malware
Using DNS RPZ to Block Malicious DNS Requests
3 min read
After delivering several presentations at Cisco Live and Cisco Connect this year, I received a few questions regarding DNS Response Policy Zones (RPZ) and how can they be used to block DNS resolution to known malicious hosts and sites. I decided to write this short post to explain what it is and provide several pointers. […]
Crumbling to the Cookiebomb
2 min read
Recently we have seen a spate of government websites hosting malicious Cookiebomb JavaScript. We have observed URLs with the top level domains such as ‘.gov.uk’, ‘.gov.tr’, ‘.gov.pl’ and the website of a middle eastern embassy in the US become compromised and expose visitors to malware infection. For malicious actors, highly reputable websites are a valuable […]
DNS Compromise Distributing Malware
3 min read
DNS records are an attractive target for distributors of malware. By compromising the DNS servers for legitimate domains, attackers are able to redirect visitors to trusted domains to malicious servers under attacker control. DNS requests are served from dedicated servers that may service many thousands of domains. Compromising these servers allows attackers to take over […]
Zeus Botnet Impersonating Trusteer Rapport Update
1 min read
Starting Friday, July 19, 2013 at 14:45 GMT, Cisco TRAC spotted a new spam campaign likely propagated by the Zeus botnet. The initial burst of spam was very short in duration and it’s possible this was intended to help hide the campaign, since it appears to be targeted towards users of a Trusteer product called […]
Network Solutions Customer Site Compromises and DDoS
1 min read
Network Solutions is a domain name registrar that manages over 6.6 million domains. As of July 16, 2013, the Network Solutions website is under a Distributed Denial of Service (DDoS) attack. Recently, Network Solutions has been a target for attackers; in a previous outage, domain name servers were redirected away from their proper IP addresses. This […]
BYOD: Many Call It Bring Your Own Malware (BYOM)
4 min read
It is not new that people are referring to Bring Your Own Device (BYOD) as Bring Your Own Malware (BYOM). In 2012 alone, Android malware encounters grew 2,577 percent (for details, see Cisco’s Annual Security Report). Many organizations are struggling to keep up with the BYOD trend by allowing employees to bring their favorite gadgets […]
Plesk 0-Day Targets Web Servers
2 min read
Update 6/6/2013: We’re seeing reports of exploitation of this vulnerability. We can confirm Global Correlation – Network Participation telemetry is seeing multiple exploitation attempts across many customers. Customers who participate in Global Correlation – Inspection have a higher chance of this signature blocking in the default configuration since the sensor will take the reputation of an attacker into account […]
Botnets Riding Rails to your Data Center
3 min read
Cisco Security Intelligence Operations is tracking reports of ongoing exploitation of a vulnerability in the popular web application framework Ruby on Rails that creates a Linux-based botnet. The vulnerability dates back to January 2013 and affects Ruby on Rails versions prior to 3.2.11, 3.1.10, 3.0.19, and 2.3.15. Cisco Security Intelligence Operations’ has previously published an […]
Coordinated Attacks Against the U.S. Government and Banking Infrastructure
8 min read
Prologue On April 10, 2013, a collective of politically motivated hacktivists announced a round of planned attacks called #OPUSA. These attacks, slated to begin May 7, 2013, are to be launched against U.S.-based targets. #OPUSA is a follow-up to #OPISRAEL, which were a series of attacks carried out on April 7 against Israeli-based targets. Our goal here is to […]
2