Security Alerts & News
by Tymoteusz A. Góral

History
#932 Lurk Banker trojan: Exclusively for Russia
One piece of advice that often appears in closed message boards used by Russian cybercriminals is “Don’t work with RU”. This is a kind of instruction given by more experienced Russian criminals to the younger generation. It can be interpreted as: “don’t steal money from people in Russia, don’t infect their machines, don’t use compatriots to launder money.”

“Working with RU” is not a great idea where cybercriminals’ safety is concerned: people from other countries are unlikely to report an incident to the Russian police. In addition, online banking is not very popular in the RU zone – at least, it is much less popular than in the West. This means that the potential income from operating in the RU zone is lower than in other zones, while the risk is higher. Hence the rule “Don’t work with RU”.

As always, there are exceptions to the rule. A rather prominent banker Trojan – Lurk – that is the subject of this paper has been used to steal money from Russian residents for several years.

We have written about this banker Trojan before. It caught our attention almost as soon as it appeared because it used a fileless spreading mechanism – malicious code was not saved on the hard drive and ran in memory only. However, until now no detailed description of Lurk had been published.
Read more
#934 Mozilla will fund code audits for open source software
#933 “Bluetooth 5” spec coming next week with 2x more range and 4x better speed
#932 Lurk Banker trojan: Exclusively for Russia
#931 JIGSAW crypto-ransomware turns customer-centric, uses chat for ransom attempts
#930 Ransomware dominates the threat landscape
#929 Symantec: Latest intelligence for May 2016
#928 An interview with the Russian hacker probably selling your password right now
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12