TRAC

May 30, 2014

SECURITY

Walking in a Winter Wonderland

3 min read

It is not uncommon to see an anti-spam system catch >99% of the spam passing through it. Most of the best anti-spam systems catch >99.9% of spam. In this environment, spammers try just about anything to evade spam filters. Some spammers believe that blasting at high volume is the key to success. Others believe complete […]

May 20, 2014

SECURITY

April 2014 Threat Metrics

3 min read

April kicked off with a 1:292 rate of malware encounters and closed with a rate of 1:315. Highest peak day was April 20 when the rate reached 1:177. Lowest was April 4 at 1:338. The median rate of web malware encounters in April 2014 was 1:292, representing a slight improvement over the median of 1:260 […]

May 19, 2014

SECURITY

Angling for Silverlight Exploits

6 min read

This post is co-authored by Andrew Tsonchev, Jaeson Schultz, Alex Chiu, Seth Hanford, Craig Williams, Steven Poulson, and Joel Esler. Special thanks to co-author Brandon Stultz for the exploit reverse engineering.  Silverlight exploits are the drive-by flavor of the month. Exploit Kit (EK) owners are adding Silverlight to their update releases, and since April 23rd we have […]

May 5, 2014

SECURITY

IE Zero Day – Managed Services Protection

1 min read

As of May 1, 2014, we can confirm Cisco customers have been targets of this attack. For the latest coverage information and additional details see our new post on the VRT blog. Protecting company critical assets is a continuing challenge under normal threat conditions. The disclosure of zero-day exploits only makes the job of IT […]

April 28, 2014

SECURITY

IE Zero Day and VGX.dll

2 min read

Update 5-1-2014: We can confirm Cisco customers have been targets of this attack. For the latest coverage information and additional details see our new post on the VRT blog.  The recent discovery of a new Internet Explorer zero-day exploit underlines how exposed web browsers are to vulnerabilities for which a patch is yet to be released. Cisco is […]

April 15, 2014

SECURITY

Year-Long Exploit Pack Traffic Campaign Surges After Leveraging CDN

7 min read

Anyone can purchase an exploit pack (EP) license or rent time on an existing EP server. The challenge for threat actors is to redirect unsuspecting web browsing victims by force to the exploit landing page with sustained frequency. Naturally, like most criminal services in the underground, the dark art of traffic generation is a niche specialty that must be purchased to ensure drive-by campaign success. For the past year we have been tracking a threat actor (group) that compromises legitimate websites and redirects victims to EP landing pages. Over the past three months we observed the same actor using malvertising - leveraging content delivery networks (CDNs) to facilitate increased victim redirection - as part of larger exploit pack campaigns.

April 10, 2014

SECURITY

March 2014 Threat Metrics

2 min read

The median rate of web malware encounters in March 2014 was 1:260, compared to a median rate of 1:341 requests in February. At least some of this increased risk appears to have been a result of interest in the NCAA tournaments (aka March Madness), which kicked off during the second week of March in the […]

March 21, 2014

SECURITY

February 2014 Threat Metrics

2 min read

Web surfers in February 2014 experienced a median malware encounter rate of 1:341 requests, compared to a January 2014 median encounter rate of 1:375. This represents a 10% increase in risk of encountering web-delivered malware during the second month of the year. February 8, 9, and 16 were the highest risk days overall, at 1:244, […]

March 20, 2014

SECURITY

Coordinated Website Compromise Campaigns Continue to Plague Internet

3 min read

This post is co-authored with Levi Gundert and Andrew Tsonchev. Update 2014-03-21: For clarity, the old kernel is a common indicator on the compromised hosts. We are still investigating the vulnerability, and do not yet know what the initial vector is, only that the compromised hosts are similarly ‘old’. Update 2014-03-22: This post’s focus relates […]