Alienvault - labs.alienvault.com - AlienVault Labs Blog
General Information:
Latest News:
Hunting for malware with undocumented instructions 1 Jul 2013 | 09:09 pm
A few days ago Microsoft Malware Protection Center published a great blog post about some undocumented instruction tricks being used by several malware families. As you can read in the post, they fou...
Take care of your server, or it will be hacked and sold 26 Jun 2013 | 09:00 pm
Have you ever had a server open to the internet with SSH service running? Then you know how common it is to receive break in attempts against your servers produced by automated bots that scan wide ran...
Urausy ransomware family, a quick internals overview 17 Jun 2013 | 01:53 pm
Ransomware is popular among bad actors. Reveton malware family (based on Citadel) made a difference last year, now it is loosing popularity in favor of Urausy, just another lock-screen ransomware. The...
Yara rules and network detection for Operation Hangover 23 May 2013 | 03:44 pm
Last week, our friends from Norman published a great report on a cyber espionage campaign named Operation Hangover. We have released some Yara rules to detect most of the payloads mentioned on the pa...
New Internet Explorer zeroday was used in the DoL Watering Hole campaign 5 May 2013 | 03:09 pm
A few days ago we reported a new Watering Hole campaign affecting a U.S Department of Labor website. In our first analysis we reported that the exploited vulnerability was CVE-2012-4792 . Further anal...
U.S. Department of Labor website hacked and redirecting to malicious code 1 May 2013 | 06:15 pm
During the last few hours we have identified that one the U.S. Department of Labor website has been hacked and it is serving malicious code. Clarification: The website affected is the The Department o...
UrlQuery Chrome Extension 29 Apr 2013 | 03:23 pm
UrlQuery is a service for detecting and analyzing web-based malware, claims its webside, this service is very useful and provides a full specific report of the submitted webpage. We use these services...
How cybercriminals are exploiting Bitcoin and other virtual currencies 16 Apr 2013 | 10:08 pm
- What is Bitcoin? Bitcoin is an online descentralised virtual currency based on an open source, P2P protocol. Bitcoins can be transferred using a computer without relying on a financial institution....
New Sykipot developments 21 Mar 2013 | 07:57 pm
Summary During the last few years, we have been publishing about a group of hackers who have focused on targeting DIB (Defence Industrial Base) and other government organizations: - Another Sykipot sa...
A theory on the South Korean attacks 21 Mar 2013 | 05:39 am
During the day I’ve been thinking about what have just happened in South Korea. We have published earlier today a quick blog post about how the wiper payload works. It is a very simple piece of code t...
