February 2012
2 posts
1 tag
Vampires, werewolves, and... zombies
One of the things we do here at Lastline is to monitor drive-by-download attacks. These have become one of the most common and effective threats online: the idea is that attackers try to exploit vulnerabilities in user browsers and, if successful, manage to install malware on the victim machines. Afterwards, all kinds of bad things happen for the compromised machines: they most commonly become...
2 tags
Securing Mobile Phones Through Previct
Forbes magazine recently published an article called Unauthorized iPhone And iPad Apps Leak Private Data Less Often Than Approved Ones. The article reports on the research we had conducted as the International Secure Systems Lab that aimed at analyzing how and where iPhone apps transmit users’ private data. In that work, we found that one in five of the free apps in Apple’s app store uploads...
December 2011
2 posts
2 tags
Cloud Storage as an Attack Vector
One of the main products we develop at Lastline is the Malscape Threat Intelligence Feed, which provides continuously updated intelligence about malicious activity on the Internet. Specifically, we provide information about malicious servers on the Internet based on the various analysis techniques we have developed. Regularly, we find that legitimate services on the Internet are abused by...
2 tags
Real-World Signature Evasion by Malware
At Lastline, we use different approaches to detect Command & Control (C&C) servers used by attackers to remotely control compromised machines. These approaches are based on diverse assumptions that we have about C&C servers. One of our methods relies on classical network signatures to describe how C&C traffic looks like. Obviously, such network signatures have drawbacks and...