Malware

Malware / Featured Blogs

The Spamhaus Distributed Denial of Service - How Big a Deal Was It?

Mar 30, 2013

If you haven't been reading the news of late, venerable anti-spam service Spamhaus has been the target of a sustained, record-setting Distributed Denial-of-Service (DDoS) attack over the past couple of weeks... Of course, bad guys are always mad at Spamhaus, and so they had a pretty robust set-up to begin with, but whoever was behind this attack was able to muster some huge resources, heretofore never seen in intensity, and it had some impact, on the Spamhaus website, and to a limited degree, on the behind-the-scenes services that Spamhaus uses to distribute their data to their customers. more

Security and Reliability: A Closer Look at Penetration Testing

Mar 12, 2013

As noted in my first article of this series (see part one, two and three), security and reliability encompass holistic network assessments, vulnerability assessments and penetration testing. This month I'd like to go deeper into penetration testing; however, first, let's go back for a quick refresh before getting started. more

Civil Society Hung Out To Dry in Global Cyber Espionage

Mar 04, 2013

This post was co-authored by Sarah McKune, a senior researcher at the Citizen Lab. Public attention to the secretive world of cyber espionage has risen to a new level in the wake of the APT1: Exposing One of China's Cyber Espionage Units report by security company Mandiant. By specifically naming China as the culprit and linking cyber espionage efforts to the People's Liberation Army, Mandiant has taken steps that few policymakers have been willing to take publicly, given the significant diplomatic implications. more

Reducing the Risks of BYOD with DNS-Based Security Intelligence; Part 2: Taking Control

Jan 29, 2013

In part 1, I talked about some of the risks associated with BYOD. But there are actions you can take to greatly reduce this risk. One effective method for limiting the risk of BYOD is to employ DNS-based security intelligence techniques. DNS-based security intelligence makes use of an enterprise's caching DNS server to monitor and block DNS queries to known botnet command and control (C&C) domains. more

EC3, the European Cybercrime Centre, Opened - Challenges All Around

Jan 15, 2013

On Friday 11 January 2013 the European Cybercrime Centre, EC3, officially opened its doors at Europol in The Hague. If something shone through from the speeches of the panel participants, it is that there are tight budget restraints and a strong wish to cooperate with the U.S., the Interpol centre in Singapore and Russia. Let me share my thoughts on expectations. more

CircleID’s Top Ten Posts of 2012

Jan 10, 2013

Here are the top ten most popular news, blogs, and industry updates featured on CircleID during 2012 based on the overall readership of the posts for the past 12 months. Congratulations to all the participants whose posts reached top readership and best wishes to the entire community for 2013. more

Exploits, Curdled Milk and Nukes (Oh my!)

Dec 21, 2012

Throughout the second half of 2012 many security folks have been asking "how much is a zero-day vulnerability worth?" and it's often been hard to believe the numbers that have been (and continue to be) thrown around. For the sake of clarity though, I do believe that it's the wrong question... the correct question should be "how much do people pay for working exploits against zero-day vulnerabilities?" more

Cyber Security: A Duty to Care?

Dec 13, 2012

Yesterday, in my post on three new threats in one day, I posed the question whether it was necessary to develop regulations that would set a minimum standard on cyber security for devices that connect to the Internet. I'm having second thoughts here, which I'll explain in this post, but also try to look at a way forward and ask you to engage. more

Three New Cyber Security Threats in One Day

Dec 12, 2012

Internet crooks never cease to surprise me. The inventiveness in being bad is super. If these guys lent their thinking power to the economy, the economic crisis would be solved within a week. Today I ran into three brand new cyber security threats that were reported on. In one day. So I thought to share them with you. more

WCIT’s Security Issues

Dec 07, 2012

Another contentious issue at the WCIT in Dubai is 'security'. There has been a dramatic increase in nervousness regarding a whole range of security issues, especially in relation to the internet. They include: SPAM, denial-of-service-attacks, identity theft, cybercrime, cyberwarfare, and privacy issues on social media. From the list above it is clear that some of these issues are related to content, while some can be classified as national security and others as criminal offences. In other words, there is no clear-cut issue on what constitutes security. more

Industry Updates

Hunting for TimbreStealer Malware Artifacts in the DNS

A Peek at the PikaBot Infrastructure

A Log4Shell Malware Campaign in the DNS Spotlight

Unveiling Stealthy WailingCrab Aided by DNS Intelligence

DNS Abuse and Redirection: Enough for a New JS Malware to Hide Behind?

Decoy Dog, Too Sly to Leave DNS Traces?

A DNS Deep Dive Into Malware Crypting

A DNS Deep Dive: That VPN Service May Be OpcJacker in Disguise

SocGholish IoCs and Artifacts: Tricking Users to Download Malware

Malware Persistence versus Early Detection: AutoIT and Dridex IoC Expansion Analysis

A Call for Help May Lead to Malware: BazarCall IoC Analysis and Expansion

Eternity’s LilithBot, Soon Available to Regular Internet Users?

Alleviating BlackEnergy-Enabled DDoS Attacks

GALLIUM APT Group and Other Threat Actors in Disguise

Both Aged and New Domains Play a Role in the NDSW/NDSX Malware Campaign

View More