March 28, 2012 | Jaime Blasco

Mac OS X trojan encryption routines found in a Linux backdoor

We were working on some information related to the C&C protocol used on the [no longer available] Mac OS X trojan we discovered last week. ESET already did a great job [no longer available]and you can read all the information there. As ESET said,…

March 27, 2012 | Jaime Blasco

MS Office exploit that targets MacOS X seen in the wild - delivers "Mac Control" RAT

Continuing our research on Tibet attacks, we have found more Mac trojans and some interesting MS Office files that  deliver them. The group behind these attacks is the same we have been tracking for a while:- [no longer available] AlienVault Tibet related Research now used to target Tibetan non-governmental organizations …

Get the latest security news in your inbox.

Subscribe via Email

March 26, 2012 | Conrad Constantine

Sweeping Our Doorsteps – Why Your Security Is My Problem

Presented at the Briefings Center during RSA Conference 2012 – transcript follows When I first started putting this talk together, I had a feeling I might be the only one discussing this subject this year; since arriving this monday however I’ve heard more and more people talking about this – the idea of more information sharing and something I…

March 19, 2012 | Jaime Blasco

AlienVault Tibet related Research now used to target Tibetan non-governmental organizations

A few hours ago Greg Walton posted a warning on spearphishing mails sent to non-governmental organizations related to Tibet. The content of these emails is about our previous research Targeted Attacks against Tibetan organizations.—————Forwarded message—————From: webmaster <[email protected]>Date: Mon, Mar 19, 2012 at 8:20 AM …

March 13, 2012 | Jaime Blasco

Targeted attacks against Tibet organizations

We recently detected several targeted attacks against Tibetan activist organizations including the Central Tibet Administration and International Campaign for Tibet, among others. We believe these attacks originate from the same group of Chinese hackers that launched the ‘Nitro’ attacks against chemical and defense companies late last year and are aimed at both spying on and stealing sensitive information about these…

February 25, 2012 | Conrad Constantine

Got a Question for the labs guys? Come Heckle us at RSA Booth 717 and Bsides

So once  again, the time to drink from the firehouse is upon us: RSA Conference 2012 and BSides San Francisco are a few short days away. This year is looking like it will be an event on monstrous proportions: 2011 was an exceptionally busy year for things of significance in the Infosec world and there’s no shortage of hot topics to…

February 25, 2012 | Conrad Constantine

If It's Stupid and it works, It's not Stupid!

One of my favorite ways to explain threat-modelling to people outside the field,  starts with a little humor:A martial arts instructor is teaching a new class; wanting to impress them with his flashy techniques, he picks upon the frailest-looking new student and instructs them to attack him…..the student, who has never been in an actual fight before, comes…

February 22, 2012 | Dominique Karg

AlienVault Open Threat Exchange (AV-OTX) released!

We’re proud to announce the immediate availability of the first phase of our threat exchange platform. You can check the marketing text on the AlienVault main site.We’ll be releasing more detail on the inner workings as we go on, or if you can’t wait, just upgrade your OSSIM installation and have a look…

February 22, 2012 | Dominique Karg

Introducing the Alienvault Labs

We’re proud to present the new Alienvault Labs.This portal should unify research and development efforts made around the Alienvault SIEM and other security areas.For the launch we’ve reposted Jaime Blasco’s and DK’s complete blogs, along with some presentations and open source code. There’s more code to come and we’ve got some special…

February 14, 2012 | Jaime Blasco

Some APT C&C traffic Snort rules

Commandfive did a great job and published a research document that describes some APT C&C communication protocols used on the SK Communications hack and other recent attacks.We have written some snort rules to detect the protocols described on the analysis.We have tested some of them with…

February 1, 2012 | Alberto Ortega

Detecting malware domains by syntax heuristics

An important challenge we face when feeding our Open Source IP Reputation System is to differentiate between real threats and false positives.However, nothing in the universe is black or white. Each IP in the database has a reliability value from 1 to 10. That’s because in some special scenarios, an IP can be good and bad at the same…

January 19, 2012 | Conrad Constantine

New Garage Tool: ClearCutter

I’ve just finished committing the first alpha release of ClearCutter to the Alienvault-Garage repository on GoogleCode. It’s a tool born of necessity, for anyone whose spent a good amount of time on those ‘SIEM pre-processing’ tasks, neck-deep in sed, grep,awk, uniq.Clearcutter (because it ‘clears a forest of logs’) is my work-in-progress combination tool for all those…

Watch a Demo ›