Author Archives:

Yahoo! Malvertising!

      2 Comments on Yahoo! Malvertising!

Malvertising has been around for quite a while (and will probably not be going away anytime soon). Recently, I’ve seen incidents of a fake Firefox update that has been pushed by malvertisers. This has been getting some coverage on various websites. For example, this morning’s Internet Storm Center handler diary . This fake update screen dates back to last year (at… Read more »

Quick Ransomware Investigation

      No Comments on Quick Ransomware Investigation

This is just a very quick post to go over a recent ransomware incident. It appears that the first link in the infection chain is down now so, unfortunately,  I was unable to obtain a Fiddler capture. An email was received with a familiar social engineering attempt: Hovering over the link shows that it will take you to: When… Read more »

Honeypots Revisited

      22 Comments on Honeypots Revisited

I’ve written in previous posts about my honeypot setups and the visualization software that I use to display the data. You may also recall that I typically run my honeypots on underpowered cloud-based servers in an effort to keep costs low. This has caused a few issues at times. First of all, I’ve found that the various visualization software packages… Read more »

It’s Clear We Need A Sorting Hat

A few of my earlier posts detailed some of the methods that I use to find malware. Those methods all essentially required you to actively hunt for malware. The exceptions being my articles on honeypots where we can “let the malware come to us”. Recently, I’ve been going through a really good classic book on malware analysis entitled “Malware Analyst’s… Read more »

Down A Rabbit Hole, Part 2

      1 Comment on Down A Rabbit Hole, Part 2

In the previous post, a run-of-the-mill tech support scam pop-up from the website apple-techsupport[.]online started us on our trip down a rabbit hole. Now I realize that our trip thus far hasn’t been all that unusual. These types of domain relationships are encountered routinely by  malware hunters. However, this is where it gets more unconventional… Here’s our Google search from… Read more »