Security Blog

They Definitely Spammed the Wrong Guy

May 26, 2013 - By Chris Larsen
Last Friday (5/24), as I was packing for a trip, I took a quick look at the in-box for my Blue Coat e-mail account. There was one from a name I didn't recognize, with a subject line of "Successful Business". It was a spam: (It was interesting that they didn't have the person's name match the e-mail address more closely. Even if the e-mail content wasn't a dead giveaway, this by itself would have raised a yellow flag.)

Google Code Hosting Malware... Again

May 20, 2013 - By Chris Larsen, Adnan Shukor
[Apologies to Adnan for letting his post languish on our internal blog for a week. I remembered last night that I hadn't pushed it out on the public blog yet. --C.L.]  

SEP, Porn, and Malware - Lurking in the Boondocks

May 13, 2013 - By Chris Larsen
Out in the Boondocks of DynDNS I find myself spending a lot of time in the jungles of Dynamic DNS (DynDNS) hosted sites these days -- there is a lot of shady stuff going on in there. (And very little useful content, comparatively speaking, so it's probably a good idea to consider just blocking off this whole area, from a security standpoint...)

Health and Finance (The Spam Version of Death and Taxes)

May 7, 2013 - By Chris Larsen
It's been a while since we've posted about good old spam (the non-malicious kind, although sometimes the lines blur), so I thought I'd share some findings from last weekend's honeypot traffic.   Recent Trends First, we're seeing a *lot* of ".PW" domains involved in spam these days. In fact, unless you've got customers in Palau, you should probably consider blocking anything on their TLD (top-level domain).

Malnet: Wrath of the Gods

April 18, 2013 - By Chris Larsen, An Anonymous Analyst
[Our anonymous analyst is back with another Donovan adventure. As always, the story is fictional, but the events described are true to life. --C.L.]   It started like any other day: gray clouds filling the sky, the rain dripping from the eaves, and not enough hot chocolate in the machine. I sat down at my computer and got to work. Who am I? The name's Donovan. I'm a Private Eye in the fight against malware.

Search Engine Poisoning: A Brief Update

April 5, 2013 - By Chris Larsen
[Update (4/19/2013): I was in Norway last week, doing a presentation on SEP at HackCon (takk!), which was a lot of fun.

Spam, Scam, or Malware?

April 4, 2013 - By Chris Larsen, Adnan Shukor
[Another great post by Adnan in our internal blog. Definitely deserves a wider audience... --C.L.]   Recently, we saw several customer submissions of a particular URL. One thing that caught my attention: the three submitters suggested three different categories for the rating. (The suggestions were: “Malicious Sources”, “Spam”, and “Scam/Questionable/Illegal”.) The question is, do they really understand the meaning of the category they chose, or was each person seeing different things on the link/page?  

Building a Web Security Architecture - New White Paper Can Help You Understand Your Options

March 28, 2013 - By bo.moulton@bluecoat.com
The World Wide Web has become one of the most effective vectors for malware distribution, thanks to its scale (634 million web sites as of Dec. 2012) and ever-changing nature (in 2012 alone, 51 million websites were added to the web and the average web page grew 35%[1]). That’s a lot of places for attackers to hide to try to launch their attacks; it’s one reason we saw a 90% increase in web threats between 2010 and 2011! ... ...

The Exploit Kit "Four Horsemen"

March 20, 2013 - By Chris Larsen, Jeff Doty
[Another good look at the world of exploit kits from Jeff. --C.L.]   Meet the "Four Horsemen" of the Exploit Kit market:      

RSA Conference 2013: Big Data is a Big Deal

March 13, 2013 - By Chris Larsen
In my Friday morning presentation at this year's RSA Conference, I started off by asking the audience, "So, how many of you are sick of hearing about 'Big Data'?" and got a nice laugh. "Big Data" was clearly the "Big Buzzword" this year. And, to be fair, Big Data is cool stuff -- it's what the WebPulse research team plays in every day. (I hope that none of them consider it to be "work" -- I think it's the funnest job in the world.)