Tag Archives: toolkit

The Botnet Wars – industry Q&A

I was approached recently by Bart P from Panda security in order to participate in an industry expert Q&A about the botnet wars (apparently he did his homework as he got quite the lineup to participate in this, guessed he can count me as a close miss :-)…).

He managed to compile a great Q&A where you can read some of the views and opinions on the current state of business at the Botnet (including exploit kits and crimeware kits) marketplace.

The full article is available at: http://bartblaze.blogspot.com/2010/10/botnet-wars-q.html


Down the rabbit hole all the way to Miami

So the talk at Hacker Halted was really good – I was impressed with the quality of the audience and the presentations.
As promised, I’m posting my slide deck here for your reference. Enjoy!

The impact of just 5 random letters…

We have been watching in amazement the impact our latest Malicious Page of the Month had on the industry and media.
From coverage at Fox Business News, and the Washington Post, all the way to the more “traditional” security outlets such as SecurityFocus, SC Magazine and bloggers such as Dancho Danchev.

The scary thing is the non-media related impact – we are still seeing a tremendous amount of domains (and sites) that are still compromised. Just a quick preview of the ongoing research we are putting into this – we are getting closer to getting to the root (no pun intended) cause of the problem that seems to affect Linux webservers (and this time it may not be a cPanel related issue for a change).

Looking forward to posting an update soon as we make progress in cracking this one.

Tying it all up – explosive exploits…

The funniest thing happened yesterday – at a watercooler conversation our CTO informs us of a site that uses techniques from almost all of our trend reports (which means we are right as usual…). The interesting part was that it was one of those “iframe” sites that give you a small iframe html code to put in your website and they’ll pay you “per-infection” (is this thing copyrighted/patented yet??? 😉 ).

Old news…

But – after looking into the code he figured that this is pretty nasty stuff that basically BYPASSES every major security vendor’s detection technology (except for ours of course – and no – it’s not a marketing spin…).

A few hours later we pushed out an “Extra” version of the “Malicious Page of the Month” dubbed “Malicious Page Under Benchmark” to show how the most modern names in security can’t handle a bunch of hackers that publicly spread their exploits.

Check it out at: http://www.finjan.com/content.aspx?id=1367

Be safe…