April 23, 2012 | Jaime Blasco

MSUpdater Trojan found using CVE-2012-0158: Space and Missile Defense Conference

The number of samples exploiting CVE-2012-0158 has been growing since we reported some of the first infections last week. We have been detecting several ongoing campaigns against several industries. One of the campaigns which attracted our attention is targeting the military and aerospace industry. Some of the documents sent to the victims have still a low antivirus detection. For…

April 18, 2012 | Jaime Blasco

CVE-2012-0158, Tibet, Targeted Attacks and so on

As our friends at TrendMicro reported a couple of days ago that CVE-2012-0158 is being actively used on different spearphishing campaigns mainly against NGO’s and Tibet related organizations. The vulnerability used was patched by Microsoft a week ago: The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2…

Get the latest security news in your inbox.

Subscribe via Email

March 28, 2012 | Jaime Blasco

Mac OS X trojan encryption routines found in a Linux backdoor

We were working on some information related to the C&C protocol used on the http://labs.alienvault.com/labs/index.php/2012/alienvault-research-used-as-lure-in-targeted-attacks/ [no longer available] Mac OS X trojan we discovered last week. ESET already did a great job http://blog.eset.com/2012/03/28/osxlamadai-a-the-mac-payload [no longer available]and you can read all the information there. As ESET said,…

March 27, 2012 | Jaime Blasco

MS Office exploit that targets MacOS X seen in the wild - delivers "Mac Control" RAT

Continuing our research on Tibet attacks, we have found more Mac trojans and some interesting MS Office files that  deliver them. The group behind these attacks is the same we have been tracking for a while: - http://labs.alienvault.com/labs/index.php/2012/alienvault-research-used-as-lure-in-targeted-attacks/ [no longer available] AlienVault Tibet related Research now used to target Tibetan non-governmental organizations …

March 19, 2012 | Jaime Blasco

AlienVault Tibet related Research now used to target Tibetan non-governmental organizations

A few hours ago Greg Walton posted a warning on spearphishing mails sent to non-governmental organizations related to Tibet. The content of these emails is about our previous research Targeted Attacks against Tibetan organizations. —————Forwarded message————— From: webmaster <[email protected]> Date: Mon, Mar 19, 2012 at 8:20 AM …

March 13, 2012 | Jaime Blasco

Targeted attacks against Tibet organizations

We recently detected several targeted attacks against Tibetan activist organizations including the Central Tibet Administration and International Campaign for Tibet, among others. We believe these attacks originate from the same group of Chinese hackers that launched the ‘Nitro’ attacks against chemical and defense companies late last year and are aimed at both spying on and stealing sensitive information about these…

February 25, 2012 | Conrad Constantine

Got a Question for the labs guys? Come Heckle us at RSA Booth 717 and Bsides

So once  again, the time to drink from the firehouse is upon us: RSA Conference 2012 and BSides San Francisco are a few short days away. This year is looking like it will be an event on monstrous proportions: 2011 was an exceptionally busy year for things of significance in the Infosec world and there’s no shortage of hot topics to…

February 25, 2012 | Conrad Constantine

If It's Stupid and it works, It's not Stupid!

One of my favorite ways to explain threat-modelling to people outside the field,  starts with a little humor: A martial arts instructor is teaching a new class; wanting to impress them with his flashy techniques, he picks upon the frailest-looking new student and instructs them to attack him… ..the student, who has never been in an actual fight before, comes…

February 22, 2012 | Dominique Karg

AlienVault Open Threat Exchange (AV-OTX) released!

We’re proud to announce the immediate availability of the first phase of our threat exchange platform. You can check the marketing text on the AlienVault main site. We’ll be releasing more detail on the inner workings as we go on, or if you can’t wait, just upgrade your OSSIM installation and have a look…

February 22, 2012 | Dominique Karg

Introducing the Alienvault Labs

We’re proud to present the new Alienvault Labs. This portal should unify research and development efforts made around the Alienvault SIEM and other security areas. For the launch we’ve reposted Jaime Blasco’s and DK’s complete blogs, along with some presentations and open source code. There’s more code to come and we’ve got some special…

February 14, 2012 | Jaime Blasco

Some APT C&C traffic Snort rules

Commandfive did a great job and published a research document that describes some APT C&C communication protocols http://www.commandfive.com/papers/C5_APT_C2InTheFifthDomain.pdf used on the SK Communications hack and other recent attacks. We have written some snort rules to detect the protocols described on the analysis. We have tested some of them with…

Watch a Demo ›
Get Price Free Trial