Home / Archives for Diwakar Dinkar

Diwakar Dinkar

Diwakar Dinkar is a Research Scientist with McAfee Labs. He has worked in this field for five years and specializes in reverse engineering. He enjoys working on latest threats and figuring out ways to protect customers from them. His hobbies include playing cricket and reading newspapers.

Subscribe to Diwakar Dinkar Blogs

More from Diwakar Dinkar

McAfee Labs

JAVA-VBS Joint Exercise Delivers RAT

The Adwind remote administration tool (RAT) is a Java-based backdoor Trojan that targets various platforms supporting Java files. For an infection to occur, the user must typically execute the malware by double-clicking on the .jar file that usually arrives as an email attachment. Generally, infection begins if the user has ...

McAfee Labs

Parasitic Coin Mining Creates Wealth, Destroys Systems

The increasing popularity of cryptocurrencies has inspired some people to pursue coin mining, essentially making money online. (Mining is the processing of transactions in the digital currency system, in which new transactions are recorded in a digital ledger called the blockchain. Miners help to update the ledger to verify and ...

McAfee Labs

Ransomware Takes Open-Source Path, Encrypts With GNU Privacy Guard

McAfee Labs has recently observed a new variant of ransomware that relies on the open-source program GNU Privacy Guard (GnuPG) to encrypt data. GnuPG is a hybrid-encryption software program that uses a combination of conventional symmetric-key cryptography for speed and public-key cryptography to ease the secure key exchange. Although ransomware ...

McAfee Labs

Spora Ransomware Infects ‘Offline’—Without Talking to Control Server

Spora is a ransomware family that encrypts victims’ files and demands money to decrypt the files. It has infected many computers in a short time due to a huge spam campaign. It has a very special feature—to work offline. Propagation vector The spam campaign carries a .zip file, which contains an ...

McAfee Labs

Password-Protected Attachment Serves Ransomware

Attacks by macro malware carrying ransomware are growing, as we have recently reported. Since early March we have seen macro malware using high-obfuscation algorithms to hide itself from static and traditional antimalware detection techniques. Macro malware continues to evolve and use new tricks to evade detection. In addition to these ...

McAfee Labs

Macro Malware Employs Advanced Sandbox-Evasion Techniques

During the past couple of weeks, McAfee Labs has observed a new variant of macro malware. With this variant when we click on a doc file, we see the message “This document is protected against unauthorized use. Enable Editing and Enable Content to read content” along with a request to enable ...

McAfee Labs

Locky Ransomware Hides Inside Packed .DLL

McAfee Labs has seen a huge increase in Locky ransomware in recent months (discussed in an earlier blog). Locky is aggressively distributed via a JavaScript-based downloader sent as an attachment in spam emails. Since its first variant Locky has taken advantage of compromised domains to download its malicious executable. Recently it has ...

McAfee Labs

JavaScript-PHP Joint Exercise Delivers Nemucod Ransomware

The ransomware Nemucod has been very prevalent in the last few months. Nemucod’s habit of frequently changing its delivery mechanism and infection vector to evade detection makes this threat very challenging to security researchers. Recently, we observed in the wild a new variant of Nemucod that shows another change. This variant ...

McAfee Labs

Locky Ransomware Hides Under Multiple Obfuscated Layers of JavaScript

This post was prepared with the invaluable assistance of Rahamathulla Hussain and Girish Kulkarni. During the last couple of weeks, McAfee Labs has observed a huge increase in spam related to Locky, a new ransomware threat spread via spam campaigns. The contents of the spam email are carefully crafted to ...

McAfee Labs

Nivdort: Data-Stealing Trojan Arrives via Spam

During the past couple of weeks, McAfee Labs has observed a huge increase in spam related to Nivdort, a malicious file that usually arrives as a .zip attachment and tries to download other malware. This malware can steal a victim’s credentials, including personal details related to online shopping, banking, and other ...

Subscribe to McAfee Securing Tomorrow Blogs