This blog was co-authored by Kevin Brooks, Alex Chiu, Joel Esler, Martin Lee, Emmanuel Tacheau, Andrew Tsonchev, and Craig Williams.
On the 21st of July, 2014, Cisco TRAC became aware that the website dwnews.com was serving malicious Adobe Flash content. This site is a Chinese language news website covering events in East Asia from a US base. The site is extremely popular, rated by Alexa’s global traffic ranking as the 1759th most visited website worldwide, and the 28th most visited in South Korea. In addition the news site also receives a substantial number of visitors from Japan, the United States and China.
This malware campaign does not appear to be tightly targeted. Twenty-seven companies across eight verticals have been affected:
Banking & Finance
Energy, Oil, and Gas
Engineering & Construction
Pharmaceutical & Chemical
Retail & Wholesale
This is indicative of the campaign acting as a drive-by attack targeting anyone attempting to view one of the affected sites.
Read More »
Tags: botnets, Malware Analysis, security, TRAC, VRT
Craig Williams and Jaeson Schultz have contributed to this post.
We blogged in September of 2013 about variants of Havex. A month ago on June 2, 2014, I had the chance to give a presentation at AREA41. In my presentation “The Art of Escape,” I talked about targeted attacks involving watering holes.
If we look at the timeline of the attacks we see two clear impacting factors:
- CVE release time
- Timeframe of new PluginDetect
This explains why we saw an increase in watering hole attacks peaking in August
Read More »
Tags: Advanced Malware Protection, malware, Malware Analysis, TRAC, Watering Hole, watering hole attack
There is still time to register for the upcoming FIRST Technical Colloquium April 2-3 2013. The event has a very exciting program covering, bitsquatting, webthreats, RPZ, Passive DNS, Real-world monitoring examples, Spamhaus, SIE, Cuckoo Sandbox, Malware Analysis and many more current issues facing the incident response community.
The event’s line-up includes notables from Cisco Security Intelligence Operations (SIO), Internet Systems Consortium, Shadowserver foundation, KPN-CERT, NATO, MyCert and ING amongst others. Program details can be found here.
Read More »
Tags: CSIRT, FIRST, Gavin Reid, KPN-CERT, malware, Malware Analysis, MyCert, NATO, security, security intelligence operations, sio, TRAC