This post was authored by Shaun Hurley, David McDaniel and Armin Pelkmann.
Have you visited amazon.com, ads.yahoo.com, www.winrar.com, youtube.com, or any of the 74 domains listed below lately? If the answer is yes, then you may have been a victim to the “Kyle and Stan” Malvertising Network that distributes sophisticated, mutating malware for Windows and even Macs.
Table of contents
Attack in a Nutshell
Reversing of the Mac Malware
Reversing of the Windows Malware
Protecting Users Against These Threats
Malvertising is a short form for “malicious advertising.” The idea is very simple: use online advertising to spread malware. Read More »
Tags: adware, AMP, Cisco Security, CWS, esa, hacking, kyle, kyle and stan, malicious advertisment, malvertising, malware, reversing, security, spyware, stan, Talos, threat, threat spotlight, wsa
Many web sites provide a setting to reduce the amount of explicit, or objectionable, content returned by the site. The user configures these settings, but many users are unaware such a setting exists, or that it needs to be set for each web site. Additionally, the security administrator cannot audit that users have configured the setting. As a result, users can be exposed to objectionable content or can inadvertently trigger filtering of objectionable content on the Cisco security service (Cisco WSA or CWS), sometimes causing uncomfortable questions from human resources or from management.
An emerging standard defines a new HTTP header, “Prefer: Safe,” which does not require the user to configure each web site. This feature is implemented by Firefox, Internet Explorer 10, and Bing. We anticipate more clients and more content providers will support this emerging standard.
Both Cisco Web Security Appliance (WSA) and Cloud Web Security (CWS) support this emerging standard, and can be configured to insert this header on behalf of HTTP and HTTPS clients. In this way, the security administrator can cause all traffic to default to avoiding explicit or objectionable content, without relying on users to configure their browser or to configure each visited web site.
Tags: Cisco Security Service, content, CWS, HTTP, security, website, wsa
My personal email has 4 characteristics that drive me crazy:
- I get way too much email
- Most of my emails are a waste of time
- Emails carry the risk of, very rarely, nasty virus payloads (or link you to sites that have worse)
- Despite all this, I can’t live without email Read More »
Tags: coc-unified-communications, email security, esa, malware, trojan, virus, web security, wsa
Cisco Security Intelligence Operations is tracking reports of ongoing exploitation of a vulnerability in the popular web application framework Ruby on Rails that creates a Linux-based botnet. The vulnerability dates back to January 2013 and affects Ruby on Rails versions prior to 3.2.11, 3.1.10, 3.0.19, and 2.3.15. Cisco Security Intelligence Operations’ has previously published an analysis of CVE-2013-0156. Cisco is receiving reports of attempted infection from Cisco IPS customers participating in Global Correlation.
Read More »
Tags: botnet, data center, esa, ioc, IPS, Linux, malware, netflow, ruby on rails, TRAC, wsa