Mary Landesman

Senior Security Researcher

Cisco TRAC

A security industry veteran, Mary Landesman has been researching malware and security events since the Michelangelo virus appeared in Feb 1991. As a senior security researcher for Cisco TRAC, a division of Cisco SIO, Mary analyzes large data sets to determine the latest Web-based threats and security trends. Mary's analytic skills enabled her to be the first to discover Gumblar in 2009 and the first widespread compromise of Web hosting servers in late 2006.

Prior to joining Cisco via the ScanSafe acquisition, Mary was a senior manager for the Microsoft Anti-Malware Research and Response Team where she employed her data analytics skill to kickoff the first Microsoft Annual Security Reports. During the height of the email worm wars, Mary was the Malware Response Coordinator for FrontBridge Technologies where she was responsible for discovering new outbreaks and writing the defensive rules for pre-signature quarantine. Other security industry roles have included Product Manager for InDefense, Inc. and Technical Support Supervisor for Command Software Systems. Mary has also consulted to various other security firms throughout the years, including Shavlik Technologies, AV-Test.org, Trend Micro, and ReversingLabs.

Mary has published a multitude of security focused articles in a variety of publications, including Virus Bulletin, Elsevier, PC World, and ZDNet. She has also presented at several conferences, including e-Crime Congress, Virus Bulletin, RSA, and Gartner.

In 2009, 2010, and again in 2011, Mary was awarded a Microsoft MVP for her role in furthering consumer security. In 2010, Apollo Research declared Mary the most quoted security researcher for malware and phishing and third most quoted for security overall. In 2012, eWeek magazine listed Mary as one of the "10 Women in Information Security that Everyone Should Know".


May 20, 2014


April 2014 Threat Metrics

April kicked off with a 1:292 rate of malware encounters and closed with a rate of 1:315. Highest peak day was April 20 when the rate reached 1:177. Lowest was April 4 at 1:338. The median rate of web malware encounters in April 2014 was 1:292, representing a slight improvement over the median of 1:260 […]

April 10, 2014


March 2014 Threat Metrics

The median rate of web malware encounters in March 2014 was 1:260, compared to a median rate of 1:341 requests in February. At least some of this increased risk appears to have been a result of interest in the NCAA tournaments (aka March Madness), which kicked off during the second week of March in the […]

March 21, 2014


February 2014 Threat Metrics

Web surfers in February 2014 experienced a median malware encounter rate of 1:341 requests, compared to a January 2014 median encounter rate of 1:375. This represents a 10% increase in risk of encountering web-delivered malware during the second month of the year. February 8, 9, and 16 were the highest risk days overall, at 1:244, […]

March 5, 2014


January 2014 Threat Metrics

January 2014 started with a bang, with one in every 191 web requests resulting in a web malware encounter. The Cisco Computer Security Incident Response Team (CSIRT) observed this same trend, witnessing a 200% increase in web malware encounters experienced by Cisco employees for the month. Overall, January 1, 25, and 26 were the highest […]

February 14, 2014


Email Attackers Tune Pitch for Wide Appeal

In recent weeks, the volume of malicious email carrying attachments has increased substantially. To entice recipients into opening those attachments, attackers are employing pitches across a wide range of subjects.  In doing so, they are defeating the often doled out advice to not open attachments in email received unexpectedly. One of the more striking examples […]

May 1, 2013


Linux/CDorked FAQs

Last Friday (April 26), ESET and Sucuri simultaneously blogged about the discovery of Linux/CDorked, a backdoor impacting Apache servers running cPanel. Since that announcement, there has been some confusion surrounding the exact nature of these attacks. Rather than reinvent the analysis that has already been done, this blog post is intended to clear up some of the confusion. When did Linux/CDorked […]

April 22, 2013


Customized WordPress, Joomla Brute Force Login Attempts

In recent weeks, the occurrence of brute force login attempts targeting WordPress and Joomla installations have significantly increased in volume, with some entities reporting triple the attempts seen in the past. The attack volume has been so severe that it has led some hosting providers to block all attempts to access wp-login.php, even for site […]

April 2, 2013


Apache Darkleech Compromises

Dan Goodin, editor at Ars Technica, has been tracking and compiling info on an elusive series of website compromises that could be impacting tens of thousands of otherwise perfectly legitimate sites. While various researchers have reported various segments of the attacks, until Dan’s article, no one had connected the dots and linked them all together. Dubbed “Darkleech,” thousands of […]