VB Migration

Tag: http

  • Ebury and Mayhem server malware families still active

    Whether it is to send spam or to redirect web traffic to malicious payloads, compromised ( Linux ) web servers are the glue in many a malware campaign. Two such networks of compromised servers – about which VB has published papers in the past – have recently received updates. The paper ‘Operation Windigo’ ( pdf ) was…

  • Ebury and Mayhem server malware families still active

    Whether it is to send spam or to redirect web traffic to malicious payloads, compromised ( Linux ) web servers are the glue in many a malware campaign. Two such networks of compromised servers – about which VB has published papers in the past – have recently received updates. The paper ‘Operation Windigo’ ( pdf ) was…

  • WireX DDoS botnet takedown shows the best side of the security industry

    It is easy to be cynical about the security industry and its tendency to make ever bigger mountains out of molehills, but behind a thin layer of marketing, there are a great many people who really care about making the world a more secure place. We have seen many examples of researchers from competitor companies…

  • WireX DDoS botnet takedown shows the best side of the security industry

    It is easy to be cynical about the security industry and its tendency to make ever bigger mountains out of molehills, but behind a thin layer of marketing, there are a great many people who really care about making the world a more secure place. We have seen many examples of researchers from competitor companies…

  • There is a place for unauthenticated key exchange, but don’t tell anyone

    Making dragnet surveillance harder justifies using weak form of encryption. Discussions on how to make the Internet more secure have been going on ever since the first two computers were connected. Recently, however, Snowden’s revelations about surveillance on a scale that was hitherto only imagined by the most paranoid have made some of these discussions…

  • Malware spoofing HTTP Host header to hide C&C communication

    Traffic appears as requests to Google or Yandex. There have been several recent examples of malware using a spoofed HTTP Host header to hide communucation with its control servers. When a web browser sends an HTTP request to a web server, it includes a Host header, containing the host of the site that is requested.…

  • From Simple Mail to Hypertext

    HTTP and FTP take over from SMTP as common malware spreading methods. A report from F-Secure has highlighted the recent shift in malware spreading methods from email to web-based methods. For many years, malware authors’ preferred method of spreading their wares was to send out masses of emails that contained a piece of malware as…