Tech Brief: An inside view of a zero-day campaign


Discovering a new vulnerability in a popular piece of software is the Holy Grail for cybercriminals. The period between this vulnerability being weaponized into an exploit and becoming public knowledge poses a huge security risk to consumers and businesses. During this time, a completely open window of attack exists because even fully patched systems are affected. This is a zero-day.

This paper details one such exposure using Malwarebytes’ unique view of zero-day threats as collected through its anti-exploit products. Because the anti-exploit products are deployed on a large user base that spans the globe, researchers were able to profile accurately a zero-day (CVE-2015-0313) that leverages Adobe Flash Player, and shine a light on the lifecycle, delivery mechanism, and criminal practices behind it.



Google Chrome update Spam drops CTB Locker/Critroni Ransomware

February 2, 2015 | BY

Beware of emails appearing to come from Google warning you that “Your version of Google Chrome is potentially vulnerable and out of date”.

In this latest spam wave, cyber crooks are tricking users into downloading the well-known browser, except that it’s a dangerous Trojan that will encrypt your personal files and demand a hefty ransom to decrypt them back

More from Malwarebytes Blog

Irregular Activities On Your Account: A‏ Chase Bank Phish

DECEMBER 11, 2014 | BY

From the spam traps: a fake Chase Bank “Security Warning” email, claiming to have noticed something peculiar going on with your account.

The mail reads as follows:

SECURITY MESSAGE - Irregular Activities On Your Account‏

Dear Chase Online Customer,

We're currently upgrading our systems to bring enhanced features to your Online Banking experience. As a result, your account is temporarily unavailable.

Please download the file attached and upgrade your account to our new Online Banking system.

Note: fail to upgrade your account, it will be automatically closed.

After this step, you are permitted to access your Online Banking System.

Customer Service Team.

E-mail Security Information
E-mail intended for your account suspicious.

Note: If you fail to verify your account, it will be automatically closed. After this step, you are permitted to access your Online Banking System.

This service message was delivered to you as a Chase Bank customer to provide you with account verification needed.
If you want to contact Chase, please do not reply to this message. For faster verification update, please download and verify your account. Replies to this message will not be read or responded to.


IRS phone scammers double up their efforts for the holidays

DECEMBER 2, 2014 | BY

It might not be tax season yet but Internal Revenue Service impersonators are hard at work scamming people during this holiday season.

They are leaving threatening voice messages to victims they’ve cataloged in a giant database.

The purpose of this scam is to collect money from tax payers by using a well rehearsed script made of lies and threats.

Similar to the tech support scams, the crooks are operating from boiler rooms and making thousands of calls a day.

We went undercover and decided to follow-up on a voice mail to find out what really happens. The following are excerpts from a conversation we had with a fake IRS agent.


Hello Mr xxxxx, this is Officer Andrew Hall from tax and crime investigations unit of IRS and the reason behind this call is to inform you that you are being listed as the primary suspect in a case being filed by IRS.

 “What did I do wrong?”

You owe the IRS money. I would like to inform you that the line on which we are talking right now is being recorded and monitored by the IRS and the local authorities of your state and by one patrolling officer.

The ‘affidavit’

Now listen carefully because we are running short of time: The IRS has discovered strong evidence that you have failed to declare your actual income which was higher than what it was mentioned and you have wrongly benefited from reductions which you were not eligible for. This was not the result of innocent negligence. We have reason to believe that it was a willful act done with the intent to defraud the IRS.

The allegations

Count 1: Violation of federal tax regulation.
Count 2: Violation of internal revenue Code.
Count 3: Theft by deception.
Count 4: Willful misrepresentation of information to a government organisation 


Windows 10 Technical Preview is now available via the Windows Insider Program

Download Windows Technical Preview:

Follow these steps to download Technical Preview:

  • Sign up for the Windows Insider Program.

  • Read the system requirements.

  • Click one of the Download links on this page to download a special file—it’s called an ISO file—that you can use to install the preview.

  • When the download is complete, transfer the ISO file to installation media such as a DVD or USB flash drive.

  • Boot your PC from the installation media, and then follow the steps to perform a clean install


As this is a very early release of Windows, it is not suggested that you upgrade your normal computer to the Windows 10 TP. Instead you should use a spare computer or even better a virtual machine like VirtualBox. If you decide to go the VirtualBox route, download the ISO and create a Windows 8.1 guest in VirtualBox. Then go into the settings of the guest and mount the ISO as a DVD. When you are ready to install, double-click on the guest to start the installation from the mounted ISO. It will install perfectly, but unfortunately at this time the Guest Additions will not work. I expect a VirtualBox update will be released soon that will allow the guest additions to work.

Microsoft sets Oct. 31 as stop date for Windows 7 consumer PC sales

But extends end-of-sales date for business PCs running Windows 7 Professional

February 15, 2014 02:09 PM ET

Computerworld – Microsoft has set Oct. 31 as the end of sales of new consumer-grade Windows 7 PCs, but for now has left open the do-not-sell-after-this-date for business machines.

On the site where it posts such policies, Microsoft now notes that Oct. 31, 2014, is the end-of-sales date for new PCs equipped with Windows 7 Home Basic, Home Premium or Ultimate. All three are consumer-oriented versions of Windows 7; Home Premium has been the overwhelming choice of OEMs (original equipment manufacturers) for consumer systems.

Microsoft’s practice, first defined in 2010, is to stop selling an older operating system in retail one year after the launch of its successor, and halt delivery of the previous Windows edition to OEMs two years after a new version launches. The company shipped Windows 8, Windows 7’s replacement, in October 2012.

The setting of a deadline for consumer Windows 7 PCs followed a glitch last year when Microsoft named the same Oct. 31 date for all Windows 7 PCs, but then quickly retracted the posting, claiming that the notification had been posted “in error.”

Some OEMs, notably Hewlett-Packard, have made headlines for marketing consumer-grade Windows 7 PCs, a sign of the fragmentation of the once-dominant Windows oligarchy, which always pushed the newest at the expense of older editions.

But while it has established an end-of-sales date for consumer PCs with Windows 7 pre-installed, Microsoft has yet to do the same for business PCs.

Microsoft will give a one-year warning before it demands that OEMs stop selling PCs with Windows 7 Professional, the commercial-quality version. Under that rule, Microsoft will allow computer makers such as Lenovo, HP and Dell to continue selling PCs with Windows 7 Professional until at least February 2015.