High profile site scares users
We come across a plenty of malware reports every day. Sometimes we have to deal with some special cases, where a respected vendor is involved. This time it was the Dell driver download site.
The "Download file" link leads to this unexpected screen (our user complained about a false positive):
Well, being an average user, I'd be somehow confused as well. But I know where to look, when it comes to Sality. First of all - the file is supposed to be signed with a digital certificate (according to PE header), but there's no valid signature (even the Digital signature tab in the file properties dialog does not appear):
On the other hand, what we can easily find in the file is an evident sign of Sality presence:
The highlighted section has been added by Sality. Fortunately, it has not been filled up with a vital Sality body (it seems to be either wrongly infected or wrongly disinfected), thus the file is not dangerous, but it's definitely something what no one expects at a site with such reputation. Now it is up to Dell, I think that they don't want to distribute this particular file anymore :-).
Avast Threat Intelligence has identified a new advanced persistent threats (APT) campaign targeting government agencies and a government data center in Mongolia.
Our Aposemat Team has been testing the capabilities of IPv6 and how malware could take advantage of it. One of the topics explored was exfiltration of data via the IPv6 protocol, which we discuss in this post.
Popular banking services, including PayPal, Revolut and Venmo, allow users to request money from others with a few easy steps. Although simple, this functionality could increase the likelihood of related spearphishing attacks.