Tag Archives: FireEye

Who’s Attacking Whom? Realtime Attack Trackers

January 5, 2015

It seems nearly every day we’re reading about Internet attacks aimed at knocking sites offline and breaking into networks, but it’s often difficult to visualize this type of activity. In this post, we’ll take a look at multiple services for tracking online attacks and attackers around the globe and in real-time.

New Site Recovers Files Locked by Cryptolocker Ransomware

August 6, 2014

Until today, Microsoft Windows users who’ve been unfortunate enough to have the personal files on their computer encrypted and held for ransom by a nasty strain of malware called CryptoLocker have been faced with a tough choice: Pay cybercrooks a ransom of a few hundred to several thousand dollars to unlock the files, or kiss those files goodbye forever. That changed this morning, when two security firms teamed up to launch a free new online service that can help victims unlock and recover files scrambled by the malware.

Attackers Target Internet Explorer Zero-Day Flaw

December 28, 2012

Attackers are breaking into Microsoft Windows computers using a newly discovered vulnerability in Internet Explorer, security experts warn. While the flaw appears to have been used mainly in targeted attacks so far, this vulnerability could become more widely exploited if incorporated into commercial crimeware kits sold in the underground.

Espionage Attacks Against Ruskies?

December 10, 2012

Hardly a week goes by without news of a cyber espionage attack emanating from China that is focused on extracting sensitive data from corporations and research centers in the United States. But analysis of a recent malware campaign suggests that cyberspies in that region may be just as interested in siphoning secrets from Russian targets.

Chats With Accused ‘Mega-D’ Botnet Owner?

December 5, 2011

Recently leaked online chat records may provide the closest look yet at a Russian man awaiting trial in Wisconsin on charges of running a cybercrime machine once responsible for sending between 30 to 40 percent of the world’s junk email.

Where Have All the Spambots Gone?

July 1, 2011

First, the good news: The past year has witnessed the decimation of spam volume, the arrests of several key hackers, and the high-profile takedowns of some of the Web’s most notorious botnets. The bad news? The crooks behind these huge… Read More »

Advanced Persistent Tweets: Zero-Day in 140 Characters

May 3, 2011

The unceasing barrage of targeted email attacks that leverage zero-day software flaws to steal sensitive information from companies and the U.S. government often are characterized as ultra-sophisticated, almost ninja-like in their stealth and anonymity. But according to expert analysis of several recent zero-day attacks – including the much publicized break-in at security giant RSA — the apparent Chinese developers of those attack tools left clues aplenty about their identities and locations, with one actor even Tweeting about his newly discovered vulnerability days in advance of its use in the wild.

RSA and others have labeled recent zero-day attacks as the epitome of an “advanced persistent threat” (APT), a controversial term describing the daily onslaught of digital assaults launched by attackers that are considered to be highly-skilled, determined and have a long-term perspective on their mission. Because these attacks often result in the theft of sensitive and proprietary information from the government and private industry, the details surrounding them usually become shrouded in secrecy as law enforcement and national security officials swoop in to investigate.

But an investigation of some of the open source information available on the tools used in recent attacks labeled APT indicates that some of the actors involved are doing little to cover their tracks, and that not only are they identifiable, but that they’re not particularly concerned about suffering any consequences from their actions.

Microsoft Hunting Rustock Controllers

March 28, 2011

Who controlled the Rustock botnet? The question remains unanswered: Microsoft’s recent takedown of the world’s largest spam engine offered tantalizing new clues to the identity and earnings of the Rustock botmasters. The data shows that Rustock’s curators made millions by pimping rogue Internet pharmacies, but also highlights the challenges that investigators still face in tracking down those responsible for building and profiting from this complex crime machine.