Monthly Archives: July 2015

Update: Kovter bot spreading over the weekend (again), bearing ‘toll debt’ notifications

Category : Threat Analysis

The Kovter bot initiated another malicious spam run over the weekend (25th July 2015). The malicious emails spread early morning Saturday. This wave is another effort from the Kovter bot to expand in the past few weeks. In this round, the emails claimed to be an “Indebted for driving on toll road #XXXXXXXXX” where the X’s are random numbers. Alerting … Read the rest


Hacking Team Exploit Round-up: Microsoft out of band patch for CVE-2015-2426

Microsoft issued an urgent out of band patch MS15-078 for another remote code execution vulnerability uncovered in the 400GB of data that leaked from Hacking Team.

The patch resolves a security issue (CVE-2015-2426) that allows for remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains maliciously crafted embedded … Read the rest


Kovter expanding bot through emails bearing ‘court notices’ – Performanta’s case study

Category : Threat Analysis

On the weekend of the 11th of July some suspicious emails holding the subject of ‘Notice to Appear in Court’ were sent out to some of our key employees. The messages were allegedly originating from the ‘District Court’ and held a zipped attachment. Performanta Labs instigated some analysis and confirmed it was a threat. Following up with more rigorous analysis … Read the rest