The Tofsee malware family attempts to evade detection by using a custom encryption protocol. Nonetheless, that protocol can be identified efficiently. This post describes the detector that I developed and implemented in mercury. Why develop a detector for Tofsee, despite the fact that it is neither the newest nor nastiest malware? Because it is still … Continue reading Detecting Tofsee Malware Communication without False Positives