Tag: malware
-
48 hours after initial reports, many mysteries remain around the latest ransomware/wiper threat
“What’s in a name? that which we call a rose By any other name would smell as sweet” Shakespeare’s philosophising can equally be applied to malware, and whether you call it Petya, NotPetya, Nyetya or Petna, the latest piece of malware to hit the headlines is just as damaging. The name isn’t the only thing…
-
Research paper shows it may be possible to distinguish malware traffic using TLS
Researchers at Cisco have published a paper ( PDF ) describing how it may be possible to use machine learning to distinguish malware command-and-control (C&C) traffic using TLS from regular enterprise traffic, and to classify malware families based on their encrypted C&C traffic. The need for malware to communicate with its operators, so that it…
-
Research paper shows it may be possible to distinguish malware traffic using TLS
Researchers at Cisco have published a paper ( PDF ) describing how it may be possible to use machine learning to distinguish malware command-and-control (C&C) traffic using TLS from regular enterprise traffic, and to classify malware families based on their encrypted C&C traffic. The need for malware to communicate with its operators, so that it…
-
Consumer spyware: a serious threat with a different threat model
We all know the risks of having a device infected with malware: an anonymous adversary far away can encrypt your files and hold them to ransom; they can steal your personal data and sell it online; or they can steal your money directly from your online financial services. But imagine if the adversary is neither…
-
Consumer spyware: a serious threat with a different threat model
We all know the risks of having a device infected with malware: an anonymous adversary far away can encrypt your files and hold them to ransom; they can steal your personal data and sell it online; or they can steal your money directly from your online financial services. But imagine if the adversary is neither…
-
VB2016 paper: Debugging and monitoring malware network activities with Haka
Anyone who has ever analysed malware through its network communications will knows that this often involves ad-hoc scripts in languages like Python or Perl to decode the traffic. After all, for somewhat understandable reasons, there is no standard C&C protocol for malware. If you regularly find yourself in this situation, you may want to have…
-
VB2016 paper: Debugging and monitoring malware network activities with Haka
Anyone who has ever analysed malware through its network communications will knows that this often involves ad-hoc scripts in languages like Python or Perl to decode the traffic. After all, for somewhat understandable reasons, there is no standard C&C protocol for malware. If you regularly find yourself in this situation, you may want to have…
-
VB2016 paper: One-Click Fileless Infection
Over the last few years, we have seen a sharp increase in ‘fileless’ infections, where a machine is compromised without a malicious file ever being written to disk. Though not impossible to detect and prevent, they do require a security product. In a paper entitled “One-click fileless infection” presented at VB2016 in Denver, Symantec researchers…