‘There is a shift occurring in the security space around incident response. It’s becoming clear that no organization is completely safe.' Tim Armstrong
Research suggests ransomware is more prevalent than previously thought.
Cisco launches competition to help with securing the Internet of Things.
Energy and utility companies are being turned down when requesting insurance cover for cyber attacks because their defences are perceived to be too weak.
Security firm finds millions of stolen credentials and email addresses on the black market.
Last month, Peter Ferrie described a Windows virus that turns Java class files into droppers for the virus, and concluded that it would be a simple matter to reverse that: for a virus writer to create a Java class file that turns Windows files into droppers for the virus. This is exactly what {W32/Java}/Tarry does.
ProxyCB is a trojan that acts as a proxy server to send spam via the HTTP, HTTPS or SMTP protocol. Wei Wang and Kyle Yang take a detailed look at its installation process, how it bypasses UAC, and the final payload loading process, before dissecting its communication protocol and commands.
Solarbot, a.k.a. Dapato or Napolar, is a traditional botnet that has been around for a while. It is used for spreading other malware and often comes with built-in DDoS and proxy modules. He Xu takes a closer look.
Expiro is a file infector that resurfaces from time to time, demonstrating more skills on each new appearance – infecting a service that gives a unique vantage point on traditional malicious activities; running the malware at computer restart without creating a start‑up registry; using different mutexes for different types of infected process; escalating privileges; and executing infected files without calling the CreateProcess or WinExec APIs. Raul Alvarez takes a closer look.
The author of Simbot doesn’t take anything for granted: all the necessary components for the malware’s execution are bundled and dropped onto the system, including the relevant vulnerable application for exploitation and regular Windows system binaries.
John Aycock highlights an ACSAC paper that looks at the issue of detecting web content modifications.
In this month's VBSpam test, spam catch rates were high, but false positives were still an issue for some products - two of which failed to achieve a VBSpam award. Meanwhile, a slight modification to the rules has made achieving a VBSpam+ award a little harder - yet four products managed to do so.
Must-attend events in the anti-malware industry - dates, locations and further details.