Malware

Blogs

Endpoint Rollbacks & Data Shadow Copies

Recently I was asked by a customer how they can easily set up rollback capabilities on the endpoints in their corporate network. They had seen the marketing hype by various security technology providers that their products included rollback capabilities they could utilize if/when one of their workstations or servers was infected by malware. Having gotten this question more than once, I thought it would be a good subject to share with a broader audience. more

Trusted Notifiers and the Future of DNS Abuse

Efforts have been ongoing in the ICANN community to develop a better understanding of its role in the combat of abuse. This theme has been rising in prominence every year since 2018, and 2021 appears to be the tipping point, in which consensus has built around the idea that more can be accomplished in terms of reducing the impact of rogue actors using the Internet for malicious purposes. more

What Are the Connected Assets of Confirmed Fake FBI Domains?

Two months ago, the Federal Bureau of Investigation (FBI) alerted the public to a list of domains that could easily be mistaken to be part of its network. The list of artifacts contained a total of 92 domain names, 78 of which led to potentially malicious websites, while the remaining 14 have yet to be activated or are no longer active as of 23 November 2020. more

Malware Detection Provider Gets Important Victory Allowing It to Flag Unwanted Driver Installer

Despite a recent Ninth Circuit decision denying immunity to malware detection software for targeting competitor's software, court holds that Section 230 protected Malwarebytes from liability for designating software driver program as potentially unwanted program. Plaintiff provided software that works in real-time in the background of the operating system to optimize processing and locate and install missing and outdated software drivers. more

The Digital Decade – A Look Ahead

As 2019 wrapped up, we took some time to reflect on some of the most impactful digital developments of the past decade and how they helped change our digital lives, including: the rise of mobile and tablet usage; the importance of mobile apps; the explosion of social media and online gaming; cloud computing; domain names, brand protection and the impact of GDP. Now that we've passed the New Year, it's time to look forward. more

A Dangerous, Norm-Destroying Attack

Kim Zetter has a new story out describing a very serious attack. In fact, the implications are about as bad as possible. The attack has been dubbed ShadowHammer by Kaspersky Lab, which discovered it. Briefly, some crew of attackers -- I suspect an intelligence agency; more on that below -- has managed to abuse ASUS' update channel and private signing key to distribute bogus patches. more

How to Track Online Malevolent Identities in the Act

Want to be a cybersleuth and track down hackers? It may sound ambitious considering that malevolent entities are extremely clever, and tracing them requires certain skills that may not be easy to build for the typical computer user. But then again, the best defense is offense. And learning the basics of sniffing out cybercriminals may not only be necessary nowadays, it has become essential for survival on the Web. So where can you begin? more

Continued Threats from Malware

As part of my job, I manage an incident response team that was engaged by a significant organization in Georgia whose network was infected by the QBOT (a.k.a. QAKBOT) malware. The customer had been infected for over a year, several teams before ours had failed to solve the problem, and they continued to get reinfected by the malware when they thought they had eradicated it. Over time it had spread to more than 1,000 computers in their ecosystem stealing user credentials along the way. more

Court Finds Anti-Malware Provider Immune Under CDA for Calling Competitor’s Product Security Threat

Plaintiff anti-malware software provider sued defendant -- who also provides software that protects internet users from malware, adware etc. -- bringing claims for false advertising under the Section 43(a) of Lanham Act, as well as other business torts. Plaintiff claimed that defendant wrongfully revised its software's criteria to identify plaintiff's software as a security threat when, according to plaintiff, its software is "legitimate" and posed no threat to users' computers. more

No One is Immune: Qatar Crisis Started by a Targeted Poli-Cyber Attack

The Qatar Crisis started with a targeted Poli-Cyber hack of an unprecedented nature. Its shockwaves and repercussions continue to alter political and business fortunes, directions and paradigms not only in the Gulf region but globally. Almost everyone around the world is now aware of the this crisis that started early June. By mid July a Washington Post report cited US intelligence officials that the UAE orchestrated hacking of Qatari government sites, sparking regional upheaval that started it all. more

Security Costs Money. So - Who Pays?

Computer security costs money. It costs more to develop secure software, and there's an ongoing maintenance cost to patch the remaining holes. Spending more time and money up front will likely result in lesser maintenance costs going forward, but too few companies do that. Besides, even very secure operating systems like Windows 10 and iOS have had security problems and hence require patching. (I just installed iOS 10.3.2 on my phone. It fixed about two dozen security holes.) more

WannaCry: Patching Dilemma from the Other Side

WannaCry, originated firstly in state projects but spread by other actors, has touched upon myriads of infrastructure such as hospitals, telecommunication, railroads that many countries have labelled as critical. IT engineers are hastily presenting patching codes in various localized versions. The other patch needed, however, is more than technical. It is normative and legislative. The coding of that patch for a situation like this is in two layers of dilemma. more

The Criminals Behind WannaCry

359,000 computers infected, dozens of nations affected world-wide! A worm exploiting a Windows OS vulnerability that looks to the network for more computers to infect! This is the most pernicious, evil, dangerous attack, ever... Queue the gnashing of teeth and hand-wringing! Wait, what? WannaCry isn't unprecedented! Why would any professional in the field think so? I'm talking about Code Red, and it happened in July, 2001. more

Patching is Hard

There are many news reports of a ransomware worm. Much of the National Health Service in the UK has been hit; so has FedEx. The patch for the flaw exploited by this malware has been out for a while, but many companies haven't installed it. Naturally, this has prompted a lot of victim-blaming: they should have patched their systems. Yes, they should have, but many didn't. Why not? Because patching is very hard and very risk, and the more complex your systems are, the harder and riskier it is. more

IoT Devices Will Never Be Secure - Enter the Programmable Networks

Harvard Business Review just ran an interesting article on the information security aspects of Internet of Things (IoT). Based on the storyline, the smart city initiatives are doomed to fail unless the security of the IoT devices and the systems will be improved. While security of the digital society is obviously a key concern, I am not entirely convinced that relying on the security of individual devices and systems is the best course of action. more

News Briefs

Google Reports 18 Million Daily COVID-19 Related Malware, Phishing Emails Per Day

The Insecurity of the IoT is Only Getting More Profound, Says Principal Researcher at F-Secure

A 60% Rise Reported on Malware Designed to Harvest Consumers’ Digital Data, aka Password Stealers

Florida Cities Are Paying Hundreds of Thousands of Dollars in Ransom to Get Their Data Back

Notorious Hacker Group XENOTIME Expands Its Targeting Beyond Oil and Gas to Electric Utility Sector

Use of DNS Firewalls Could Have Prevented More Than $10B in Data Breach Losses Over the Past 5 Years

Baltimore Gets Hacked: Main Computer Systems Crippled, Experts Estimate Months to Recover

Two Years Later WannaCry Continues to Spread to Vulnerable Devices, Nearly 5M Devices Affected

FBI, Department of Homeland Security Issue Warning About a North Korean Trojan Malware Variant

Volunteer-Based Project Succeeds in Taking Down 100,000 Malware Distribution Sites Within 10 Months

McAfee Labs 2018 Report Reveals 480 New Threats Per Minute, Sharp Increase in IoT-Focused Malware

British Airways Issues Apology for Cyberattack Affecting Hundreds of Thousands of Customers

Newly Discovered Malware Called VPNFilter is Targeting at Least 500K Networking Devices Worldwide

Large Open-Source Data Set Released to Help Train Algorithms Spot Malware

2.6 Billion Records Were Stolen, Lost or Exposed Worldwide in 2017, an 88% Increase From 2016

Enterprise Networks Are Being Impacted by Unwanted and Unidentified Cryptomining Activity

Access Logs Reveal 12M Visits to .CM Typosquatted Sites Just in 2018 So Far

Boeing Says WannaCry Outbreak ‘Overstated and Inaccurate’

Report Estimates Cybercrime Taking $600 Billion Toll on Global Economy

UK’s Government Websites Infected by Cryptocurrency Mining Malware

Most Viewed

Most Commented

Industry Updates

What Are the Internet Domains Connected to the Conficker Botnet?

Are There More Properties Connected to the Pareto Botnet?

WhoisXML API Enriches Its DNS Database Download Capabilities

A Glimpse of Big Telcos’ Domains and Subdomains Footprints

Industry Insights: Verisign, ICANN and Industry Partners Collaborate to Combat Botnets

Top Music Streaming Services: What’s Their Potential Domains & Subdomains Attack Surface?

More from DarkSide? We Ran an Analysis of Additional Identified Artifacts

ZeuS, Still Alive and Kicking in the Form of Jabber ZeuS?

SideWinder DNS Blackholes Uncovered with Threat Intelligence Platform

Given a Malicious Email Address, What Can You Discover with Maltego’s WhoisXML API Transforms?

How Reverse IP Lookup API Can Help Detect Connected Domains

Gathering Context Around Emotet, Trickbot, and Dridex C&C Servers with Bulk IP Geolocation

How Cyber Threat Intelligence Feeds Can Support MSSPs

What Cyber Threat Intelligence Tools Can Reveal about a Targeted Attack

Threat Intelligence: The First Line of Defense Against Data-Stealing Ransomware

Participants – Random Selection