botnet
Threat Spotlight: A String of ‘Paerls’, Part One
5 min read
This post was co-authored by Jaeson Schultz, Joel Esler, and Richard Harman. Update 7-8-14: Part 2 can be found here This is part one in a two-part series due to the sheer amount of data we found on this threat and threat actor. This particular attack was a combined spearphishing and exploit attempt. As we’ve seen in the past, this […]
Steganographic Key Leakage Through Payload Metadata
3 min read
Steganography is the ancient art of invisible communication, where the goal is to hide the very fact that you are trying to hide something. It adds another layer of protection...
High Stakes Gambling with Apple Stock
1 min read
Miscreants are always trying to put new twists on age-old schemes. However, I must admit that this latest twist has me slightly puzzled. Today, Cisco TRAC encountered a piece of stock related spam touting Apple’s stock, AAPL.
Zeus Botnet Impersonating Trusteer Rapport Update
1 min read
Starting Friday, July 19, 2013 at 14:45 GMT, Cisco TRAC spotted a new spam campaign likely propagated by the Zeus botnet. The initial burst of spam was very short in duration and it’s possible this was intended to help hide the campaign, since it appears to be targeted towards users of a Trusteer product called […]
Miscreants and the Principle of Least Effort
2 min read
Back in the old days, when security was much more of an afterthought, it was obvious that miscreants were familiar with the principle of least effort. Information security was still in its Wild West days. Managed disclosure and patching did not really exist. Most companies were just coming to realize they would need to put […]
Botnets Riding Rails to your Data Center
3 min read
Cisco Security Intelligence Operations is tracking reports of ongoing exploitation of a vulnerability in the popular web application framework Ruby on Rails that creates a Linux-based botnet. The vulnerability dates back to January 2013 and affects Ruby on Rails versions prior to 3.2.11, 3.1.10, 3.0.19, and 2.3.15. Cisco Security Intelligence Operations’ has previously published an […]
Department of Labor Watering Hole Attack Confirmed to be 0-Day with Possible Advanced Reconnaissance Capabilities
2 min read
Update 2 5/9/2013: Microsoft has released a “Microsoft fix it” as a temporary mitigation for this issue on systems which require IE8. At this time, multiple sites have been observed hosting pages which exploit this vulnerability. Users of IE8 who cannot update to IE9+ are urged to apply the Fix It immediately. Update 5/6/2013: An […]
Coordinated Attacks Against the U.S. Government and Banking Infrastructure
8 min read
Prologue On April 10, 2013, a collective of politically motivated hacktivists announced a round of planned attacks called #OPUSA. These attacks, slated to begin May 7, 2013, are to be launched against U.S.-based targets. #OPUSA is a follow-up to #OPISRAEL, which were a series of attacks carried out on April 7 against Israeli-based targets. Our goal here is to […]
Possible Exploit Vector for DarkLeech Compromises
1 min read
Often it is quite surprising how long old, well-known vulnerabilities continue to be exploited. Recently, a friend sent me an example of a malicious script used in an attempted attack against their server: The script attempted to exploit the Horde/IMP Plesk Webmail Exploit in vulnerable versions of the Plesk control panel. By injecting malicious PHP code in the username […]
1