Blog
Recent
- July 20, 2012 June 11, 2012
July 20, 2012 13:35

fast_pattern is fast

By Nick Randolph
July 17, 2012 16:30

The Power of Open Source Intelligence

Last week, an email came into the main VRT email account, entitled "New Malicious Javascript." The note inside was from Mr. Brett C., a Sourcefire customer who'd stumbled across an interesting chunk of heavily obfuscated JavaScript that was the first page in a chain

By Alex Kirk
July 11, 2012 16:36

It's not the Dalai Lama's birthday, oh and you got owned

A number of recent targeted attack campaigns have centered around the Dalai Lama, including purported plans for his birthday and calls to action for democracy in Tibet. These attacks use several popular exploits and even include attacks on Mac OS X. While investigating samples of

By Alex McDonnell
July 9, 2012 14:51

CVE-2012-1723: New Java Attack Added to Blackhole

Word began to emerge last week of the addition of a new vulnerability to the Blackhole Exploit Kit. The bug in question - CVE-2012-1723 - is a complex Java issue, which thankfully has patches available from Oracle already. Of course, just because a patch is available doesn't

By Alex Kirk
July 3, 2012 13:33

Banking Trojan Spread Via UPS Phish Uses 0xDEADBEEF Beacon

By Nick Randolph
June 21, 2012 16:18

Microsoft In-The-Wild Coverage - CVE-2012-1889 and CVE-2012-1875

As a security professional, there's very little I hate more than Microsoft vulnerabilities announced after patches are sent out each Microsoft Tuesday. Not only do they mean that folks like me have to scramble to address them - since invariably bugs released outside the stand

By Alex Kirk
June 19, 2012 11:39

Compromised WordPress Blogs: A Phisher's Paradise

One of the ongoing trends in the phishing attacks the VRT monitors is the use of poorly secured WordPress blogs as staging points for exploit kits. Every time I hover over a link in the latest "UPS Tracking" or "Airline Ticket Confirmation" email, I'm look

By Alex Kirk
June 12, 2012 11:23

MySQL Authentication Brute Force Attack

Before you read this, go and make sure your MySQL servers are patched and up-to-date. This is serious, nasty 0-day, and while there is some mitigation in terms of impacted platforms, the newest MySQL bug is so trivial to exploit that it's worth a couple of minutes just to che

By Alex Kirk
June 11, 2012 13:59

Web Shell Poses As A GIF

One of the most actively scanned-for vulnerabilities on the Internet these days is the TimThumb remote file include, an attack released in August of 2011 that targets the popular WordPress module. People scan for it so heavily because doing so is cheap and easy, from a bandwidth

By Alex Kirk