<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=439793516377641&amp;ev=PageView&amp;noscript=1">

CATEGORY ARCHIVES: uncategorized

ThreatSTOP Blocks Android Malware Drive-By

The Lookout Moble Security blog posted a story about some new Android based malware that seems to be set up as fake driver update. This drive by works the same way as classic ones do on Windows PCs (or Macs with Flashback malware) in that if an Android phone visits the infected website it is redirected a couple of times before ending up at a place where it tries to download a new "update" that users are tricked to install.

Read More

Share this:

ThreatSTOP blocks FlashBack Call Home

The FlashBack Trojan, which affects a greater percentage of Mac users than the infamous Conficker worm did (and occasionally still does) for Windows users, connects to a limited number of IP addresses for its "Call Home". Although millions of URLs are used as droppers, it appears that the actual malware connects to only two IP addresses:

Read More

Share this:

New and Improved Botnet Feeds

ThreatSTOP has improved our botnet block list by adding a number of C&C servers and DNS servers for botnets that have been taken down by law enforcement. This includes the conficker C&C sinkhole servers (see http://www.confickerworkinggroup.org/wiki/ ) and the IP addresses that the DNS Changer botnet used as DNS servers when redirecting DNS on infected computers (see http://dcwg.org ). These have been added to both the botnets feed and to respective expert mode feeds - sinkhole and DNS changer. We have added these feeds as a service to our subscribers to help them identify computers on their networks that are still infected by these forms of malware as by blocking these addresses on the NAT device makes it easy to identify the infected internal host from its IP address. The "research" popup for a DNS Changer IP address looks like this:

Read More

Share this:

The mobile to cloud security challenge

ThreatSTOP is spending the week up in San Francisco at RSA. We will be on the Vyatta booth, #452, showcasing our joint solution for the protection and centralized management of virtual and cloud firewalls.

Read More

Share this:

ThreatSTOP IP Reputation Protects Against Zero-day Attacks

One of the themes of this blog is that IP reputation - when delivered in an actionable form the way we do at ThreatSTOP - can protect against threats that you had no idea existed. There's an interesting Reuter's report that explains the problem:

Read More

Share this:

Extending the traffic metaphor

Jeff Bardin has a post up as his CSO Online blog which has a nice metaphor for data security by comparing it to vehicular traffic on highways. The metaphor comparing data to cars is pretty good (and not unique to the security space, lots and lots of traffic management and queuing strategies are well understood in terms of highways and cars) and I kind of like the way he suggests that a tool can just send 'red' (i.e. bad) cars for detailed inspection etc.

Read More

Share this:

Latest Adobe Zeroday - "Call Home" Blocked by ThreatSTOP

Adobe have just announced yet another Zeroday Flash etc. exploit that has been seen in the wild in emailed Microsoft Word documents. The document installs the usual sort of backdoor trojan.

Read More

Share this:

IPv6 and IP reputation

The Register has an article today about how IPv6 will make (spam) blocklists fail. The article is correct that current DNSBL techniques - as developed by Paul Vixie & co - will struggle but that doesn't in fact mean that IPv6 kills IP (or DNS) reputation, all it means is that the exact technique used by the current DNSBL solutions is not IPv6 compatible.

Read More

Share this:

How ThreatSTOP Protects Against Zero-day Exploits

Since yet another Zero-day* vulnerability in Adobe Flash was announced yesterday it seems appropriate to explain how ThreatSTOP subscribers are protected against zero-day attacks on both client and server computers.

Read More

Share this:

iFrame droppers and other drive-bys: how ThreatSTOP protects you.

Someone forwarded me an article from CSO Online about how the US Bureau of Printing and engraving was being used do deliver malware via an iFrame.

Read More

Share this:

Home Page

OTHER THREATSTOP OUTLETS

  1. ThreatSTOP on YouTube
  2. ThreatSTOP on Twitter