AV, how cam’st thou in this pickle?
While I’ve seen and heard random spatterings about why AV isn’t effective, or analyst reports from the likes of Yankee declaring “AV is Dead”, there’s been very little qualitative or quantitative study...
View ArticleWhen Spambots Attack — Each Other!
So, you’ve read plenty about when botnets attack. You’ve also seen plenty about when spambots attack, though it’s usually only in the form of spam email flooding in the course of spambot offspring...
View ArticleInformation Security and NFL Espionage
In late January 2007 several NFL-related web sites were hacked, to include www.dolphinsstadium.com and www.miamidolphins.com. Considering the Miami Dolphins stadium was about to host the NFL’s biggest...
View ArticleMega-D Botnet or Mega-Confusion?
I read this slashdot article over the weekend and was a bit surprised that I hadn’t heard of this Mega-D botnet before. So, I reached out to a few colleagues of mine and asked if they’d heard anything...
View ArticleObama Spam Malcode Campaigns
At least two different malcode campaigns are afoot using the Barack Obama victory in yesterday’s U.S. presidential elections as the theme. They entice you to visit a website and then, oops, you need to...
View ArticleThis BofA Demo Thing Got Big Fast
The Obama spam and malcode gang is back at it with a new fast flux phishing and malcode ruse. This time it’s a demo from the Bank of America that requires the classic “Flash Upgrade”. At the peak I was...
View ArticleClassmates dot com Fast Flux Malware
The Gozi infostealer is running around, this time using new domains and a new lure: a “video invitation from your classmates”. This has been going on all week, too. In an email purporting to be from...
View ArticleThings in 3FN
I think by this time folks know about the FTC action against 3FN (Triple Fiber Network). Here’s some of the stuff we had tracked there over the years. WinReanimator, Cutwail botnet activity. RogueAV in...
View ArticleJuly 2009 Malicious Links: 14 Hotspots
Inspired by a friend’s question of which CIDRs to block first, I went looking into our malicious URL database for July, 2009, data and dug for the top IPs and netblocks. This was pretty easy: what URLs...
View ArticleHappy Holidays: Point of Sale Malware Campaigns Targeting Credit and Debit Cards
Inside Recent Point-of-Sale Malware Campaign Activities Curt Wilson, Dave Loftus, Matt Bing An active Point of Sale (PoS) compromise campaign designed to steal credit and debit card data using the...
View ArticleMega-D Botnet or Mega-Confusion?
I read this slashdot article over the weekend and was a bit surprised that I hadn’t heard of this Mega-D botnet before. So, I reached out to a few colleagues of mine and asked if they’d heard anything...
View ArticleObama Spam Malcode Campaigns
At least two different malcode campaigns are afoot using the Barack Obama victory in yesterday’s U.S. presidential elections as the theme. They entice you to visit a website and then, oops, you need to...
View ArticleThis BofA Demo Thing Got Big Fast
The Obama spam and malcode gang is back at it with a new fast flux phishing and malcode ruse. This time it’s a demo from the Bank of America that requires the classic “Flash Upgrade”. At the peak I was...
View ArticleClassmates dot com Fast Flux Malware
The Gozi infostealer is running around, this time using new domains and a new lure: a “video invitation from your classmates”. This has been going on all week, too. In an email purporting to be from...
View ArticleThings in 3FN
I think by this time folks know about the FTC action against 3FN (Triple Fiber Network). Here’s some of the stuff we had tracked there over the years. WinReanimator, Cutwail botnet activity. RogueAV in...
View ArticleJuly 2009 Malicious Links: 14 Hotspots
Inspired by a friend’s question of which CIDRs to block first, I went looking into our malicious URL database for July, 2009, data and dug for the top IPs and netblocks. This was pretty easy: what URLs...
View ArticleHappy Holidays: Point of Sale Malware Campaigns Targeting Credit and Debit Cards
Inside Recent Point-of-Sale Malware Campaign Activities Curt Wilson, Dave Loftus, Matt Bing An active Point of Sale (PoS) compromise campaign designed to steal credit and debit card data using the...
View ArticleTrickBot Banker Insights
A new banking trojan, TrickBot, has seemingly risen from the ashes left behind by the November 2015 takedown of Dyreza/Dyre infrastructure and the arrests of threat actors identified by Russian...
View ArticleZyklon Season
The ASERT research team has recently done some work reverse engineering a family of malware called “Zyklon H.T.T.P.” that is written using the .Net framework. Zyklon (German for “cyclone”) is a large,...
View Article
More Pages to Explore .....