Security Blog

Chris Larsen's picture
Written by
Chris Larsen

Although mobile malware has been a hot topic for a couple of years now, we're still very much in the early phase of adapting to life on this new frontier. In some ways, the mobile malware world is quite different from traditional desktop/laptop malware.

One of these ways is in the lifespan of malicious sites, and today I'll highlight a couple of examples that illustrate this.

Chris Larsen's picture
Written by
Chris Larsen

Here are a couple of interesting sites:

screenshot of site number one

and

screenshot of site number two

Chris Larsen's picture
Written by
Chris Larsen

A month ago, we advised people to consider blocking the .PW top level domain (TLD). There is still a lot of spam happening there, but there have been some changes recently. In particular, there are more "normal" TLDs mixed in with the .PW ones.

Andrew Brandt's picture
Written by
Andrew Brandt
A malware campaign, underway for about a week, is delivering a worm payload that’s engaging in behavior I haven’t seen before: It appears to propagate by using the command-line rar.exe tool to insert copies of itself inside of any RAR archive present on the infected system. If a user inserts a removable storage device, such as a flash thumbdrive, into the infected machine, the worm also creates multiple copies of itself on the drive, with each copy named after any folders present on the root level of the drive.
Chris Larsen's picture
Written by
Chris Larsen

[Disclaimer: This analysis deals largely with circumstantial evidence, for reasons laid out in the introductory blog post to this series. Any conclusions are preliminary, and subject to change based on further research.]

 

Chris Larsen's picture
Written by
Chris Larsen

Occasionally when I travel, I indulge in reading an old-fashioned paper edition of a newspaper. Last week, in Hong Kong, I happened across an interesting article in the Asia edition of the Wall St. Journal (linked here, so you don't have to go find it on paper).