Security Blog

Snorre Fagerland's picture
Written by
Ashwin K. Vamshi

It is very common for malicious actors to attempt to exploit trending news in order to lure users to execute malicious programs. As a regular practice we keep track of such instances.

Waylon Grange's picture
Written by
Waylon Grange

Last month we released our report on the Inception Framework and as part of that report outlined how a nation-state level attack compromised over 100 embedded devices on the Internet to use them as a private proxy to mask their identity

Chris Larsen's picture
Written by
Chris Larsen

A couple of years ago, we published an in-depth series of blog posts looking at the world of Search Engine Poisoning attacks (SEP).

Andrew Brandt's picture
Written by
Andrew Brandt

As the year winds down, it seems like a good time to take a look back at the past 12 months and review the hazards chucked into our inboxes by spammers sending us hostile code of one form or another. Not only does such a retrospective serve an illustrative, instructional purpose, but we get one last opportunity to mock them before the year ticks over to 2015.

It's been a strange, though still incredibly dangerous, year for spam-borne hazards. While most of the campaigns I've summarized below seem to broadly target random strangers over the Internet, several were clearly spear-phishing attempts at obtaining sensitive information from individuals (including myself, as recently as a week ago).

For the most part, there haven't been many notable differences in the payloads delivered via email (I've been referring to the most common payloads of malicious spam as "The Usual Suspects" for most of the past year), and almost no variation in the methods used to deliver those payloads.

Instead, the spammers seem to have spent most of their time building up a large cache of unexpectedly varied social engineering scams designed to convince the recipient that the email message originates from a legitimate source. But that doesn't mean there haven't been technological advances, as well.

Among the oddest social engineering tricks used in spam this year were fake "NYPD Homicide Suspect" bulletins and Pizza Hut "coupon" emails, but these ended up lumped in with the vast majority of equally dangerous, if not quite so bizarre, targeted spam campaigns that were more plausible.

Felix Leder's picture
Written by
Felix Leder, Ryan W. Smith

Blue Coat researchers have discovered new Android malware targeting high-profile victims in sectors such as government, finance, military and engineering. We have evidence that this malware has targeted victims in at least 37 countries.

Maureen Oconnell's picture
Written by
Snorre Fagerland and Waylon Grange


·        One of the most sophisticated malware attacks Blue Coat Labs has ever seen

·        Initially targeted at Russia, but expanding globally