malware is illegal and for nerds

We've updated The Old New Thing collection for December, 2022.

This week our focus will be completing the year 2012. Additionally, more malware database upload records will be present too.

Have a nice day.

https://www.vx-underground.org/the_old_new_thing.html

January 5th, 2023, we noted Microsoft Security plagiarizing the research of Patrick Wardle. January 9th, 2023, Microsoft Security Intelligence issued an official response on Twitter. They stated the blog post has been removed.

Today VentureBeat released an article stating ransomware attacks were down 61% in 2022. They cite a ... survey? ...

The individuals behind this article, and survey, clearly have absolutely zero idea how ransomware or cyber crime works.

Article: https://venturebeat.com/security/ransomware-attacks-dropped-61-last-year-but-orgs-cant-be-complacent/

Fun fact: There have been 47 publicly listed ransomware victims in 2023. 47 in 10 days.

More info: https://ransomwatch.telemetry.ltd/#/

This morning the American Federal Aviation Agency NOTAM (Notice to Air Mission) system stopped operating

NOTAM is responsible for transmitting information in-real time to aircrafts

The FAA offered no explanation on the official cause other than they are investigating the issue

Meanwhile, as every single person in Information Security puts on their conspiracy theorist tin-foil hats, United States Whitehouse representatives have stated "their is no evidence of a cyber attack"

Infosec nerds paranoia will now amplify x100 and believe this to be a lie.

In the latest install of the Call of Duty series: Modern Warfare II (2022) players can conduct DDoS attacks. The DDoS attack will disrupt or disable enemies or enemy equipment.

tl;dr in the future helicopters, tanks, guns, and even human beings will be IoT devices.

We have seen many tweets recently about silly malware concepts like "syscalls", "unhooking", or "obfuscation".

Here is our #1 #RedTeamTip to avoid EDRs. Use an RPG-7 to obliterate the computer. The EDR cannot detect your malware if the computer is not operational

The New York Times is reporting Twitter is considering auctioning off Twitter usernames to generate revenue.

https://www.nytimes.com/2023/01/11/technology/twitter-user-names-elon-musk.html

Recently we have received criticism for our #1 #RedTeamTip of using an RPG-7 to bypass EDRs. Some individuals pointed out an RPG-7 would not be allowed on most corporate premises.

While this may be true, vx-underground also has a 0day exploit to access to ANY facility.

Note/Update: Per BleepinComputer Lockbit ransomware group denies conducting the attack. When we reached out to Lockbit, Lockbit stated they were unfamiliar with the Royal Mail

This is technically possible - the Lockbit Black Builder was recently leaked.

Regarding the Lockbit attack on the Royal Mail

Lockbit ransomware group (again) denies the attack on the Royal Mail ... but invites the attackers to formally join their organization

Intel via 3xp0rtblog

More malware and more archives in queue.

░░╚══╗░╔═╔════╝
╚═╦═╗╠═╩═╩╗╔═╦═╗
░░║▒╠╣▒▒▒▒╠╣▒║▒║
╔═╩═╝╠═╦═╦╝╚═╩═╝
░░╔══╝░╚═╚════╗

We are happy to report we have not had anyone seriously ask for the password to malware archives in over 30 days.

But, this has been replaced with you filthy degenerate nerds spamming us with password memes.

JustineTunney has created a 116kb WASM build of Blink that allows you run x86_x64 Linux binaries in a web browser. It supports 500 instructions and 130 system calls.

They are successfully resurrected Linux malware from the dead and god bless

More info: https://github.com/jart/blink/issues/8#issuecomment-1381748163