June 3, 2009 - I hate to admit out loud, but up until recently I haven’t used parental controls. I, perhaps like many of you, found them to be ridiculously limiting – especially after the kids reach the age that they need to research (continue reading...) Read more
June 3, 2009 - Today we at McAfee Avert Labs released an excellent paper on browser attacks. Written by Christoph Alme, this paper deals with the many complexities of browser security and attacks. From the paper: Web Browsers: An Emerging Platform Under Attack “The (continue reading...) Read more
June 3, 2009 - Websense Security Labs™ ThreatSeeker™ Network has detected that the payload site for the mass compromise known as Beladen, has changed from Beladen to Shkarkimi. The new site is hosted on the same IP address as Beladen and the (continue reading...) Read more
June 3, 2009 - Posted by Pedram AminiIn July of 2007 two former colleagues and myself had our book "Fuzzing: Brute Force Vulnerability Discovery" published through Addison-Wesley. The book is under 600 pages and took well over a year to complete, during (continue reading...) Read more
June 3, 2009 - It seems like these days every other news breaking story is paralleled with a similar Blackhat SEO fueled Rogueware campaign. Today, Luis Corrons and I were talking about Microsoft’s recently announced Project Natal when his Google search for a video (continue reading...) Read more
June 3, 2009 - Update: 6/4/09 - Rogueware campaign on Twitter continues... "PhishTube Broadcast" became a trending topic on Twitter today. The word “tube” is a big red flag to any Threat Researcher these days, so naturally I had to investigate (continue reading...) Read more
June 2, 2009 - I was having a conversation with someone the other day about how searching for free lyrics online can be risky to an unprotected computer. They stared blankly at me and I realized why. How many adults search for lyrics? (continue reading...) Read more
June 2, 2009 - Earlier today the nice folks at SANS blogged about a malware campaign dressed up as a digital-certificate update for Bank of America. The malicious link contained the substring “bankofamerica.com” and took you to a Web (continue reading...) Read more
June 2, 2009 - Seems like since micro-blogging, social networking, and banking sites are the ones commonly targeted by phishers nowadays, one attack pulled itself away from the trend and went for a more direct approach: email accounts. We’ve recently found a (continue reading...) Read more
June 1, 2009 - Early last week we alerted a government agency about one of the pages in their site that appears to have been injected with malicious frames. The San Bernardino County site’s probation page was, during that time, carrying a frame that (continue reading...) Read more
June 1, 2009 - We have recently found a website that purportedly offers cracks for numerous applications, but in reality serves malicious files to its unknowing users. The website, hxxp://{BLOCKED}ck.com, is allegedly owned by an organization called China.United Telecom. Corp. The said website supposedly offers (continue reading...) Read more
June 1, 2009 - Those of you who already follow me on Twitter know that every once in a while I throw together a quick, geeky puzzle for everyone to solve. After my last challenge, a few people asked me to make (continue reading...) Read more
June 1, 2009 - Websense Security Labs™ ThreatSeeker™ Network has discovered that the official Web site of the Ministry of Water Resources in China has been compromised, and is infecting site visitors with malicious code. A malicious hacker has uploaded a fake online game (continue reading...) Read more
June 1, 2009 - As you have likely read in the news, President Obama gets it: Cybercrime is real, it is not going away, and it’s time that we make it a priority in the U.S. and abroad. As the New York (continue reading...) Read more
June 1, 2009 - Posted by Cody PierceToday we step back into the world of COM/ActiveX to dynamically find object methods in a binary. This is probably the quickest way to identify the code handling the javascript/vbscript invocation of methods. This can then (continue reading...) Read more
June 1, 2009 - Today we released our Spam Report for the month of June. In it we discuss two key findings: President Obama’s First 100 Days of Spam Although you might imagine the change of administration in the United States would have a (continue reading...) Read more