SuperCMD RAT

On April 8th, an interesting DLL was uploaded from Canada to VirusTotal. What makes it interesting is that the detections on VirusTotal are mostly heuristics and do not settle on a single family. The malware is also configured to beacon to an RFC1918 internal IP address, however, the name 816db8a1916201309d2a24b4a745305b.virus indicates it was picked up…

A Different Take on Keystroke Logging

On March 29th a file was uploaded to VirusTotal containing a fake Microsoft Update Authenticode certificate. Soon thereafter, RSA Research investigated the sample based on certain artifacts that matched those present on Shell_Crew malware RSA Research previously reported on. This Windows DLL file was compiled on October 28th, 2014 at 06:35:47 GMT (Table 1). File…

Major Events and Hacktivism #OpOlympicHacking

Introduction As anyone who tracks attacks on the internet can tell you, Activists using hacking activity, aka “Hacktivists”, have discovered that a relatively basic hacking approach, with buy-in from disenfranchised groups of people, can have significant effects on online businesses. With names like #OpISIS, #OpParis, #OpMonsanto, #OpWhales, #OpKillingBay, #OpKKK, and #OpTrump, you can easily see…

Our thoughts on the RSA SecurID software token research

Guest Blog Post by Dan Schiappa, Senior Vice President, Identity & Data Protection In the security business, scrutiny by customers, peers and researchers is a fundamental industry principle. RSA embraces this principle — our Public Key Encryption algorithm, for example, has withstood more than 30 years of scrutiny and remains a foundational underpinning for secure…