<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=439793516377641&amp;ev=PageView&amp;noscript=1">

CATEGORY ARCHIVES: call-home

Nitol Takedown: How ThreatSTOP can help identify affected machines.

There's a lot of noise out there about "Nitol" and the takedown. What, exactly, does that mean to you?

Read More

Share this:

ThreatSTOP blocking new OSX/Morcut malware

As noted by The Register and other places, there's a new cross-platform vulnerability out that installs via a piece of Java that does a check for "Windows or Mac" and then installs the malware suitable for the platform.

Read More

Share this:

Criminals don't follow the rules

If you are a criminal and trying to steal things then breaking the law in other ways is unlikely to concern you. To me such a statement seems obvious, but apparently it isn’t – and I’m not just talking about cyber-criminals here.

Read More

Share this:

Is there anything in Ukraine except cyber crime?

On the Kaspersky SecureList blog there's an interesting post about recent developments for the SpyEye malware. The blogger explains how SpyEye supports a nice plugin architecture and how he examined an interesting new plugin that downloads a flash plugin for certain banking sites which can then switch on the victim's webcam and stream the data back to the crooks.

Read More

Share this:

Block China and other simple DLP/APT remedies

Blocking foreign countries is one of the simplest and most effective ways to stop data loss and other hack attacks. If your computers/servers/users ... have no reason to communicate with devices in certain countries then a geographic block on the firewall to stop all traffic to/from them is a great way to reduce the threat of infection or data loss. What may be the most serious data breach ever - the loss of some 35 million records of personal data from the Korean company SK Comunications - would have been stopped if the SK Comunications computers had been blocked from communicating with China:

Read More

Share this:

The ineffectiveness of AV

Over at ZDnet Ed Bott has a report on the ineffectiveness of anti-vrus tools against current malware where he notes that many AV vendors only detect it a day or two after it has been distributed and that by then a new variant that they don't detect has also been sent out. In the IT security space, this is not exactly new news. In fact here at ThreatSTOP, we've been using similar statistics in our sales pitch for about a year now and in fact the AV vendors themselves admit they have a problem. If you ask them in private that is.

Read More

Share this:

SonicWALL IP Reputation Fail

Since ThreatSTOP is an IP Reputation company, we naturally have a google news feed on the topic of 'IP reputation'. Today, for some reason, it provided a link to the IP reputation page of the firewall vendor SonicWALL. Naturally I had to test the page out to see how well it did. I picked the 4 addresses currently listed on our home page as being the "worst of the web":

Read More

Share this:

Blocking Bot 'Call Homes' Can Stop You Losing $250,000

Over the last couple of days, Brian Krebs has reported about ACH fraud that is driven by ZeuS and SpyEye trojans/bots. Although the case law is limited it seems like banks have little or no liability if a trojan steals bank login details and, as a result, an organization's bank account is emptied.

Read More

Share this:

IP Reputation to Reduce the Risk of Being Hacked

As anyone who reads the technical, financial or even the general news is aware, May has not been a good month for Internet security. We started with Sony which appears to have been comprehensively "PWNed" by one of more groups of criminals and we end up with the news of Lockheed and PBS joining the list of victims. Needless to say these news reports have led to a lot of our customers (and potential customers) asking whether ThreatSTOP's IP Reputation can save them.

Read More

Share this:

Latest Adobe Zeroday - "Call Home" Blocked by ThreatSTOP

Adobe have just announced yet another Zeroday Flash etc. exploit that has been seen in the wild in emailed Microsoft Word documents. The document installs the usual sort of backdoor trojan.

Read More

Share this:

Home Page

OTHER THREATSTOP OUTLETS

  1. ThreatSTOP on YouTube
  2. ThreatSTOP on Twitter