“The sample was uploaded on February 4 to the Google-owned VirusTotal scanning service, which at the time showed it wasn’t detected by any of the major antivirus programs,” Goodin reports. “(Ahead of this report on Monday, it was detected by 10 of 56 AV services.) A technical analysis published Monday morning by SentinelOne security researcher Pedro Vilaça showed that the installer was last updated in October or November, and an embedded encryption key is dated October 16, three months after the HackingTeam compromise.”
Goodin reports, “The sample installs a copy of HackingTeam’s signature Remote Code Systems compromise platform, leading Vilaça to conclude that the outfit’s comeback mostly relies on old, largely unexceptional source code, despite the group vowing in July that it would return with new code.”
Read more in the full article here.
Adobe updates Flash software to fix yet another security hole – July 8, 2015