- Products
- Solutions
- See All Solutions
- Core Capabilities
- Compliance
- Industry
- Environment
- Pricing
- Our Customers
- Partners
- Resources
- View All Resources
- Blogs
- Product Resources
- Security Resources
- Customer Resources
- Browse by Topic
- Support
"Simplicity is the ultimate sophistication." --Leonardo Da VinciFor the past few decades, I've had a hard time in cocktail party conversations. When someone asks what you do for a living, it's far simpler to say, "I'm a teacher" or "I work on Wall Street" than "I help companies secure their networks and data against bad people…
This morning we woke up with news indicating that Google was flagging the php.net website as potentialy harmful. You can read more information on:- http://news.netcraft.com/archives/2013/10/24/php-net-blocked-by-google-false-positive-or-not.html- http://barracudalabs.com/2013/10/php-net-compromise/We couldn't replicate the behavior as it seem the webmaster modified the files that were producing the…
Looking at the evolution of ransomware, accepting bitcoin as a payment method is probably taking too long for most common ransomware families.Not long ago, we have seen a ransomware family that accepts MoneyPak, Ukash, cashU and Bitcoin as payment methods. Its name is CryptoLocker and is detected by Microsoft as Crilock.A.Just one month after Microsoft released the…
This month, AlienVault launched a new Threat Update Newsletter with the goal of sharing recent threat data from our Open Threat Exchange™ (OTX), as well as recaps of some of the most interesting (or troubling) research and industry news. You can subscribe via e-mail to the Threat Update Newsletter, or subscribe to this blog to get additional information and…
Just a few days ago, the source code of the famous KINS banking trojan was leaked.KINS is a professional-grade banking trojan, destinated to infect as much computers as possible in order to steal credit cards, bank account credentials and related information from victims. Seen as a replacement to Citadel, it was identified in the wild not long ago. Now,…
Malware authors are aware of new technologies and research made by the security community. This is palpable when they implement new vulnerability exploitation on their tools or even reuse source code that belongs to public projects.We have discussed antivm and antisandbox analysis tricks seen in malware samples several times.Not long ago we came across a malware sample that…
Very often when cybercriminals are migrating to new infrastructure or when the previous has been taken down, they point their domain names (sleep) to temporary specific adresses including but not limited to:127.0.0.1 127.0.0.2 255.255.255.254 255.255.255.255 0.0.0.0 1.1.1.1Besides these, other common addresses where they point their domains are DNS servers and other infrastructure of big internet companies such as Google.We are going to describe…
Last week, Microsoft published some details regarding a new zero-day vulnerability affecting Internet Explorer that was being used in targeted attacks against Japanese targets as Fireeye published last week.We have identified a version of the exploit hosted on a subdomain of Taiwan's Government e-Procurement System. When users visit the main webpage a Javascript code will redirect…
A few days ago, a new OSX malware was detected in the wild. It looks like a picture and behaves like it when you click on it. Everything looks fine when the clicked picture is opened on the screen, but the malware also performs some other actions.After the first look, we saw that the malware copies itself to /Users…
A few weeks ago we launched a new free service called Reputation Monitor Alert. The service aims to alert companies about potential compromised systems and other security problems in their infrastructure. To do this we use all the threat intelligence we gather using our IP reputation database among other external reputation sources.Once you login you just have to enter…
During the last few hours several domains including the one from The New York Times have been redirected to a Syrian Electronic Army server. Here is the list of domains pointing to that server:Returned 39 RRs in 1.50 seconds. sokiland.fr.nf. A 141.105.64.37 sea.sy. A 141.105.64.37 m.sea.sy. A 141.105.64.37 mob.sea.sy. A 141.105.64.37 www.mob.sea.sy. A 141.105.64.37 leaks.sea…
A few days ago Microsoft Malware Protection Center published a great blog post about some undocumented instruction tricks being used by several malware families.As you can read in the post, they found some malware samples using FPU instructions that lead to incorrect disassembly in several debuggers and disassemblers.I decided to write a small Python script to help us…
