Security Lab

Blue Coat Security Blog

A New Twist in Fake-warez Malware

January 25, 2012 - By Chris Larsen
It's been a while since I've posted anything from the world of "fake warez" malware. Last week I came across a site that's using a different tactic than the "classic" method. On the surface, it looks very similar:  

Expanding Black Holes

January 7, 2012 - By Chris Larsen
The big malware story for me over the last month is probably the surge in exploit kit sites hosting the "Blackhole" kit. (BTW, nice write-up last month on the kit on Imperva's blog.) Bad Guys like exploit kits because they are a convenient way to leverage the work of multiple specialists -- it's nice to let somebody else do the challenging technical work of figuring out the discovery and "weaponization" of multiple vulnerabilities, and to be able to attack multiple vulnerabilities at once.

Hunting for Android Malware

December 20, 2011 - By Chris Larsen
I've been meaning to write about malware on Android for some time now, as it is definitely an issue that is on our radar screen... I started thinking about doing a post a few weeks ago, when a very interesting article link was forwarded to me by a fellow Bluecoater: a statement from a Google employee that you don't need antivirus software for Android.

New JavaScript Tricks from the Bad Guys / An Archaeologist at Work

December 12, 2011 - By Chris Larsen
[This article is a combination of two posts from our internal security blog: one from last month when I was on the road, and one from this month that looks back at a different attack from the same time period. The common thread is the never-ending creativity of the Bad Guys in coming up with new ways to abuse JavaScript in cloaking their attacks...] ATTACK #1 (New JavaScript Trick):

Another Facebook Fake Foto Attack, on Hacked Russian Site

November 29, 2011 - By Chris Larsen
[Edited 12/06 -- host domain was mis-typed in one spot as pszm.info; it should have been pzsm.info.] Unlike humans, who usually need a nap after a big Thanksgiving Day feast, our automated modules keep working away. Either that, or malware has zero calories so WebPulse stays hungry... ;)

Search Engine Clutter

November 23, 2011 - By Chris Larsen
I've been doing some research into the current state of SEP (search engine poisoning) attacks lately -- in fact, I meant to do a post about Halloween-themed SEP last month, but had too much travel going on.

No Surprise: Malware is increasing

November 16, 2011 - By Tim Chiu
It should be no surprise to anyone in the security industry that malware is up, especially malware delivered through the web.  There were two news items this week that included some interesting statistics around how fast malware is actually increasing.

Guest Appearance on ITGrackle Podcast

November 4, 2011 - By Chris Larsen
I recently had the honor of being interviewed for a podcast hosted by Calvin Powers, one of the security gurus at IBM (www.itgrackle.com/podcast/). The podcast episode was just posted a couple of days ago (the direct link to the page is here).

SSL Proxy and Anti-Malware Go Hand In Hand

November 1, 2011 - By Tim Chiu
At first glance you may think that an SSL proxy and anti-malware have nothing to do with each other. While each serves its own purpose in a Secure Web Gatway architecture and deployment, they are actually crucial to each other's success in protecting an organization's network from web based threats, malware, and cybercrime.

Visualizing Malnets: Time-lapse Animation

October 26, 2011 - By Chris Larsen | Co-Authored By Jon Dinerstein
A couple of months ago, we showed off a sample of our next-generation malware delivery network ("malnet") graphs. Since then, we've pressed the wizard behind them (Jon) to come up with a way to animate the graphs, so that we could show them in a time-lapse video. Here's what he's come up with so far. (And it will also serve as a test for us to see how well the blog can handle video clips...)   First, a quick explanation of what the video is portraying:
Subscribe to Blue Coat Security Blog