AM we intercepted spam messages claiming to have been sent from NatWest Bank. One of the email messages used to distribute the new GameOver Zeus variant is listed below. As you can see, the message uses a common social engineering technique. It alerts the recipient to the risk of...


Attackers using Dropbox to target Taiwanese government

July 1, 2014 by Cofense in Internet Security AwarenessThreat Intelligence

While we have previously mentioned cyber-crime actors using Dropbox for malware delivery, threat actors are now using the popular file-sharing services to target nation-states. According to The Register, attackers targeted a Taiwanese government agency using a RAT known as PlugX (also known as Sogu or Korplug). From an anti-forensics perspective, PlugX is a very interesting piece of malware. One of the main ways it loads is by using a technique similar to load order hijacking.


Dyre Banking Trojan: What You Need to Know

June 18, 2014 by Cofense in Threat Intelligence

Beware of the Dyre banking Trojan! – A new malware threat that steals financial information such as login credentials. News of rhe Dyre banking Trojan has been circulating the web recently, following its discovery. Dyre or Dyreza as it is also known exhibits classic banking Trojan behaviors such as using “man-in-the-middle” attacks to steal private information from victims. It is also being used on customers of certain banks in targeted attacks. PhishMe identified this new malware on June 11, 2014. The Trojan is distributed via spam email messages that used similar email templates to other banking Trojan and malware distribution campaigns. Rather...


Project Dyre: New RAT Slurps Bank Credentials, Bypasses SSL

June 13, 2014 by Cofense in Internet Security AwarenessThreat Intelligence

When analyzing tools, tactics, and procedures for different malware campaigns, we normally don’t see huge changes on the attackers’ part. However, in the Dropbox campaign we have been following, not only have the attackers shifted to a new delivery domain, but they have started to use a new malware strain, previously undocumented by the industry, named “Dyre”. This new strain not only bypasses the SSL mechanism of the browser, but attempts to steal bank credentials.


The Chances of Becoming a Cyber Victim: A Look at Cyber Safety

June 9, 2014 by Cofense in Internet Security Awareness

What are the chances of becoming a cyber victim? In this post, we’ll explore the odds compared to the chances of other unrelated events. Many of us take comfort in knowing that certain bad things are not likely to happen to us, so we don’t worry too much about those things. We think our chances are pretty good. Comforting Odds:  Dying from a shark attack: 300,000,000 : 1 Your opponent’s getting a Royal Flush in poker: 649,739 : 1 Being struck by lightning in California: 7,538,382 : 1 A meteor landing on your house: 182,138,880,000,000 : 1 Dying from a mountain lion...