Last evening we started seeing a stream of new malware that was a lot like the recent Storm ZIP run on about April 12. All of this malware is related to CME-711. This time we see a few changes:
RAR is used instead of ZIP, but it’s still password protected
The “outer” executable isn’t the basic storm [...]
ATLAS is one of my dreams coming to fruition. I love data, and I love a global view. Watching and measuring the recent Nirbot activity is the sort of thing is what I love about it, and I think it’s something that other people love about it.
Last weekend, the weekend of the 14th, Nirbot rolled [...]
A decade ago IF your PC was compromised it was usually just taken for a joy ride. Today, with the monetization of bots, ease of compromise, prevalence of malware, and increasing connectedness of endpoints on the Internet, WHEN your assets are compromised they’re subjected to something more akin to a chop shop.
To follow this [...]
The latest turn in the Nirbot saga is that they’ve gone and incorporated the MS Windows DNS RPC interface exploit into their bot. We started seeing this in ATLAS starting Sunday evening GMT and it appears that this flood of MS DNS RPC exploits was seeded into an existing botnet. It appears that one of [...]
I spent a good portion of my day watching the Storm worm mutate from EXEs being spammed through to ZIP files in password protected bodies. This is a change in tactics for the Storm Worm team and has proven to be effective at evading AV. The Storm Worm is malware designed to install spammer toolkits.
Throughout [...]
