Security Blog

CryptoLocker, Kegotip, Medfos Malware Triple-Threat

October 22, 2013 - By Andrew Brandt
Victims of October’s malware infection campaigns (so far) can expect to receive a triple-cocktail of threats: a particularly cavalier ransomware called CryptoLocker; clickfraud on a massive scale; and (it goes almost without saying) the theft of passwords and other personal data.

Blocking a Fake "Browser Update" Site

October 14, 2013 - By Chris Larsen
[A post from our internal blog last week, the roll-out of which was delayed due a short family vacation... :)   The junk site is still on line, and the ad networks are still feeding it traffic, so it's worth a public run. --C.L.]  

CryptoLocker, Kegotip, Medfos Malware Triple-Threat

October 10, 2013 - By Andrew Brandt
[bc:lightbox-image-link:2013-10-08_triplethreat_cryptolocker-demand-window.png|2013-10-08_triplethreat_cryptolocker-demand-window_tumb.png] Victims of October’s malware infection campaigns (so far) can expect to receive a triple-cocktail of threats: a particularly cavalier ransomware called CryptoLocker; clickfraud on a massive scale; and (it goes almost without saying) the theft of passwords and other personal data.

More Fake-Java Malvertising

October 4, 2013 - By Chris Larsen
A month ago, we blogged about a malvertising attack centered around fake Java updates... We're currently tracking a similar ad-driven campaign, with a somewhat different-looking landing page: Or, you may see the "scary" version:

A Quick Look at Some Updates to the Blackhole Exploit Kit

October 3, 2013 - By Chris Larsen, Jeff Doty
[Our "exkit expert" returns, with his take on recent changes in BHEK. --C.L.] Today I am looking at some of the updates that we have been seeing in the Blackhole Exploit Kit.

They're Baaaaack... (Return of the Malvertisers)

September 23, 2013 - By Chris Larsen
Along with the public release of information about a large, long-running malvertising campaign, I also sent the full list of steathy malvertising domains to several contacts in the WebAd/anti-malvertising community. This led to a two-front war on the malvertisers, with the ad industry cutting off traffic to the domains at the top, and Blue Coat (and other security companies that follow our blog) blocking the traffic at the bottom.

Stopping a Big Facebook Spam Campaign

September 20, 2013 - By Chris Larsen
While poking around in our shady-traffic logs Wednesday, I found a network big enough to be worthy of a blog post. It's what we usually call a "spam/scam" network, although the spam aspect is a bit different, being based on Facebook rather than e-mail. Here's a sample page from Facebook:

Follow-up on Major Malvertising Network

September 13, 2013 - By Chris Larsen
Partly because the previous post got a bit of publicity, but mostly due to the fact that there were a lot more sites to research, I decided to do a follow-up post on the big malvertising network that's been running for months. To begin with, I should answer the most-asked question, namely, "Is the LA Times still serving the malicious ads?"

A Look at Evasion Techniques in the Pushdo Botnet

September 11, 2013 - By Chris Larsen, Jeff Doty
[Some nice research from Jeff in our internal blog a few days ago. Needs a wider audience, since we've seen some folks following the wrong C&C trail. --C.L.]  

Untangling a Major Malvertising Network

September 4, 2013 - By Chris Larsen
[This post is from our internal blog a week ago. It's a big post, and its size kept it from being edited for official release until now. (And also because even malware researchers need to take an occasional vacation...) --C.L.]