Author: Sabrina Berkenkopf. Matthias Meyer

The recent case of malware distribution via Google AdSense advertising banners is an arresting example of how quickly a huge number of websites across the world can become embroiled in cyber attacks. A supplier of the advertising network has apparently been compromised. The attackers deployed the Nuclear exploit kit with the aim of infecting millions of users with malware. Since mid-March, Nuclear has been using an exploit for a fairly new security hole in Adobe Flash Player that has evidently not yet been closed on many computers. The innovative G DATA Exploit Protection has been preventing attacks since the outset. ... read more

IoT: The Internet of Things... ehm... Trouble?!

A balancing act between usability and security


Author: Eddy Willems

It is 20 years ago that I first included a slide in my presentation about sending spam via a refrigerator. At the time, most people found that ridiculous. Yet last year, it became a reality. Refrigerators have now become 'smart’ and can do a whole lot more than just keep things cool. ... read more

The Andromeda/Gamarue botnet is on the rise again

Attackers use complex multi-stage macro dropper to deliver malware


Author: Paul Rascagnères

Attacks carried out with documents pepped up with macros seem to become in vogue again. G DATA’s security experts have analyzed several cases within the last weeks, in which active content in documents triggers an infection. The experts want to explain two different approaches for the same current goal: infect the user with malware that enlists the machine as zombie PC in the Andromeda/Gamarue botnet.  ... read more

Casper: the newest member of the cartoon malware family

Third malware connected to CSEC Snowden leaks now comes with modular structure


Author: Sabrina Berkenkopf

Casper is considered to be EvilBunny’s and Babar’s successor, believed to be originating from the same group of programmers – possibly connected to a French intelligence agency. Two very interesting changes the malware has undergone: it now has a modular structure which allows the attackers to download and install attack plug-ins at will and its anti AV strategies improved. ... read more
The case of the “Superfish” adware has caused quite a sensation through its association with computer technology company Lenovo. However, the following report shows that “Superfish” is just the tip of the iceberg. It explains the implications of and possibilities for misuse. By way of an example, experts at G DATA SecurityLabs have investigated a piece of update software involved in the case, to illustrate the risks of certificate misuse. ... read more

Babar: espionage software finally found and put under the microscope

G DATA experts analyze malware mentioned in CSEC documents leaked by Snowden


Author: Paul Rascagnères

Almost a year after Operation SNOWGLOBE was publicly mentioned for the first time by the famous French newspaper Le Monde, security experts have now laid hands on malware samples that match the descriptions made by the Communication Security Establishment Canada (CSEC). The following analysis is the first report about the espionage malware dubbed Babar, which the whole computer security community searched for. After the disclosure about EvilBunny [1], Babar is now a second component identified to be related to Operation SNOWGLOBE and is believed to be coded by the same developers. Babar’s feature set includes keystroke logging, clipboard logging and, most interesting, the possibility to log audio conversations – the elephant has big ears! ... read more