Archive for 'Malware' Category
Fast flux botnets
Researchers at the excellent Honeynet Project have published a detailed paper on the growing phenomenon of what they call “fast flux service networks “. Essentially, criminals are now using DNS records with a short time-to-live that return hundreds of A records of compromized hosts. Both the NS records for the domain and the A records [...]
Read the rest of this entry...Spam more profitable than extortion?
Spam sent directly from botnets is rising and the use of botnets to perform denial of service extortion is declining, according to a blog article posted last week by Symantec. According to Symantec there was “a pretty sharp decline in the daily number of denial of service attacks” during the second half last year, possibly [...]
Read the rest of this entry...Death to antivirus
It’s fun to read other people’s account of something you have gone through yourself. Security legend Marcus Ramun has posted some new articles on his rarely-updated blog, one of which is "Execution control: death to antivirus" where he describes his search for decent execution control software for Windows. I’ve mentioned application whitelisting before. A couple [...]
Read the rest of this entry...CWSandbox: automating malware analysis
A public demo of CWSandbox is now available. This is a tool that allows researchers to analyze the behaviour of suspected viruses, trojans and the like by executing the code inside a virtual environment then recording what Windows API calls it makes. According to the developer’s paper, API calls are trapped by injecting a custom [...]
Read the rest of this entry...