WhiteShadow downloader uses Microsoft SQL queries to deliver malicious payloads

Researchers have documented the emergence of a downloader that makes use of Microsoft SQL queries to pull and deliver malicious payloads. In August this year, Proofpoint researchers found the new, staged downloader, known as WhiteShadow, which is being used to deliver Read More …

A dozen US web servers are spreading 10 malware families, Necurs link suspected

Researchers have uncovered over a dozen servers, unusually registered in the United States, which are hosting ten different malware families spread through phishing campaigns potentially tied to the Necurs botnet. On Thursday, researchers from Bromium said they have monitored scams Read More …

LCG Kit: Sophisticated builder for Malicious Microsoft Office Documents

Proofpoint researchers discovered “LCG Kit,” a weaponized document builder service, in March 2018.  Since we began tracking LCG Kit, we have observed it using the Microsoft Equation Editor CVE-2017-11882 [1] exploit in various forms. More recently, its authors have integrated Read More …