Treat Malware like the Disease It Is

March 1, 2013 by Leave a comment

In a new article by Hal Hodson of the New Scientist, he suggests treating the difficult task of classifying different kinds of malware as a biology problem. By treating computer viruses as biological puzzles we could help cyber security specialists better understand the wide world of malware.

An example of this methodology was recently conducted by Ajit Narayanan and Yi Chen at the Auckland University of Technology, New Zealand. In their work, they converted the signatures of 120 worms and viruses into an amino acid representation. Malware signatures are typically presented in hexadecimal format – a base-16 numbering system which uses the digits 0 to 9 as well as the letters a to f. According to Narayanan and Chen, they believe the amino acid “alphabet” is better suited to machine-learning techniques, enabling these machines to analyze a piece of code and determine whether it matches a known malware signature.

“Generally, malware experts identify and calculate the signatures of new malware, but it can be hard for them keep up. While machine learning can help, it is limited because the hexadecimal signatures can be different lengths: Narayanan’s team found that using machine learning to help classify the hexadecimal malware signatures resulted in accuracy no better than flipping a coin”, said Hodson.

However, some techniques used by bioinformatics for comparing amino acid sequences take differing lengths into account in their methodology. Using this same methodology but applying it to malware, Narayanan and Chen were able to achieve average accuracy of 85% for classifying the signatures automatically using machine learning.

Classification is just one we may be able to utilize amino acid methodologies to fight malware. Narayanan and Chen note that further studies of malware using this framework may show that malware evolution follows some of the same rules as amino acids and proteins.

Malware threats continue to grow in volume and sophistication. Proactive methodologies, like those proposed by Narayana and Chen, are directly in line with our thinking here at ThreatSTOP. Providing IT departments with greater understanding and control of their networks leads to increased security. The IT security industry could learn another lesson from bioinformatics. That is, disseminating information around pathogens, diseases, or in this case amino acids, to the community rather than holding it in a silo, leads to breakthroughs and cures. Our world of IT security often operates in different silos, despite the fact that we are all dealing with the same threats. We created ThreatSTOP for this very reason: to develop a product that leveraged the community and turned it against the attackers, while simultaneously learning from the collective knowledge of these attacks and disseminating that information back out to the community.

Filed under Technology, ThreatSTOP in use

Infoblox leverages ThreatSTOP technology to bolster intelligent malware detection product offering

February 25, 2013 by Leave a comment

ThreatSTOP, Inc., a leader in proactive network defense using the cloud, has been selected by Infoblox to provide intelligent malware detection through the Infoblox DNS Firewall. Through the partnership ThreatSTOP will provide data to the Infoblox DNS Firewall, enabling customers to detect and block the communications channels for malware, botnets and other cyber security threats.

“We believe better control of the network is the best way to achieve greater security”; said Arya Barirani, VP Product Marketing, Infoblox. “Proactively blocking outbound connections to known bad actors both prevents Infoblox customers from being victims, and enables pinpointing and cleaning up infected devices. We selected ThreatSTOP because of their experience and track record in delivering effective feeds for proactive network defense.”

By using Infoblox DNS Firewall, Infoblox customers gain greater control of their corporate IT networks and meet the need for increased security created by forces such as bring-your-own-device (BYOD), cloud computing, and the evolving cyber-threat landscape. This product offering is part of a growing trend of IT organizations employing more proactive cyber security methodologies.

“We’re proud that Infoblox, an established leader in network management and stability, has selected ThreatSTOP as its partner,” said CEO Tom Byrnes. “Infoblox understands that providing IT departments with greater control of their networks leads to increased security, a core principle we share.”

Using a real-time, expert-generated malware data feed powered by ThreatSTOP, the Infoblox DNS Firewall automatically populates recursive DNS servers’ Response Policy Zones with a current list of all known malicious domain names and IP addresses. When malware code or a user attempts to make a connection with a malicious destination, Infoblox DNS Firewall will now be able to prevent the connection from happening, pinpoint the infected device and alert IT teams to take appropriate action.

Infoblox and Infoblox DNS Firewallare trademarks of Infoblox Inc., in the U.S. and other countries.

About ThreatSTOP 
 

ThreatSTOP is a real-time IP Reputation Service that automatically delivers a block list against criminal malware (botnets, Trojans, worms etc.) directly to a user’s firewalls, so they can enforce it. It is a cloud-based service that protects the user’s network against the most serious information security problem today—malware designed to steal valuable data perpetrated by organized criminals. ThreatSTOP enables existing hardware and network infrastructure to enforce user defined malware blocking policy without requiring the expense, complexity and time of a forklift upgrade of new equipment. It can be deployed within the hour with simple rule-settings or a script on the user’s firewall. Founded in 2009, ThreatSTOP is headquartered in San Diego, CA. For more information, visit http://www.threatstop.com.

Filed under ThreatSTOP in use

ThreatSTOP Poised for Growth, Adds to Team: Board Member, VP of Sales, and Agency of Record

February 20, 2013 by Leave a comment

ThreatSTOP, Inc., a leader in protecting enterprise networks from malware and botnets, today announced the appointment of a new member to the board, a VP of Sales, and an official creative agency of record. These moves come as ThreatSTOP strengthens its offering amid exponential sales growth in the rapidly growing IT Security and Software Defined Networking markets.

Board

ThreatSTOP announced the appointment of Brian Nugent to its Board of Directors, “We’re proud to welcome Brian to our board,” said ThreatSTOP CEO and Chairman Tom Byrnes. “Brian has decades of success helping IT companies scale. His experience and connections are a major addition to the resources ThreatSTOP needs to handle, and increase our growth in the years ahead.”

Brian Nugent is a seasoned technology industry entrepreneur, board director and investor, with a record of driving IT companies to market leadership positions. Brian’s heritage of high-impact board experience within the software and hardware arenas includes coaching many technology CEO’s to successful trajectories and liquidity events. His twenty-year industry operational experience spans executive leadership posts across public and private companies in general management (CEO/COO), sales, marketing, product management, corporate development, business development and customer service across the security, communications, cloud, social media, telecom and internet commerce industries. Brian was most recently the Chief Operating Officer at EdgeWave, where he led a year-long business transformation process. Prior to EdgeWave Brian was Chairman & CEO of Applied Identity, which was acquired in March of 2010 by Citrix Systems.


Sales

ThreatSTOP appointed Chris Lee as its new VP of Sales. Lee comes to ThreatSTOP from VirtualArmor, where he served as Vice President of Sales and Marketing. He brings more than 10 years of experience as a technology executive and sales leader with a proven track record of progressive impact and results.

In his role at ThreatSTOP, Lee will bring his extensive experience and understanding of innovative and effective sales and marketing approaches to ThreatSTOP’s product and sales teams. Chris will accelerate ThreatSTOP’s leadership in protecting networks against the most serious information security problem today – criminal malware and botnets, which are frequently referred to as Advanced Persistent Threats.

“I’m excited to join the ThreatSTOP team” said Chris Lee. “ThreatSTOP is uniquely positioned to solve real problems faced by all companies today. ThreatSTOP’s flexibility, cost effectiveness, ease of implementation and broad compatibility make it a joy to sell. ThreatSTOP presents the opportunity to do well while doing good, defending the Internet against cyber-criminals and nation-state attackers, in a way that can be used, immediately, by every network.”

CEO Tom Byrnes commented, “I’m excited to have Chris join our team,” says CEO Tom Byrnes. “Chris brings seasoned, serially successful, sales leadership. Chris is a true entrepreneur who has successfully built multiple sales teams that have taken companies from startup to multi-million $/year sales. We look forward to having him build on the success we have achieved so far, and take ThreatSTOP to the next level.”


Agency of Record

ThreatSTOP selected La Jolla-based Accelerate-IT IMS as its creative agency of record. As ThreatSTOP’s brand partner, the agency will focus on creative strategy and marketing communications.

“We were looking for a partner that would be immediately effective, agile, and innovative in taking ThreatSTOP to the next stage of market awareness. Accelerate-IT IMS has a track record of bringing insightful and creative thinking to building brands within the IT space and working with companies that have created disruptive platforms like ours” said CEO Tom Byrnes.

“ThreatSTOP is disrupting the IT security space and shifting what is traditionally reactive thinking in a silo, towards a proactive community driven model,” said Patrick O’Neill, Director of Marketing for Accelerate-IT IMS. “We’re honored its team has trusted us with its business.”


About ThreatSTOP

ThreatSTOP is a real-time IP Reputation Service that automatically delivers a block list against criminal malware (botnets, Trojans, worms etc.) directly to a user’s firewalls and routers, using the ubiquitous DNS protocol, so they can enforce it rapidly. It is a cloud-based service that protects the user’s network against the most serious information security problem today—malware designed to steal valuable data perpetrated by organized criminals. ThreatSTOP enables existing hardware and network infrastructure to enforce user defined malware blocking policy without requiring the expense, complexity and time of a forklift upgrade of new equipment. It can be deployed within the hour with simple rule-settings or a script on the user’s firewall. Founded in 2009, ThreatSTOP is headquartered in San Diego, CA.

Filed under ThreatSTOP in use

ThreatSTOP To Host Second Installment of Four-Part Cyber Security Series: The Art of Cyber Security: Sun Tzu’s lessons for preemptive cyber security in 2013: know yourself, know your ground, know your enemy

February 1, 2013 by Leave a comment

ThreatSTOP, Inc., a SaaS leader in proactive network defense built on a predictive learning platform, today announced that on February 13th, the company will be hosting the second installment of its four part webinar series entitled: “The Art of Cyber Security: Sun Tzu’s lessons for preemptive cyber security in 2013: know yourself, know your ground, know your enemy.” ThreatSTOP’s “The Art of Cyber Security Series” gives participants the tools to develop a sound preemptive response to meet the ever-growing cyber security threats. This four-part online seminar series highlights the evolution of cyber crime over the past year, the three key cyber security threats for 2013, and the framework for developing a proactive plan to mitigate these threats.

This second installment, Part 2: Know your Enemy: Cyber Diversion, will be available live via webinar at their referenced start times, taking place February 12th, 2013. Please visit the following link to view the webinars: click here.

“In Part 2 of the series we will analyze cyber diversion tactics that are used to mask larger and more coordinated attacks on your sensitive data.” – Tom Byrnes

About ThreatSTOP 
ThreatSTOP is a real-time IP Reputation Service that automatically delivers a block list against criminal malware (botnets, Trojans, worms etc.) directly to a user’s firewalls, so they can enforce it. It is a cloud-based service that protects the user’s network against the most serious information security problem today—malware designed to steal valuable data perpetrated by organized criminals. ThreatSTOP enables existing hardware and network infrastructure like Juniper JunOS MX/SRX systems to enforce user defined malware blocking policy without requiring the expense, complexity and time of a forklift upgrade of new equipment. It can be deployed within the hour with simple rule-settings or a script on the user’s firewall.  Founded in 2009, ThreatSTOP is headquartered in San Diego, CA. For more information, visit http://www.threatstop.com. or connect with ThreatSTOP on Twitter and Facebook.

ThreatSTOP Blog – http://blog.threatstop.com/
ThreatSTOP – http://threatstop.com/
Twitter – @threatstop
Facebook – http://www.facebook.com/pages/ThreatSTOP/316126528415728

Filed under ThreatSTOP in use

THREATSTOP ANNOUNCES NEW FOUR-PART WEBINAR SERIES LOOKING AT THE TOP THREE CYBER SECURITY THREATS FOR 2013

January 1, 2013 by Leave a comment

We’re happy to announce our new four-part webinar series entitled: “The Art of Cyber Security: Sun Tzu’s lessons for preemptive cyber security in 2013: know yourself, know your ground, know your enemy.”

Introduction to The Art of Cyber Security Series
A sound cyber security strategy starts with a well-designed plan. Defending against new threats requires evolving the current reactive mindset to a proactive one. It is time to implement continuous monitoring throughout the network, building on existing security tools and practices using cloud intelligence.

ThreatSTOP’s “The Art of Cyber Security Series” gives you the tools to develop a sound preemptive response to meet the ever-growing cyber security threats facing you. This four-part online seminar series highlights the evolution of cyber crime over the past year, the three key cyber security threats for 2013, and the framework for developing a proactive plan to mitigate these threats.

Part 1: Know your Ground: The Evolution of the Cyber Battlefield
In Part 1 of the series we explore the evolution of cyber crime over the past year and the three key cyber security threats you should pay attention to in 2013. Additionally, we offer a framework for developing a proactive plan to mitigate these threats.

Presenter: Tom Byrnes

Broadcasts:

  • Wednesday, January 9th at 9:00am PST (12:00pm EST) – REGISTER NOW
  • Wednesday, January 9th at 12:00pm PST (3:00pm EST) – REGISTER NOW

Length: 45 minutes

Filed under News/Announcements

Your favorite Android games, now part of the latest botnet…

January 1, 2013 by 1 Comment

android1That link your friend just sent you for a free version of Angry Birds? I wouldn’t click it. But many have and are now sending out enough SMS messages to make any spammer applaud.

The newly discovered ‘SpamSoldier‘ hides behind links to free versions of Android’s most popular games.

Users falling for the scam download apps from a server. They are told to grant the app permission to install and give it the ability to browse the web and send texts. Once installed, that trojan will begin connections to the command and control server. The “zombie” waits 1.3 seconds after sending each message, and checks with the C&C server every 65 seconds for more numbers.
Obviously, you shouldn’t be downloading apps from unfamiliar sites, but other than that your best bet at this point: Better hope you chose the unlimited text message plan.

Filed under Specific Threats Tagged with , ,

Iranian Computers Under Attack

December 31, 2012 by Leave a comment

Imagine booting up your computer one morning only to find no traces of the hard drive you work from daily. That same one you have 5 years+ of photos, work, etc. Iran-Flag

Accoring to the Iranian Computer Emergency Response Team Co-ordination Center, that’s exactly what is happening. The new ‘Batchwiper’ malware hides out on your computer and one day, in one moment, deletes drives D – I on your computer. Gone….like that.

Think your anti-virus can catch it? Not this one, Batchwiper also has the ability to disguise itself from antivirus softwares. Disguised as a Microsoft Office 2007 document collaboration feature called Microsoft Office Groove, the .exe file has been causing quite a stir.

For more information check out this Digital Trends Article.

Filed under Specific Threats Tagged with ,

Older posts

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: