Joe Darbyshire, Author at Security Boulevard
Malware Misuses Common Operating System Commands to Perform Targeted Attacks

Malware Misuses Common Operating System Commands to Perform Targeted Attacks

We previously posted a blog about the Ursnif family of malware using language checks to determine the end user’s location as a means of bypassing sandbox-based endpoint protection during regionally targeted attacks. Since then, we have seen a couple more examples of malware using clever methods to indirectly determine the ... Read More
Malware Debugs Itself to Prevent Analysis

Malware Debugs Itself to Prevent Analysis

We recently encountered a piece of malware via a tweet, which caught our eye because it appeared to be searching for folders related to our product. During analysis we discovered that this malware employs a novel technique to prevent reverse engineering via a debugger, and we felt that it was ... Read More
Location-aware malware targets Japanese and Korean endpoints Bromium

Location-Aware Malware Targets Japanese and Korean Endpoints

New malware samples use location awareness to specifically target Japanese and Korean endpoints. The malware uses two techniques to determine the location in which it is being executed and ensures that the payload will only be triggered in these regions. This approach matches two trends: 1) docs performing regional checks ... Read More
Bromium: Event Handling Using Interupts

Dissecting the POP SS Vulnerability

The newly uncovered POP SS vulnerability takes advantage of a widespread misconception about behaviour of pop ss or mov ss instructions resulting in exceptions when the instruction immediately following is an interrupt. It is a privilege escalation, and as a result it assumes that the attacker has some level of ... Read More