Inside an RFI Botnet
It all began innocently enough; I have been analyzing Apache logs for a while now, and when I spotted an RFI bot that was named “ddos.txt”, you know I had to look. After downloading it and analyzing...
View ArticleThe End Of 2008 In A Few Sentences
In these wee small hours of 2008, some quick thoughts. Researchers have broken SSL CA root certificates via the MD5 collision issues. No great surprise, I think anyone who gave this some serious...
View ArticleClik here to view.
Roundcube Webmail Scanning
I’ve been watching this for a couple of weeks now, I saw some initial requests to look at some data to discover what they may be after. I’ve seen some data about known attack vectors, but I haven’t...
View ArticleClik here to view.
ATLAS 2.0: Observing A Rapidly Changing Internet
It’s already been over 2 years ago since we first introduced our Active Threat Level Analysis System – ATLAS, a multiphase project that’s been evolving pretty much constantly ever since. The first...
View ArticleClik here to view.
More AS4_PATH Triggered Global Routing Instability
For those of you not paying attention, a slew of new instabilities in the global routing system are occurring – again. These are presumably being tickled by another ugly AS4_PATH tunnel bug where...
View ArticleClik here to view.
Pushing the Envelope with Analyzers and Emulators
Via our spam traps, we see a malicious URL being spammed out that was highlighted as suspicious by the MITRE honeyclient and then further analyzed by Wepawet. three exploits leadig to an EXE, a PDF,...
View ArticleClik here to view.
A Deeper Look at The Iranian Firewall
In the previous blog post about the Iranian firewall, we explored macro level Iranian traffic engineering changes (showing that Iran cut all communication after the election and then slowly added back...
View ArticleTrojan.Prinimalka: Bits and Pieces
Trojan.Prinimalka is a banking trojan associated with an attack campaign that received quite a bit of press in October 2012. “Project Blitzkrieg” is “a new cybecriminal [sic] project aimed at...
View ArticleClik here to view.
Scavenging Connections On Dynamic-IP Networks Redux
While a lot has changed since Seth McGann’s 1998 Phrack magazine article “Scavenging Connections On Dynamic-IP Networks,” it’s not hard to extrapolate his idea into modern day malware sinkholes. In...
View ArticleClik here to view.
The Heartburn Over Heartbleed: OpenSSL Memory Leak Burns Slowly
Marc Eisenbarth, Alison Goodrich, Roland Dobbins, Curt Wilson Background A very serious vulnerability present in OpenSSL 1.0.1 for two years has been disclosed (CVE-2014-0160). This “Heartbleed”...
View Article
