Security Lab

Blue Coat Security Blog

Latest SEP (Search Engine Poisoning) Research, Part 1

February 15, 2012 - By Chris Larsen
[This is the first of a series of blog posts providing some of the backstory on my upcoming RSA presentation on Search Engine Poisoning. There were a lot of screenshots and accompanying notes that simply wouldn't fit into a 45-minute presentation...]   Two years ago, I gave a presentation at RSA on Search Engine Poisoning. It was fun, but my malware research afterwards gradually moved on to other topics, since there's a lot of malware happening out there.

A Blackhole Exploiter Who Needs a Hug

February 9, 2012 - By Chris Larsen
I've been keeping an eye out for a suitably interesting opportunity to comment on the current state of the Blackhole Exploit Kit (BHEK) attacks, and when I saw this in the malware logs, I just had to share...

Another Batch of Android Malware

February 6, 2012 - By Chris Larsen
Time for a quick follow-up to the recent post on Android malware, as I came across an updated example of both similar and different bait a couple of weeks ago, that is being used in on-going attacks... In our Java-JAR logs was an interesting .APK file that looked worth a little investigation. Here's how the attack was structured:

A New Twist in Fake-warez Malware

January 25, 2012 - By Chris Larsen
It's been a while since I've posted anything from the world of "fake warez" malware. Last week I came across a site that's using a different tactic than the "classic" method. On the surface, it looks very similar:  

Expanding Black Holes

January 7, 2012 - By Chris Larsen
The big malware story for me over the last month is probably the surge in exploit kit sites hosting the "Blackhole" kit. (BTW, nice write-up last month on the kit on Imperva's blog.) Bad Guys like exploit kits because they are a convenient way to leverage the work of multiple specialists -- it's nice to let somebody else do the challenging technical work of figuring out the discovery and "weaponization" of multiple vulnerabilities, and to be able to attack multiple vulnerabilities at once.

Hunting for Android Malware

December 20, 2011 - By Chris Larsen
I've been meaning to write about malware on Android for some time now, as it is definitely an issue that is on our radar screen... I started thinking about doing a post a few weeks ago, when a very interesting article link was forwarded to me by a fellow Bluecoater: a statement from a Google employee that you don't need antivirus software for Android.

New JavaScript Tricks from the Bad Guys / An Archaeologist at Work

December 12, 2011 - By Chris Larsen
[This article is a combination of two posts from our internal security blog: one from last month when I was on the road, and one from this month that looks back at a different attack from the same time period. The common thread is the never-ending creativity of the Bad Guys in coming up with new ways to abuse JavaScript in cloaking their attacks...] ATTACK #1 (New JavaScript Trick):

Another Facebook Fake Foto Attack, on Hacked Russian Site

November 29, 2011 - By Chris Larsen
[Edited 12/06 -- host domain was mis-typed in one spot as pszm.info; it should have been pzsm.info.] Unlike humans, who usually need a nap after a big Thanksgiving Day feast, our automated modules keep working away. Either that, or malware has zero calories so WebPulse stays hungry... ;)

Search Engine Clutter

November 23, 2011 - By Chris Larsen
I've been doing some research into the current state of SEP (search engine poisoning) attacks lately -- in fact, I meant to do a post about Halloween-themed SEP last month, but had too much travel going on.

No Surprise: Malware is increasing

November 16, 2011 - By Tim Chiu
It should be no surprise to anyone in the security industry that malware is up, especially malware delivered through the web.  There were two news items this week that included some interesting statistics around how fast malware is actually increasing.
Subscribe to Blue Coat Security Blog