….let’s try this again…Blognostication and saving things as drafts seems to have gotten the best of me and munged some previous versions of this post, my apologies – please reread for a slighly less confusing version. — In compiling results from the current revision of […]
Read moreThis morning, on one of the malicious activity tracking lists that we subscribe to, someone asked about phishing stats for Q1 2006. I got curious, too, so I ran stats on the feed going into our Active Threat Feed (ATF) phishing policy, and came up […]
Read moreEvery now and then, malicious or obfuscated JavaScript will appear on the radar, and this is how I’ve developed ways to determine what’s going on. The goals of malicious JavaScript are obvious: exploit a web browser vulnerability. The goals of obfuscated JavaScript are a bit […]
Read moreI recently wandered into Ann Arbor’s (and the first ever) Borders Books & Music store where I came upon a magazine titled “Skeptical Inquirer – The Magazine for Science and Reason.” At the bottom of the magazine cover, I read the text “Published by the […]
Read moreDave Goldsmith had a great post earlier today which I would like to point out to anyone who hasn’t read it yet. With comments like, “I’m quite positive that when this vulnerability reached Sun Microsystems, someone’s head exploded”, I found his commentary very amusing. Even […]
Read moreI’ve been fingerprinting a lot of malicious servers the past couple of days and improving my approach. I focused on phishing servers because they represent a class of boxes I can interrogate in a few ways. Sure enough, when I run the original tests based […]
Read moreOne of the things we’re doing in our work, and that will likely appear in our VBCon 06 paper, is understanding the distribution of OS’ per botnet command and control (c&c) server. I’ve been using a few tools to do this (it is in bulk…thousands […]
Read moreWe’ve been tracking botnets for some time now; it’s a great way to directly monitor malicious activity. The graph above relates to a botnet I’m currently tracking. It’s seeing a lot of churn – something on the order of thousands of new IP addresses every […]
Read moreQ: What do you get when you cross PROTOS, Metasploit, SPIKE, tcpreplay, and ISIC, and then hardware-accelerate it? A: A slew of recently-launched “security analyzer” products — boxes designed to break just about anything on the network (including other security devices) by being the worst, […]
Read moreGreetings from Ann Arbor…I’m @ Rendez-Vous Cafe – right in the heart of Michigan’s central campus – having a cup of their delicious chocolate raspberry coffee (a must-try if ever you come up to A2). I returned last evening from Vancouver, still a bit over-whelmed […]
Read more