Malwarebytes CrackMe 2: try another challenge

Last November, we released the first edition of the Malwarebytes CrackMe. Encouraged by the positive response we received from the security community, we decided to repeat the game, hopefully making it even more interesting and entertaining. As before, the CrackMe is dedicated to malware analysts...

Unspecified vulnerability in Malwarebytes Anti-Malware consumer

Malwarebytes Anti-Malware consumer is a suite of anti-malware spyware from the American company Malwarebytes. The software supports the removal of worms, dial-up programs, Trojans, rootkits, spyware, exploits, bots, and other malware, among others. A security vulnerability exists in the encryptio...

CVE-2016-10717

A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior fixed in 3.0.4 allows an attacker to take control of the whitelisting feature exclusions.dat under %SYSTEMDRIVE%\ProgramData to permit execution of unauthorized applicatio...

Design/Logic Flaw

A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior fixed in 3.0.4 allows an attacker to take control of the whitelisting feature exclusions.dat under %SYSTEMDRIVE%\ProgramData to permit execution of unauthorized applicatio...

CVE-2016-10717

A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior fixed in 3.0.4 allows an attacker to take control of the whitelisting feature exclusions.dat under %SYSTEMDRIVE%\ProgramData to permit execution of unauthorized applicatio...

CVE-2016-10717

CVE-2016-10717 affects Malwarebytes Anti-Malware Consumer (versions ≤ 2.2.1; fixed in 3.0.4). A flaw in the encryption and permission model allows an attacker to take control of the whitelisting feature (exclusions.dat under %SYSTEMDRIVE%\ProgramData), enabling execution of unauthorized applicati...

CVE-2016-10717

A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior fixed in 3.0.4 allows an attacker to take control of the whitelisting feature exclusions.dat under %SYSTEMDRIVE%\ProgramData to permit execution of unauthorized applicatio...

New Mac cryptominer has 23 older variants

On February 1, a new Mac cryptominer was discovered being distributed via a hack of the MacUpdate website. Since then, we've been doing some digging and found that this isolated incident was just the tip of the iceberg. The malware delivered by the MacUpdate hack appears to be the culmination of...

New Flash Player zero-day comes inside Office document

Update 2018-02-06: Adobe has released a patch for this vulnerability. More information is available here. We tested this zero-day with a proof-of concept that was made available. Rather than launching it from within Office, we turned it into a drive-by download attack. The animation below shows...

Boomerang spam bombs Malwarebytes forum—not a smart move

Tech support scammers are generally not the best and brightest. As such, they will occasionally post ads for their fake companies in the comment sections here or on the Malwarebytes forums. Last week, however, scammers struggled with configuring their spambots, resulting in spam bombs on the foru...

How to remove adware from your PC

“Close. Close. Close. Close,” my mother mumbles as she aggressively clicks her mouse over and over. “What’s wrong, Ma?” I’m home for the holidays, and cozy, cold evenings are often spent in front of the fireplace. This night, however, my mom is stuck at her computer. “This stupid thing won’t stop...

IMPORTANT: Web blocking / RAM usage announcement

On January 27, we published a protection update that caused connection issues for many of our customers. As a side effect of the web protection blocks, the product also spiked memory usage and possibly caused a crash. We have triaged this issue and pushed a protection update that resolves it. For...

Gartner recognizes Malwarebytes as a “Visionary” in the Magic Quadrant

I’m proud to announce that Gartner has recognized Malwarebytes as a “visionary” in the 2018 Gartner Magic Quadrant for Endpoint Protection Platforms. Malwarebytes was selected for its completeness of vision and ability to execute. Our goal is to give every user a malware-free experience and empow...

New Chrome and Firefox extensions block their removal to hijack browsers

What you don't see won't hurt you, must have been the reasoning of the threat actors who created the latest batch of extensions that make these browser hijackers even more difficult to remove. The extensions redirect users away from pages where they can disable or delete them in order to drive...

Cookies: Should I worry about them?

Starting off the new year, many of us are worried about cookies—how many we ate over the holidays and how we're going to avoid them in the break room, for example. With so much cybercrime and data theft swirling around like daily bomb cyclones, there's more than a few folks worried about the kind...

Stripchat bot spells block

Here at Malwarebytes, we spent a lot of time and effort scouring the Internet looking for malicious websites that we can protect our users from. Sometimes, these websites are pushing malware or some kind of scam. Other times it comes down to bad advertising practices that are used to fool the use...

Malwarebytes 3.3.1.2183 Multiple DoS Vulnerabilities

These CVE SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.113077";...

Input validation

DISPUTED In Malwarebytes Premium 3.3.1.2183, the driver file FARFLT.SYS allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e008. NOTE: the vendor reported that they "have not been able to reproduce...

Input validation

DISPUTED In Malwarebytes Premium 3.3.1.2183, the driver file FARFLT.SYS allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e018. NOTE: the vendor reported that they "have not been able to reproduce...

CVE-2018-5271

In Malwarebytes Premium 3.3.1.2183, the driver file FARFLT.SYS allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e008. NOTE: the vendor reported that they "have not been able to reproduce the issu...