May 13, 2013 - By Chris Larsen
Out in the Boondocks of DynDNS
I find myself spending a lot of time in the jungles of Dynamic DNS (DynDNS) hosted sites these days -- there is a lot of shady stuff going on in there. (And very little useful content, comparatively speaking, so it's probably a good idea to consider just blocking off this whole area, from a security standpoint...)
May 7, 2013 - By Chris Larsen
It's been a while since we've posted about good old spam (the non-malicious kind, although sometimes the lines blur), so I thought I'd share some findings from last weekend's honeypot traffic.
Recent Trends
First, we're seeing a *lot* of ".PW" domains involved in spam these days. In fact, unless you've got customers in Palau, you should probably consider blocking anything on their TLD (top-level domain).
April 18, 2013 - By Chris Larsen | Co-Authored By An Anonymous Analyst
[Our anonymous analyst is back with another Donovan adventure. As always, the story is fictional, but the events described are true to life. --C.L.]
It started like any other day: gray clouds filling the sky, the rain dripping from the eaves, and not enough hot chocolate in the machine. I sat down at my computer and got to work.
Who am I? The name's Donovan. I'm a Private Eye in the fight against malware.
April 5, 2013 - By Chris Larsen
[Update (4/19/2013): I was in Norway last week, doing a presentation on SEP at HackCon (takk!), which was a lot of fun.
April 4, 2013 - By Chris Larsen | Co-Authored By Adnan Shukor
[Another great post by Adnan in our internal blog. Definitely deserves a wider audience... --C.L.]
Recently, we saw several customer submissions of a particular URL. One thing that caught my attention: the three submitters suggested three different categories for the rating. (The suggestions were: “Malicious Sources”, “Spam”, and “Scam/Questionable/Illegal”.)
The question is, do they really understand the meaning of the category they chose, or was each person seeing different things on the link/page?
March 28, 2013 - By bo.moulton@bluecoat.com
The World Wide Web has become one of the most effective vectors for malware distribution, thanks to its scale (634 million web sites as of Dec. 2012) and ever-changing nature (in 2012 alone, 51 million websites were added to the web and the average web page grew 35%[1]). That’s a lot of places for attackers to hide to try to launch their attacks; it’s one reason we saw a 90% increase in web threats between 2010 and 2011! ... ...
March 20, 2013 - By Chris Larsen | Co-Authored By Jeff Doty
[Another good look at the world of exploit kits from Jeff. --C.L.]
Meet the "Four Horsemen" of the Exploit Kit market:
March 13, 2013 - By Chris Larsen
In my Friday morning presentation at this year's RSA Conference, I started off by asking the audience, "So, how many of you are sick of hearing about 'Big Data'?" and got a nice laugh. "Big Data" was clearly the "Big Buzzword" this year.
And, to be fair, Big Data is cool stuff -- it's what the WebPulse research team plays in every day. (I hope that none of them consider it to be "work" -- I think it's the funnest job in the world.)
March 7, 2013 - By Chris Larsen | Co-Authored By Jeff Doty
[Great post from Jeff yesterday on our internal blog. --C.L.]
Meet the Face of Evil.
Would you believe that this:
is actually a cover for this?
March 5, 2013 - By Tim Chiu
When you’re touting technology like Blue Coat’s Webpulse with Negative Day Defense, where you claim you’re protecting users well before an attack actually happens, it’s sometimes hard to have proof points to show you’ve been protecting an organization all along (even after an attack goes live), that you’ve been successful in preventing that attack from doing any damage. Our malware research team does a great job of describing how we’re successful in protecting users from all sorts of malware in the man
