You are viewing 'botnet'

Malware Detection with File Integrity Monitoring

Jeremy Nichols

January 08, 2015 - Posted by Jeremy Nichols to Security Insight

File Integrity Management

In April, I wrote a blog about expanding the use of File Integrity Monitoring (FIM) with a focus on security, in addition to compliance. Now, I am doing a follow-up on this idea, diving into actual use cases where FIM can be leveraged to detect malicious files or code.

The goal of this is not to point to FIM as a stand-alone malware solution, but to outline that it has some untapped potential in this realm and can supplement traditional endpoint security solutions such as anti-virus or anti-malware applications.

There are a plethora of commercial and free FIM solutions available including Samhain, Tripwire and OSSEC. Due to cost and complexity, an enterprise-level file integrity monitoring solution may not always be an option for small to medium-sized businesses.

For the... read more >

The MSSP 12 Days of Christmas

Joseph (JB) Blankenship

December 24, 2014 - Posted by Joseph (JB) Blankenship to Security Insight

Around the holidays, fellow Solutionary Minds blogger Rob Kraus and I like to have little fun with our blogs. Last year, we came up with “The Top Eight Holiday Songs of IT Security.”

This year, we’re sticking with the holiday song theme, but came up with our take on the holiday classic “12 Days of Christmas” called The MSSP 12 Days of Christmas.

On the first day of Christmas, a malicious actor gave to me Heartbleed exploit code.

On the second day of Christmas, a malicious actor gave to me 2 DOS attacks.

On the third day of Christmas, a malicious actor gave to me 3 pastebin dumps.

On the fourth day of Christmas, a malicious actor gave to me 4... read more >

Q3 Quiz Time

Psst - the Answer is "Threat Intelligence Report"

Chad Kahl

October 30, 2014 - Posted by Chad Kahl to Threat Intelligence

threat intelligence report

What do these four items have in common?

  • Shellshock and Son, Aftershock
  • Malware Distribution Analysis
  • “VistaTeam”
  • Disassembled Perl Botnet

If you guessed that it is time for the Solutionary Security Engineering Research Team (SERT) Q3 '14 Threat Intelligence Report, then you have earned a piece of Halloween candy and not Charlie Brown's rock!

Trust me, reading threat intelligence reports is way better with a piece of candy. It also helps when the report is full of interesting and useful information (like this quarter's SERT report).

This quarter's analysis starts with a breakdown of Shellshock and Aftershock.

Shellshock is a 25-year-old vulnerability in the GNU Bash shell that affects nearly every instance of Unix, Linux and Mac OS X, and Aftershock... read more >

Hackers Amass 4.5 Billion Account Records

Russian Cybercrime Gang

Jon-Louis Heimerl

August 06, 2014 - Posted by Jon-Louis Heimerl to Threat Intelligence

Password Breach

Russian hackers, over a period of several years, have bought or compromised websites to amass 4.5 billion account records (usernames, passwords and email addresses), according to a recent report released from Hold Security. This is a total of about 1.2 billion unique entries. When you consider that there are something on the order of 3 billion total Internet users in the world, that means as many as 40% of all world-wide Internet users are directly affected by this compromise.

From available information, it appears that the Russian hackers bought or traded for site and account information, then built a prolonged process to locate and compromise websites that they could include in their botnet. Part of their process was to compromise website databases and steal any account credentials they could... read more >

GameOver ZeuS Media Coverage and Update

Chad Kahl

June 06, 2014 - Posted by Chad Kahl to Threat Intelligence

Sometimes we feel like the IT world needs to have a standard issue wall plaque, poster, or something with two simple words on it: DON’T PANIC. As stated in the Douglas Adams classic, The Hitchhiker’s Guide to the Galaxy:

In many of the more relaxed civilizations on the Outer Eastern Rim of the Galaxy, the Hitchhiker's Guide has already supplanted the great Encyclopedia Galactica as the standard repository of all knowledge and wisdom, for though it has many omissions and contains much that is apocryphal, or at least wildly inaccurate, it scores over the older, more pedestrian work in two important respects. First, it is slightly cheaper; and secondly it has the words DON'T PANIC inscribed in large friendly letters on its cover.

As this applies to the recent messaging from US-CERT,... read more >

1 | 2 | 3 | 4 | Older Entries >>

Voted one of the Best Computer Security Blogs 2016
NTT Security (US), Inc. (formerly Solutionary) is a security consulting and managed security services provider. The NTT Security blog is a place for IT professionals to both learn and talk about the latest in IT security and compliance.

Get the NTT Security Blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)