Security Blog

Malnets and Malvertising

November 20, 2012 - By Chris Larsen
Modern malvertising is nasty stuff, for several reasons:

Ransomware is Nasty Stuff

November 9, 2012 - By Chris Larsen, Jeff Doty
A day or two ago, our friends at Symantec released a blog post about the growing success of "ransomware". (They also have a whitepaper here, and a nice gallery of screenshots of several variations here.)

A Malware Hall of Fame

October 31, 2012 - By Chris Larsen
A couple of weeks ago, just prior to taking off on a vacation, I was asked by one of our marketing folks for a list of significant and/or famous malware. So, I spent some time thinking about what examples I would include in a "Malware Hall of Fame" if I were in charge of the museum, and came up with the following two lists of favorite and/or significant malware...   Memorable/significant attacks from the "old days":

Negative-day Blocks

October 20, 2012 - By Chris Larsen
Last year, some of us were talking about how to explain the power of malnet tracking, and Alex suggested that we call it "negative-day blocking", as a play on the well know phrase "zero-day attack". If a zero-day is a new, never-before-seen attack, against a vulnerability for which no patch exists, then a negative-day block is a defense put in place for a new attack one or more days before the attack takes place -- even if that new attack is a zero-day. We liked the "negative-day" term, and it stuck.  

Unmasking a Halloween-themed SEO/SEP Network

October 10, 2012 - By Chris Larsen
Last Fall, as I was doing an in-depth look at Search Engine Poisoning (SEP) attacks, one of the categories that showed up pretty consistently was "holiday themed" SEP. And just in time for Halloween, this week I came across a good-sized network of Halloween-themed SEP sites... Even though Halloween is still 3 weeks away, people are already searching for "killer" (pun intended) costume ideas. Here are some examples of their searches that led them into this network:

User Education: Warn Friends and Family About Tech-support Scams

October 5, 2012 - By Chris Larsen
[In light of events this week, I thought I should move an internal blog post from a couple of months ago up to the public blog, where it can serve a wider audience.]   Flash Back to August:

Work-at-home Scammers Target Brazil with Spamnet

October 4, 2012 - By Chris Larsen
Background: Spamnet Tracking

When Less is Much More – Introducing the Virtual Web Security Gateway

October 2, 2012 - By John Yun
Virtual security appliances are quickly gaining momentum as the ideal solution to secure remote and branch offices. But what is all the fuss about? Virtualization technology has been around for years if not decades and other virtual security solutions, such as firewalls, have been available for a very long time. A few market drivers are fueling the excitement behind virtual security appliances and, in particular, virtual web security... ...

Finding the "Unified" in Hybrid Security Solutions

September 25, 2012 - By Tim Chiu
Most web security vendors today will tell you they offer a hybrid security solution.  What most of them mean by that (including Blue Coat), is that they offer both an on-premise solution (in Blue Coat's case, web security ProxySG appliances) and a SaaS (Security as a Service) offering in the cloud (Blue Coat Cloud Service).  The benefit of implementing and using a hybrid deployment solution is around offering the right solution for each part of your organization.

Tracking a Big Search Engine Poisoning Network

September 25, 2012 - By Chris Larsen
One nice thing about having lots of traffic flowing through WebPulse, and having lots of modules watching for malicious and suspicious activity, is that it's always easy to find an interesting topic for the blog. (The tricky part is finding time to follow a lead, do the background research, and write the blog post. I still don't have an automated system for that...)