New Dridex infection vector identified

Banking Trojan’s authors use Microsoft Office trick and a legitimate service to infect systems


Author: Paul Rascagnères

Malware authors can sometimes be creative in order to manipulate their human targets on the one hand and to circumvent security products, too. The experts of G DATA’s SecurityLabs analyzed a specially crafted Microsoft Word document the attackers used to install a rather famous banking Trojan called Dridex. This malicious document connects to a perfectly legitimate website to download the final payload. We assume that these two elements were chosen to trick security products. This scam is used more and more often to attack businesses, especially SMBs, in various countries. ... read more

Author: Ralf Benzmüller, Robert Michel, Anton Wendel

After the initial reports on the attacks on the Bundestag (German Federal Parliament), variants of the Swatbanker family are now putting the Bundestag's intranet on a watch list. The operators of the botnet are apparently trying to steal access data and server responses associated with this site. It is not clear whether this is a new attack or whether the same attackers who were active in May have expanded their pattern of attack.  ... read more

G DATA SecurityBlog nominated as "Best European Corporate Security Blog"

Please vote for us and help us to spread the word about IT Security


Author: Sabrina Berkenkopf

The team of experts in G DATA’s SecurityLabs feels honored to be nominated in this category. Now, you have the chance to show your support and vote for us.  ... read more

The AV Community mourns for Klaus Brunnstein

The Viren-Test-Center’s founder passed away on Tuesday, at the age of 77


Author: G DATA SecurityLabs

Brunnstein was born in Cologne and later on based in Hamburg. Working at the University of Hamburg, he influenced the computer science education worldwide. He will for sure be remembered by many G DATA colleagues. Some of them would like to express their personal memories in this article. ... read more

Dissecting the “Kraken”

Analysis of the Kraken malware that was used for a targeted attack in UAE


Author: Paul Rascagnères

In January 2015, unidentified attackers attempted to infiltrate a multi-national enterprise based in the United Arab Emirates, using a spear phishing attack with a crafted MS Word document attached to the message. Once it has reached its target, the payload used was designed to work as an information stealer and reconnaissance tool. G DATA’s security experts identified the malware behind this attack and reveal information about the actual power of the malware’s tentacles. ... read more

Author: Sabrina Berkenkopf. Matthias Meyer

The recent case of malware distribution via Google AdSense advertising banners is an arresting example of how quickly a huge number of websites across the world can become embroiled in cyber attacks. A supplier of the advertising network has apparently been compromised. The attackers deployed the Nuclear exploit kit with the aim of infecting millions of users with malware. Since mid-March, Nuclear has been using an exploit for a fairly new security hole in Adobe Flash Player that has evidently not yet been closed on many computers. The innovative G DATA Exploit Protection has been preventing attacks since the outset. ... read more