Botnet operators are using a domain-generation algorithm to conceal their command-and-control center. And once they knew security researchers were on to their tricks, they got even slicker.
Security researchers are studying an apparent new strain of Mac malware that turned up on the computer of a participant at the just-concluded Oslo Freedom Forum, an annual human rights conference.
The number of fraud complaints lodged with the Internet Crime Complaint Center actually fell in 2012, but the amount of alleged losses to victims rose.
According to Microsoft, the malware is affecting users in Brazil, but could spread elsewhere.
One of the masterminds behind the pernicious SpyEye banking trojan has been extradited to the United States, where he will face charges for computer and wire fraud.
According to reports, the compromised page, for the Site Exposure Matrices (SEM), has been cleaned, but it remains offline.
In this month's debate, experts discuss if advanced malware is still a persistent challenge after administrator rights are removed.
For our May issue's "threat of the month," we focused on pdf.exe.zip files, an old-style email executable attachment attack.
The trojan carries out a one-time password scam. Researchers who studied the new malware strain, affecting U.K. bank customers, said they are fascinated by the attention to detail the fraudsters applied to the ruse.
The Travnet botnet uploads Microsoft Office files, PDFs and text files to remote servers run by attackers.
In addition to the exploit, which leverages a recently patched bug, a researcher has discovered a fresh vulnerability in the newly minted version of Java SE.
Despite the arrests of Gozi ringleaders, the banking trojan still persists and is behind thousands of new infections in the United States.
Attackers wanting to compromise apps in Google's official store leveraged an advertising network to foist their malware to unsuspecting victims.
Spam campaigns are sending out spurious emails purported to be from Facebook, LinkedIn, American Airlines and financial institutions, McAfee researchers found.
Client-side, web-based threats are beginning to overtake malware mainstays such as Conficker, according to a Microsoft report.
A trojan that uses a "magical" authentication code to communicate with its command-and-control server has compromised thousands of organizations around the globe. So far, however, it has remained largely silent.
As expected, the web's unscrupulous element is taking advantage of the attention surrounding the Boston Marathon bombings to spread malware and trick people into donating to fake causes.
Symantec's annual "Internet Security Threat Report 2013" concentrated on the success attackers are attaining by sabotaging legitimate websites.
German research institute AV-TEST conducted the study over a period of 18 months.
The "PlaneSploit" application was three years in the making, and is able to remotely attack flight management systems, though the program was built to only work on virtual aircraft.
Fortinet researchers have tracked 100,000 new ZeroAccess trojan infections per week, making the botnet very lucrative to its owners.
Attackers use phishing emails, which include links to a fake Adobe Flash update, to lure victims into installing the Stels trojan.
Law enforcement in Russian and Ukraine have dealt a major blow to a prolific banking malware operation.
No matter the industry, organizations are facing a flurry of sophisticated attacks, with the main goal being to hijack intellectual property, according to new findings from security firm FireEye.
New clues turned up by researchers at the University of Toronto show that an Android malware spy campaign appears to be the work of Chinese hackers, possibly with the assistance of the nation's government or a major corporation.
Espionage and fraud in cyber is not an armed conflict, says SystemExpert's Jonathan Gossels.
Are there ways to catch sophisticated malware that hides in trusted processes and services? Deb Radcliff finds out.
As the debate on the usefulness of anti-virus continues, recent research reveals that a majority of malware is delivered via web browsing, skirting AV along the way.
Security researchers have found evidence that, not surprisingly, social engineering tactics were leveraged by the attackers, who set their malware to "go off" three days after reaching victims.
The trojan was recently a topic of discussion on an underground Russian forum, researchers found.