Threat Research

May 20, 2015

THREAT RESEARCH

Little Links, Big Headaches

This post was authored by Earl Carter & Jaeson Schultz. Talos is always fascinated by the endless creativity of those who send spam. Miscreants who automate sending spam using botnets are of particular interest. Talos has been tracking a spam botnet that over the past several months that has been spamming weight loss products, male erectile […]

May 4, 2015

THREAT RESEARCH

Threat Spotlight: Rombertik – Gazing Past the Smoke, Mirrors, and Trapdoors

This post was authored by Ben Baker and Alex Chiu. Executive Summary Threat actors and security researchers are constantly looking for ways to better detect and evade each other.  As researchers have become more adept and efficient at malware analysis, malware authors have made an effort to build more evasive samples.  Better static, dynamic, and automated analysis tools […]

April 27, 2015

THREAT RESEARCH

Threat Spotlight: TeslaCrypt – Decrypt It Yourself

This post was authored by: Andrea Allievi, Earl Carter & Emmanuel Tacheau Update 4/28: Windows files recompiled with backward compatibility in Visual Studio 2008 Update 5/8: We’ve made the source code available via Github here Update 6/9/2016: We’ve released a tool to decrypt any TeslaCrypt Version After the takedown of Cryptolocker, we have seen the rise […]

April 9, 2015

THREAT RESEARCH

Threat Spotlight: SSHPsychos

This post was authored by Nick Biasini, Matt Olney, & Craig Williams   Introduction Talos has been monitoring a persistent threat for quite some time, a group we refer to as SSHPsychos or Group 93. This group is well known for creating significant amounts of scanning traffic across the Internet. Although our research efforts help […]

April 6, 2015

THREAT RESEARCH

Threat Spotlight: Spam Served With a Side of Dridex

This post was authored by Nick Biasini with contributions from Kevin Brooks Overview The use of macro enabled word documents has exploded over the last year, a primary example payload being Dridex. Last week, Talos researchers identified another short lived spam campaign that was delivering a new variant of Dridex. This particular campaign lasted less than […]

April 2, 2015

THREAT RESEARCH

Research Spotlight: FreeSentry Mitigating use-after-free Vulnerabilities

This post was authored by Earl Carter & Yves Younan. Talos is constantly researching the ways in which threat actors take advantage of security weaknesses to exploit systems. Use-after-free vulnerabilities have become an important class of security problems due to the existence of mitigations that protect against other types of vulnerabilities, such as buffer overflows. […]

March 30, 2015

THREAT RESEARCH

Threat Spotlight: Dyre/Dyreza: An Analysis to Discover the DGA

This post was authored by Alex Chiu & Angel Villegas. Overview Banking and sensitive financial information is a highly coveted target for attackers because of the high value and obvious financial implications.  In the past year, a large amount of attention has been centered on Point of Sale (PoS) malware due to its major role in […]

March 17, 2015

THREAT RESEARCH

Research Spotlight: Exploiting Use-After-Free Vulnerabilities

This blog post was authored by Earl Carter & Yves Younan. Talos is constantly researching the ways in which threat actors take advantage of security weaknesses to exploit systems. Yves Younan of Talos will be presenting at CanSecWest on Friday March 20th. The topic of his talk will be FreeSentry, a software-based mitigation technique developed […]

March 12, 2015

THREAT RESEARCH

Talos Discovery Spotlight: Hundreds of Thousands of Google Apps Domains’ Private WHOIS Information Disclosed

This post was authored by Nick Biasini, Alex Chiu, Jaeson Schultz, and Craig Williams. Special thanks to William McVey for his contributions to this post. Table of Contents Overview WHOIS Privacy Protection Why Does This Exist The Issue Implications for the Good/Bad Guys Current State and Mitigations Disclosure Timeline Conclusion Footnotes Overview In mid-2013, a problem […]