Thanks to the Websense® ThreatSeeker® Network, we discovered another interesting case involving a malicious Web Trojan and analyzed it. Let’s share our deobfuscation experience. The first step was to identify the location of the mali…

At Websense® Security Labs™, we get many questions from our customers and partners about attacks. We’re asked about the details of big attacks, obscure attacks, and, of course, targeted attacks. There has been quite a bit of noise around an attack being dubbed “project Blitzkrieg,” which is targeting banks. The attack is said to be the brainchild of a Russian hacker in an underground forum. This hacker has called upon others in the forum to aide in attacking banks by siphoning large amounts of money out of these banks using a special Trojan dubbed “Prinimalka.”

Security Labs uses Websense ACE (Advanced Classification Engine) to classify the Prinimalka malware family, and, thanks to the Websense ThreatSeeker® Network, is also monitoring its spread as part of “project Blitzkrieg.” So far, few instances of the Prinimalka infection are being seen. We’re a little skeptical that Blitzkrieg will live up to the current hype, because it’s pretty rare for a successful attack to be pre-announced months ahead of time. Although the broad class of targeted attacks like this continues to be a growing concern, it’s far more likely that this specific attack, if spread further, will take an altogether different form.  

Websense Security Labs™ ThreatSeeker™ Network detected a slew of fake Virgin Blue Itinerary emails.  The email contains a malicious zip attachment called Virgin-Itinerary.pdf.zip, which contains the malicious binary file Virgin-Itinera…