malware

Janet CSIRT conference (#CSIRT2012)

Andrew Cormack
8 November 2012 at 2:59pm
Cybercrime
incident response
malware
There was an excellent line-up of speakers at Janet CSIRT’s conference this week.
Read more
17 October 2012 at 1:22pm

Analysing Malware lawfully

Andrew Cormack
Computer Misuse Act
incident response
malware
Malicious software, generally shortened to malware, is involved in a wide variety of security incidents, from botnets and phishing to industrial sabotage. Analysing what malware does and how it can be detected, neutralised and removed from infected computers is an important part of keeping networks and computers secure.
Read more
29 April 2013 at 11:47am

Nominet consults on direct.uk domains

Andrew Cormack
Botnets
malware
Domain Names
Nominet have announced a consultation on allowing (someone with a very long memory has pointed out to me that this is actually re-allowing) the registration of domains directly under the .uk top level domain, as well as in the familiar second-level domains such as .ac.uk, .co.uk, .org.uk, etc. Illustrating the sort of domain that could become possible, the proposed service is called Direct.uk
Read more
4 May 2012 at 12:04pm

"Blocking" and Anti-blocking

Andrew Cormack
Role of ISPs
copyright
internet filtering
malware
Given the outcome of previous hearings on copyright infringement, the court’s conclusion this week that the UK’s major ISPs should be ordered to block access to The Pirate Bay was no surprise. However the judgment raises an interesting technical issue. In a previous hearing, it had been pointed out that there was a way to get around blocks on individual web pages that would not be possible if the block instead referred to the IP address of the website as a whole.
Read more
4 May 2012 at 9:48am

IETF on Botnet Detection

Andrew Cormack
Cybercrime
incident response
malware
Role of ISPs
A bot is a program, maliciously installed on a computer, that allows that computer and thousands of others to be controlled by attackers. Bots are one of the major problems on the Internet, involved in many spam campaigns and distributed denial of service attacks, as well as allowing attackers to read private information from the computer’s disk and keyboard. Some bots even allow cameras and microphones to be monitored by the attacker. Detecting and removing bots is therefore in the interests of both individuals and internet providers.
Read more

Computer viruses - don't click here

Anonymous
Wednesday, February 15, 2012 - 20:19
factsheet
malware
security
viruses
PB/INFO/012 (10/06) Every few months a computer virus outbreak is publicised in the national press. One in every thirty e-mail messages contains a virus. Every computer user should therefore be aware of the danger and take simple steps to protect themselves against it.
Read more

Detecting Conficker on your network

Anonymous
Monday, February 13, 2012 - 20:15
CSIRT
conficker
detecting
incident response
malware
security
From time to time Janet CSIRT may report activity to you that is related to the Conficker worm. Typically this is a record of traffic from an infected host, to a Conficker sinkhole server. These sinkhole servers pretend to be part of the worm’s command and control infrastructure. The worm then attempts to load a web page on the sinkhole server, that were the server real, would contain instructions for the worm. Our reports typically look like this
Read more

Protecting yourself from Conficker

Anonymous
Monday, February 13, 2012 - 20:14
CSIRT
conficker
incident response
malware
protection
security
The Conficker worm (also known as Downup, Downadup and Kido) is probably the most prevalent computer worm on Janet and the Internet at this time. It’s success can be attributed to it’s use of a number of different vectors it uses to infect machines:
Read more

Zeus/Zbot

Anonymous
Monday, February 13, 2012 - 20:12
security
incident response
CSIRT
advice
malware
Zeus
Zbot
Zeus is the name for a family, or perhaps ecosystem of malware that is created and customised using a single toolkit. Not only does the toolkit generate the executable that infects systems, but it also produces server files that act as the command and control infrastructure for the operator’s botnet. Primarily Zeus is used to steal banking details through the use of keystroke logging and screen captures that are sent from the infected system to the command and control sever.
Read more
Subscribe to malware