This is the Shared Security Weekly Blaze for June 25, 2018 sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions, Silent Pocket and CISOBox. This episode was hosted by Tom Eston. Listen to this episode and previous ones direct via your web browser by clicking here!
Help the podcast and leave us a review! We would really appreciate you leaving a review in iTunes. Reviews really help move us up the podcast ratings list and are greatly appreciated!
Show Transcript
This is your Shared Security Weekly Blaze for June 25th 2018 with your host, Tom Eston. In this week’s episode: MyLobot malware, updates on third-party location data sharing, Fortnite scam websites.
The Shared Security Podcast is sponsored by Silent Pocket with their patented Faraday cage product line of phone cases, wallets and bags you can block all wireless signals which will make your devices instantly untrackable, unhackable and undetectable. Visit silent-pocket.com for more details.
Hi everyone, I’m Tom Eston, Co-host of the Shared Security podcast. Welcome to the Shared Security Weekly Blaze where we update you on the top 3 security and privacy topics from the week. These weekly podcasts are published every Monday and are 15 minutes or less quickly giving you “news that you can use”.
A new serious form of malware called MyLobot (apparently named after the researchers pet dog) was discovered by security firm ‘Deep Instinct’. This new form of malware is quite dangerous as it will make infected systems part of a large botnet and has the ability to install trojans, keyloggers, conduct DDoS attacks as well as ensure that it cannot be detected and even run executable files from within system memory. Having executable files run from within memory is a newer technique only discovered by malware researchers in 2016 and makes detecting this type of malware much more difficult. Researchers have indicated that this particular form of malware is quite advanced not the typical work of an amateur. In addition to all of this, there is an interesting delay feature which will not allow the malware to communicate to its command and control services for approximately two weeks. This delay was put in to avoid detection from modern endpoint detection and other techniques which usually pick up malware infections like these. To top it all off, the malware will attempt to detect and disable other types of malware already installed, effectively, eliminating other malware competition. Deep Instinct researchers indicate that this type of advanced malware is being sold on the ‘darkweb’ for purchase and that “Other than the malware itself, malware developers can purchase services that assist in the infection process. An attacker can purchase access to exploit kits, buy traffic of tens of thousands of users to a web page, or even buy a full ransomware-as-a-service for his own use”.
As we’ve mentioned on the podcast before, one of the primary ways that malware can get installed on your computer is through phishing and social engineering. There are, of course, other ways such as drive by downloads from malicious ads and compromised web sites hosting malicious code. Besides being more awa
Published on 7 years, 6 months ago
If you like Podbriefly.com, please consider donating to support the ongoing development.
Donate