This blog was co-authored by Kevin Brooks, Alex Chiu, Joel Esler, Martin Lee, Emmanuel Tacheau, Andrew Tsonchev, and Craig Williams.
On the 21st of July, 2014, Cisco TRAC became aware that the website dwnews.com was serving malicious Adobe Flash content. This site is a Chinese language news website covering events in East Asia from a US base. The site is extremely popular, rated by Alexa’s global traffic ranking as the 1759th most visited website worldwide, and the 28th most visited in South Korea. In addition the news site also receives a substantial number of visitors from Japan, the United States and China.
This malware campaign does not appear to be tightly targeted. Twenty-seven companies across eight verticals have been affected:
Banking & Finance
Energy, Oil, and Gas
Engineering & Construction
Pharmaceutical & Chemical
Retail & Wholesale
This is indicative of the campaign acting as a drive-by attack targeting anyone attempting to view one of the affected sites.
Read More »
Tags: botnets, Malware Analysis, security, TRAC, VRT
Malware can find its way into the most unexpected of places. Certainly, no website can be assumed to be always completely free of malware. Typically, there are many ways that websites can be compromised to serve malware:
Read More »
Tags: cloud security, incident response, IPS, malware, security, TRAC
Phishing attacks use social engineering in an attempt to lure victims to fake websites. The websites could allow the attacker to retrieve sensitive or private information such as usernames, passwords, and credit card details. Attacks of this kind have been around since 1995, evolving in sophistication in order to increase their success rate. Up until now, phishing attacks were generally viewed as isolated events that were dealt with on a case-by-case basis. The dawn of big data analysis in computer security allows us to store data indefinitely and watch the changes and growth of attacks over long periods of time. In 2012, we began tracking a sophisticated phishing campaign that is still going strong.
Google, one of the largest players in the cloud business, offers dozens of free cloud services: Google Email, Google Drive, Google Docs, Google Analytics, YouTube, etc. To enable easy access across all of these properties, Google built what they call, “One account. All of Google.” Read More »
Tags: anti-spam, Google, identity theft, phishing, scam, spam, spear phishing, threat intelligence, TRAC, TRAC Big Data Analysis
This post has been coauthored by Joel Esler, Craig Williams, Richard Harman, Jaeson Schultz, and Douglas Goddard
In part one of our two part blog series on the “String of Paerls” threat, we showed an attack involving a spearphish message containing an attached malicious Word doc. We also described our methodology in grouping similar samples based on Indicators of Compromise: static and dynamic analysis indicators. In this second part of the blog series we will cover the malicious documents and malicious executables. For the technical deep dive see the write up on the VRT blog here.
Tags: malware, phishing, security, spear phishing, TRAC, VRT
Craig Williams and Jaeson Schultz have contributed to this post.
We blogged in September of 2013 about variants of Havex. A month ago on June 2, 2014, I had the chance to give a presentation at AREA41. In my presentation “The Art of Escape,” I talked about targeted attacks involving watering holes.
If we look at the timeline of the attacks we see two clear impacting factors:
- CVE release time
- Timeframe of new PluginDetect
This explains why we saw an increase in watering hole attacks peaking in August
Read More »
Tags: Advanced Malware Protection, malware, Malware Analysis, TRAC, Watering Hole, watering hole attack