Cisco Talos Blog

March 23, 2016 16:38

SamSam: The Doctor Will See You, After He Pays The Ransom

Cisco Talos is currently observing a widespread campaign leveraging the Samas/Samsam/MSIL.B/C ransomware variant. Unlike most ransomware, SamSam is not launched via user focused attack vectors, such as phishing campaigns and exploit kits. This particular family seems to be distri

March 21, 2016 11:06

Malware Word Search: Identifying Angler's Dictionary

This post authored by Steve Poulson with contributions from Nick Biasini. Exploit kits are constantly evolving and changing. We recently wrote about some subtle Angler changes but then Angler changed drastically on March 8. In this blog post, we will briefly cover these changes,

March 1, 2016 10:58

Angler Attempts to Slip the Hook

This post authored by Nick Biasini with contributions from Joel Esler, Erick Galinkin and Melissa Taylor Talos has discussed at length the sophistication of the Angler exploit kit. One thing that always makes Angler stand apart is the speed with which they develop and implement

April 19, 2015 23:05

Threat Spotlight: Upatre - Say No to Drones, Say Yes to Malware

Talos has observed an explosion of malicious downloaders in 2015 which we’ve documented on several occasions on our blog. These downloaders provide a method for attackers to push different types of malware to endpoint systems easily and effectively. Upatre is an example of a mali

April 9, 2015 03:30

Threat Spotlight: SSHPsychos

Introduction Talos has been monitoring a persistent threat for quite some time, a group we refer to as SSHPsychos or Group 93. This group is well known for creating significant amounts of scanning traffic across the Internet. Although our research efforts help inform and protect

April 6, 2015 07:13

Threat Spotlight: Spam Served With a Side of Dridex

This post was authored by Nick Biasini with contributions from Kevin Brooks. Overview The use of macro enabled word documents has exploded over the last year, a primary example payload being Dridex. Last week, Talos researchers identified another short lived spam campaign that

March 3, 2015 04:55

Threat Spotlight: Angler Lurking in the Domain Shadows

Overview Over the last several months Talos researchers have been monitoring a massive exploit kit campaign that is utilizing hijacked registrant accounts to create large amounts of subdomains for both initial redirection and exploitation. This campaign has been largely attribu