Authors of Locky Ransomware are big fans Game of Thrones series

Written on:September 24, 2017
Comments
Add One

Researchers at PhishMe found the names of Game of Thrones show characters and other references into the script used to spread the Locky ransomware.

The fantasy drama television series Game of Thrones has an amazing number of fans, including the authors of the Locky ransomware.

The discovery was made by researchers at security firm PhishMe that found the names of show characters and other references into the source code of the Visual Basic script used by the crooks.

The Visual Basic script is included in the ZIP or RAR archive attached to email spam used in the ransomware campaign. When the victims open the archive and run the VB script contained within, it would download and install the Locky ransomware.

“Lightweight script applications designed to deliver malware often use rotating or pseudorandom variable names to ensure that the malware delivery tools look unique. In this case, many of the variables (some misspelled) referred to characters and events from the globally-popular television fantasy epic Game of Thrones.states Phishme.

Experts discovered in the VB script reference to the TV show such as “Aria,” “SansaStark,” “RobertBaration,” “JohnSnow,” or “HoldTheDoor” .

Locky ransomware Game of thrones

Locky ransomware Game of thrones

According to BleepingComputer, the term “Throne” was used 70 times inside the script.

“The runtime for this script is indifferent to the variable names. The variable names could be anything, including completely random combinations of letters and numbers. However, the criminals responsible for this attack chose a distinctive theme for their variables, thereby revealing their interest in this pop culture phenomenon.” continues PhishMe.

Pierluigi Paganini

(Security Affairs – Locky ransomware, Game of Thrones)

The post Authors of Locky Ransomware are big fans Game of Thrones series appeared first on Security Affairs.

‘Star Trek: Discovery’ spaceship flies over New York – CNET

Written on:September 24, 2017
‘Star Trek: Discovery’ spaceship flies over New York     – CNET

The USS Discovery takes off for real in Manhattan the night before the show’s premiere. Well, sort of.

Read more...

Security Affairs newsletter Round 129 – News of the week

Written on:September 24, 2017
Security Affairs newsletter Round 129 – News of the week

A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Once again thank you! ·      400,000 UK consumers at risk after the Equifax data breach ·      Chrome will label Resources delivered via FTP as Not Secure ·      MAGENTO 2.0.16 and 2.1.9 security update fixes critical flaw in […]

The post Security Affairs newsletter Round 129 – News of the week appeared first on Security Affairs.

Read more...

Massive HerbaLife spam campaign spreads a variant of Locky ransomware

Written on:September 24, 2017
Massive HerbaLife spam campaign spreads a variant of Locky ransomware

Researchers spotted a new widespread ransomware campaign leveraging emails with malicious attachments using Herbalife branded messages. Researchers at security firm Barracuda have spotted a new widespread ransomware campaign leveraging emails with malicious attachments, some of them pretend to be sent by the l multi-level marketing nutrition company Herbalife. More than 20 million Herbalife branded emails were sent in a 24 hour […]

The post Massive HerbaLife spam campaign spreads a variant of Locky ransomware appeared first on Security Affairs.

Read more...

Going once, going twice: An Apple-1 and a Steve Jobs autograph – CNET

Written on:September 24, 2017
Going once, going twice: An Apple-1 and a Steve Jobs autograph     – CNET

Tech nostalgia is driving auction bidders to scramble for vintage computers and memorabilia.

Read more...

Going once, going twice: An Apple-1 and a Steve Jobs autograph – CNET

Written on:September 24, 2017
Going once, going twice: An Apple-1 and a Steve Jobs autograph     – CNET

Tech nostalgia is driving auction bidders to scramble for vintage computers and memorabilia.

Read more...

Passwords and much more for 540,000 SVR Tracking accounts leaked online

Written on:September 24, 2017
Passwords and much more for 540,000 SVR Tracking accounts leaked online

Login credentials for 540K records belonging to vehicle tracking device company SVR Tracking (aka Stolen Vehicle Records Tracking) have been leaked online. Another day, another data breach to report, login credentials of more than half a million records belonging to vehicle tracking device company SVR Tracking (aka Stolen Vehicle Records Tracking) have been leaked online. The incident […]

The post Passwords and much more for 540,000 SVR Tracking accounts leaked online appeared first on Security Affairs.

Read more...

Infocon: green

Written on:September 24, 2017
Infocon: green

Forensic use of mount –bind

Read more...

Forensic use of mount –bind, (Sun, Sep 24th)

Written on:September 24, 2017
Forensic use of mount –bind, (Sun, Sep 24th)

In my previous diary, I mentioned a recent case that led me to write mac-robber.py. In that case, I mentioned that I needed to build a filesystem timeline and wanted to collect hashes because I suspected there were multiple copies of some possible malware scattered around the disk. The biggest issue I had was that hashing the files requires reading them which would update the access times, something I really did not want to do. So, I decided to use a trick on a live system that I had employed occasionally in the past when I got a tar file rather than a disk image of, say, a directory from a SAN or NAS. For those of you who aren&#;x26;#;39;t aware, on Linux, you can use the mount command to essentially link a directory to another location in the directory tree. In the screenshot below, you can see the results of df -h and mount on one of my test VMs.

Read more...

5 things we just learned from the iPhone 8 teardown – CNET

Written on:September 23, 2017
5 things we just learned from the iPhone 8 teardown     – CNET

Would you believe the iPhone 8 has a smaller battery? Here’s what else iFixit discovered.

Read more...