Security Blog

Chris Larsen's picture
Written by
Chris Larsen

Along with the public release of information about a large, long-running malvertising campaign, I also sent the full list of steathy malvertising domains to several contacts in the WebAd/anti-malvert

Chris Larsen's picture
Written by
Chris Larsen

While poking around in our shady-traffic logs Wednesday, I found a network big enough to be worthy of a blog post.

It's what we usually call a "spam/scam" network, although the spam aspect is a bit different, being based on Facebook rather than e-mail. Here's a sample page from Facebook:

Snorre Fagerland's picture
Written by
Snorre Fagerland
resistencia-banner – Sometimes we come across targeted attacks a bit out of the ordinary. One such campaign I stumbled across the other day while going through some Malware Analyzer G2 screenshots. Contrary to regular malware, targeted malware is often visual, due to the need to social engineer the targeted person into thinking a normal document was opened.
Chris Larsen's picture
Written by
Chris Larsen

Partly because the previous post got a bit of publicity, but mostly due to the fact that there were a lot more sites to research, I decided to do a follow-up post on the big malvertising network that's been running for months.

Chris Larsen's picture
Written by
Chris Larsen, Jeff Doty

[Some nice research from Jeff in our internal blog a few days ago. Needs a wider audience, since we've seen some folks following the wrong C&C trail. --C.L.]

 

Atinderpal Singh's picture
Written by
Atinderpal Singh
In November 2012 Necurs malware came in the limelight when Microsoft reported 83000+ infections. After that it was not very active. Some time back it started to show activity again. I started following new samples. As I was analyzing one of the samples I found something that I have never seen in any other malware. I checked some old samples and found that it was doing it for quite some time and had not caught anyone’s attention.