Security Blog

Leave blank for all. Otherwise, the first selected term will be the default instead of "Any".
Chris Larsen's picture
Written by
Chris Larsen, Jeff Doty

[Our "exkit expert" returns, with his take on recent changes in BHEK. --C.L.]

Today I am looking at some of the updates that we have been seeing in the Blackhole Exploit Kit.

screenshot of BHEK infection-stats page

Chris Larsen's picture
Written by
Chris Larsen

Along with the public release of information about a large, long-running malvertising campaign, I also sent the full list of steathy malvertising domains to several contacts in the WebAd/anti-malvert

Chris Larsen's picture
Written by
Chris Larsen

While poking around in our shady-traffic logs Wednesday, I found a network big enough to be worthy of a blog post.

It's what we usually call a "spam/scam" network, although the spam aspect is a bit different, being based on Facebook rather than e-mail. Here's a sample page from Facebook:

Snorre Fagerland's picture
Written by
Snorre Fagerland
resistencia-banner – Sometimes we come across targeted attacks a bit out of the ordinary. One such campaign I stumbled across the other day while going through some Malware Analyzer G2 screenshots. Contrary to regular malware, targeted malware is often visual, due to the need to social engineer the targeted person into thinking a normal document was opened.
Chris Larsen's picture
Written by
Chris Larsen

Partly because the previous post got a bit of publicity, but mostly due to the fact that there were a lot more sites to research, I decided to do a follow-up post on the big malvertising network that's been running for months.

Chris Larsen's picture
Written by
Chris Larsen, Jeff Doty

[Some nice research from Jeff in our internal blog a few days ago. Needs a wider audience, since we've seen some folks following the wrong C&C trail. --C.L.]