FAKE ANTI VIRUS |
| 2012-06-19 | Daniel Wesemann | Vulnerabilityqueerprocessbrittleness |
| 2011-05-19 | Daniel Wesemann | Fake AV Bingo |
| 2011-01-18 | Daniel Wesemann | Yet another rogue anti-virus |
| 2010-11-11 | Daniel Wesemann | Fake AV scams via Skype Chat |
| 2010-02-15 | Johannes Ullrich | Various Olympics Related Dangerous Google Searches |
FAKE |
| 2019-04-07/a> | Guy Bruneau | Fake Office 365 Payment Information Update |
| 2019-04-02/a> | Johannes Ullrich | Fake AV is Back: LaCie Network Drives Used to Spread Malware |
| 2019-03-21/a> | Xavier Mertens | New Wave of Extortion Emails: Central Intelligence Agency Case |
| 2017-07-07/a> | Renato Marinho | DDoS Extortion E-mail: Yet Another Bluff? |
| 2016-05-12/a> | Xavier Mertens | Another Day, Another Wave of Phishing Emails |
| 2015-09-28/a> | Johannes Ullrich | "Transport of London" Malicious E-Mail |
| 2014-02-21/a> | Johannes Ullrich | UPS Malware Spam Using Fake SPF Headers |
| 2013-04-29/a> | Adam Swanger | Report Fake Tech Support Calls submission form reminder |
| 2013-04-16/a> | John Bambenek | Fake Boston Marathon Scams Update |
| 2013-01-03/a> | Manuel Humberto Santander Pelaez | New year and new CA compromised |
| 2012-12-06/a> | Daniel Wesemann | Fake tech support calls - revisited |
| 2012-10-03/a> | Kevin Shortt | Fake Support Calls Reported |
| 2012-06-19/a> | Daniel Wesemann | Vulnerabilityqueerprocessbrittleness |
| 2011-07-25/a> | Bojan Zdrnja | When the FakeAV coder(s) fail |
| 2011-07-21/a> | Daniel Wesemann | Down the FakeAV rabbit hole |
| 2011-05-19/a> | Daniel Wesemann | Fake AV Bingo |
| 2011-05-04/a> | Bojan Zdrnja | More on Google image poisoning |
| 2011-01-18/a> | Daniel Wesemann | Yet another rogue anti-virus |
| 2010-11-11/a> | Daniel Wesemann | Fake AV scams via Skype Chat |
| 2010-02-27/a> | Johannes Ullrich | Search Engine Poisoning: Chile Earthquake |
| 2010-02-15/a> | Johannes Ullrich | Various Olympics Related Dangerous Google Searches |
| 2010-02-08/a> | Adrien de Beaupre | When is a 0day not a 0day? Fake OpenSSh exploit, again. |
| 2010-01-08/a> | Rob VandenBrink | Microsoft OfficeOnline, Searching for Trust and Malware |
| 2009-09-17/a> | Bojan Zdrnja | Why is Rogue/Fake AV so successful? |
| 2009-09-04/a> | Adrien de Beaupre | Fake anti-virus |
| 2009-02-06/a> | Adrien de Beaupre | Fake stimulus payments |
| 2008-09-15/a> | donald smith | Fake antivirus 2009 and search engine results |
ANTI |
| 2018-06-25/a> | Didier Stevens | Guilty by association |
| 2016-12-24/a> | Didier Stevens | Pinging All The Way |
| 2016-10-17/a> | Didier Stevens | Maldoc VBA Anti-Analysis: Video |
| 2016-10-15/a> | Didier Stevens | Maldoc VBA Anti-Analysis |
| 2015-12-05/a> | Guy Bruneau | Are you looking to setup your own Malware Sandbox? |
| 2015-07-03/a> | Didier Stevens | Analyzing Quarantine Files |
| 2015-06-28/a> | Didier Stevens | The EICAR Test File |
| 2014-05-27/a> | Kevin Shortt | Avast forums hacked |
| 2013-08-03/a> | Deborah Hale | What Anti-virus Program Is Right For You? |
| 2013-06-07/a> | Daniel Wesemann | 100% Compliant (for 65% of the systems) |
| 2013-04-26/a> | Russ McRee | What is "up to date anti-virus software"? |
| 2012-11-02/a> | Daniel Wesemann | The shortcomings of anti-virus software |
| 2012-06-19/a> | Daniel Wesemann | Vulnerabilityqueerprocessbrittleness |
| 2012-05-16/a> | Johannes Ullrich | Avira Antivirus false positives http://forum.avira.com/wbb/index.php?page=Thread&threadID=144875 |
| 2012-04-26/a> | Richard Porter | Define Irony: A medical device with a Virus? |
| 2012-04-13/a> | Daniel Wesemann | Anti-virus scanning exclusions |
| 2011-07-11/a> | John Bambenek | Another Defense Contractor Hacked in AntiSec Hacktivism Spree |
| 2011-06-02/a> | Johannes Ullrich | Some Insight into Apple's Anti-Virus Signatures |
| 2011-05-31/a> | Johannes Ullrich | Apple Improving OS X Anti-Malware Feature |
| 2011-05-19/a> | Daniel Wesemann | Fake AV Bingo |
| 2011-03-17/a> | Kevin Liston | So You Got an AV Alert. Now What? |
| 2011-03-09/a> | Kevin Shortt | AVG Anti-Virus 2011 False Positives - Luhe.Exploit.PDF.B |
| 2011-03-01/a> | Daniel Wesemann | AV software and "sharing samples" |
| 2011-01-18/a> | Daniel Wesemann | Yet another rogue anti-virus |
| 2010-11-11/a> | Daniel Wesemann | Fake AV scams via Skype Chat |
| 2010-05-26/a> | Bojan Zdrnja | Malware modularization and AV detection evasion |
| 2010-02-15/a> | Johannes Ullrich | Various Olympics Related Dangerous Google Searches |
| 2009-12-14/a> | Adrien de Beaupre | Anti-forensics, COFEE vs. DECAF |
| 2009-12-03/a> | Mark Hofman | Avast false positives |
| 2009-09-25/a> | Lenny Zeltser | Categories of Common Malware Traits |
| 2009-09-17/a> | Bojan Zdrnja | Why is Rogue/Fake AV so successful? |
| 2009-09-04/a> | Adrien de Beaupre | Fake anti-virus |
| 2009-08-29/a> | Guy Bruneau | Immunet Protect - Cloud and Community Malware Protection |
| 2009-08-19/a> | Daniel Wesemann | Checking your protection |
| 2009-08-13/a> | Johannes Ullrich | CA eTrust update crashes systems |
| 2009-07-11/a> | Marcus Sachs | Imageshack |
| 2008-09-15/a> | donald smith | Fake antivirus 2009 and search engine results |
| 2006-10-30/a> | William Salusky | ToD - Configuration Management - maintaining security awareness |
VIRUS |
| 2019-06-28/a> | Rob VandenBrink | Verifying Running Processes against VirusTotal - Domain-Wide |
| 2019-02-11/a> | Didier Stevens | Have You Seen an Email Virus Recently? |
| 2018-06-25/a> | Didier Stevens | Guilty by association |
| 2017-01-06/a> | John Bambenek | Great Misadventures of Security Vendors: Absurd Sandboxing Edition |
| 2016-01-23/a> | Didier Stevens | Sigcheck and VirusTotal for Offline Machine |
| 2015-12-05/a> | Guy Bruneau | Are you looking to setup your own Malware Sandbox? |
| 2015-08-06/a> | Didier Stevens | Sigcheck and virustotal-search |
| 2015-07-21/a> | Didier Stevens | Searching Through the VirusTotal Database |
| 2015-07-17/a> | Didier Stevens | Process Explorer and VirusTotal |
| 2015-07-17/a> | Didier Stevens | Autoruns and VirusTotal |
| 2015-07-17/a> | Didier Stevens | Sigcheck and VirusTotal |
| 2015-06-28/a> | Didier Stevens | The EICAR Test File |
| 2014-10-03/a> | Johannes Ullrich | CSAM: The Power of Virustotal to Turn Harmless Binaries Malicious |
| 2014-05-27/a> | Kevin Shortt | Avast forums hacked |
| 2014-02-07/a> | Rob VandenBrink | Hello Virustotal? It's Microsoft Calling. |
| 2013-10-30/a> | Russ McRee | SIR v15: Five good reasons to leave Windows XP behind |
| 2013-08-03/a> | Deborah Hale | What Anti-virus Program Is Right For You? |
| 2013-06-07/a> | Daniel Wesemann | 100% Compliant (for 65% of the systems) |
| 2013-04-26/a> | Russ McRee | What is "up to date anti-virus software"? |
| 2012-12-03/a> | John Bambenek | John McAfee Exposes His Location in Photo About His Being on Run |
| 2012-11-29/a> | Kevin Shortt | New Apple Security Update: APPLE-SA-2012-11-29-1 Apple TV 5.1.1 |
| 2012-11-28/a> | Mark Hofman | McAfee releases extraDAT for W32/Autorun.worm.aaeb-h |
| 2012-11-28/a> | Mark Hofman | New version of wireshark is available (1.8.4), some security fixes included. |
| 2012-11-27/a> | Chris Mohan | Can users' phish emails be a security admin's catch of the day? |
| 2012-11-26/a> | John Bambenek | Online Shopping for the Holidays? Tips, News and a Fair Warning |
| 2012-11-20/a> | John Bambenek | Behind the Random NTP Bizarreness of Incorrect Year Being Set |
| 2012-11-20/a> | John Bambenek | Firefox v 17.0 just released, more here: http://www.mozilla.org/en-US/firefox/17.0/releasenotes/ |
| 2012-11-19/a> | John Bambenek | MoneyGram fined $100 million for aiding wire fraud - http://krebsonsecurity.com/2012/11/moneygram-fined-100-million-for-wire-fraud/ |
| 2012-11-19/a> | John Bambenek | New Poll: Top 5 Unresolved Security Problems of 2012 |
| 2012-11-17/a> | Manuel Humberto Santander Pelaez | New Sysinternal Updates: AdExplorer v1.44, Contig v1.7, Coreinfo v3.2, Procdump v5.1. See http://blogs.technet.com/b/sysinternals/archive/2012/11/16/updates-adexplorer-v1-44-contig-v1-7-coreinfo-v3-2-procdump-v5-1.aspx?Redirected=true |
| 2012-11-12/a> | John Bambenek | Request for info: Robocall Phishing Against Local/Regional Banks |
| 2012-11-09/a> | Mark Baggett | Remote Diagnostics with PSR |
| 2012-11-09/a> | Mark Baggett | Fresh batch of Microsoft patches next week |
| 2012-11-07/a> | Mark Baggett | Help eliminate unquoted path vulnerabilities |
| 2012-11-07/a> | Mark Baggett | Multiple 0-Days Reported! |
| 2012-11-07/a> | Mark Baggett | Cisco TACACS+ Authentication Bypass |
| 2012-11-05/a> | Johannes Ullrich | Reminder: Ongoing SMTP Brute Forcing Attacks |
| 2012-11-05/a> | Johannes Ullrich | Possible Fake-AV Ads from Doubleclick Servers |
| 2012-11-04/a> | Lorna Hutcheson | What's important on your network? |
| 2012-11-02/a> | Daniel Wesemann | The shortcomings of anti-virus software |
| 2012-10-31/a> | Johannes Ullrich | Cyber Security Awareness Month - Day 31 - Business Continuity and Disaster Recovery |
| 2012-10-30/a> | Johannes Ullrich | Hurricane Sandy Update |
| 2012-10-30/a> | Richard Porter | Splunk 5.0 SP-CAAAHB4 http://www.splunk.com/view/SP-CAAAHB4 |
| 2012-10-28/a> | Tony Carothers | Firefox 16.02 Released |
| 2012-10-26/a> | Russ McRee | Cyber Security Awareness Month - Day 26 - Attackers use trusted domain to propagate Citadel Zeus variant |
| 2012-10-25/a> | Richard Porter | Cyber Security Awareness Month - Day 25 - Pro Audio & Video Packets on the Wire |
| 2012-10-24/a> | Russ McRee | Ongoing Windstream outage in the midwest - https://twitter.com/search?q=windstream |
| 2012-10-21/a> | Johannes Ullrich | Cyber Security Awareness Month - Day 22: Connectors |
| 2012-10-21/a> | Lorna Hutcheson | Potential Phish for Regular Webmail Accounts |
| 2012-10-19/a> | Johannes Ullrich | Cyber Security Awareness Month - Day 19: Standard log formats and CEE. |
| 2012-10-18/a> | Rob VandenBrink | Cyber Security Awareness Month - Day 18 - Vendor Standards: The vSphere Hardening Guide |
| 2012-10-17/a> | Mark Hofman | New Acrobat release (including reader) available. Version 11. Some security improvements more here -->http://blogs.adobe.com/adobereader/ |
| 2012-10-16/a> | Richard Porter | CyberAwareness Month - Day 15, Standards Body Soup (pt2), Same Soup Different Cook. |
| 2012-10-16/a> | Johannes Ullrich | Cyber Security Awareness Month - Day 16: W3C and HTML |
| 2012-10-14/a> | Pedro Bueno | Cyber Security Awareness Month - Day 14 - Poor Man's File Analysis System - Part 1 |
| 2012-10-09/a> | Johannes Ullrich | Microsoft October 2012 Black Tuesday Update - Overview |
| 2012-10-07/a> | Tony Carothers | Cyber Security Awareness Month - Day 7 - Rollup Review of CSAM Week 1 |
| 2012-10-05/a> | Johannes Ullrich | Cyber Security Awareness Month - Day 5: Standards Body Soup, So many Flavors in the bowl. |
| 2012-10-05/a> | Richard Porter | VMWare Security Advisory: VMSA-2012-0014 - http://www.vmware.com/security/advisories/VMSA-2012-0014.html |
| 2012-10-05/a> | Richard Porter | Reports of a Distributed Injection Scan |
| 2012-10-04/a> | Mark Hofman | And the SHA-3 title goes to .....Keccak |
| 2012-10-01/a> | Johannes Ullrich | Cyber Security Awareness Month |
| 2012-09-28/a> | Joel Esler | Adobe certification revocation for October 4th |
| 2012-09-26/a> | Johannes Ullrich | Some Android phones can be reset to factory default by clicking on links |
| 2012-09-26/a> | Johannes Ullrich | More Java Woes |
| 2012-09-21/a> | Johannes Ullrich | iOS 6 Security Roundup |
| 2012-09-19/a> | Russ McRee | Script kiddie scavenging with Shellbot.S |
| 2012-09-17/a> | Rob VandenBrink | What's on your iPad? |
| 2012-09-14/a> | Lenny Zeltser | Scam Report - Fake Voice Mail Email Notification Redirects to Malicious Site |
| 2012-09-13/a> | Mark Baggett | Microsoft disrupts traffic associated with the Nitol botnet |
| 2012-09-13/a> | Mark Baggett | More SSL trouble |
| 2012-09-10/a> | Johannes Ullrich | Microsoft Patch Tuesday Pre-Release |
| 2012-09-10/a> | Johannes Ullrich | Godaddy DDoS Attack |
| 2012-09-06/a> | Johannes Ullrich | SSL Requests sent to port 80 (request for help/input) |
| 2012-09-04/a> | Johannes Ullrich | Another round of "Spot the Exploit E-Mail" |
| 2012-09-02/a> | Lorna Hutcheson | Demonstrating the value of your Intrusion Detection Program and Analysts |
| 2012-09-01/a> | Russ McRee | Blackhole targeting Java vulnerability via fake Microsoft Services Agreement email phish |
| 2012-08-30/a> | Johannes Ullrich | Editorial: The Slumlord Approach to Network Security http://isc.sans.edu/j/editorial |
| 2012-08-29/a> | Johannes Ullrich | "Data" URLs used for in-URL phishing |
| 2012-08-27/a> | Johannes Ullrich | The Good, Bad and Ugly about Assigning IPv6 Addresses |
| 2012-08-27/a> | Johannes Ullrich | Malware Spam harvesting Facebook Information |
| 2012-08-26/a> | Lorna Hutcheson | Who ya gonna contact? |
| 2012-08-20/a> | Manuel Humberto Santander Pelaez | Do we need test procedures in our companies before implementing Antivirus signatures? |
| 2012-08-19/a> | Manuel Humberto Santander Pelaez | Authentication Issues between entities during protocol message exchange in SCADA Systems |
| 2012-08-12/a> | Tony Carothers | Layers of the Defense-in-Depth Onion |
| 2012-08-12/a> | Tony Carothers | Oracle Security Alert for CVE-2012-3132 |
| 2012-08-09/a> | Mark Hofman | Zeus/Citadel variant causing issues in the Netherlands |
| 2012-08-09/a> | Mark Hofman | SQL Injection Lilupophilupop style, Part 2 |
| 2012-08-07/a> | Adrien de Beaupre | Who protects small business? |
| 2012-08-04/a> | Kevin Liston | Vendors: More Patch-Release Options Please |
| 2012-07-27/a> | Daniel Wesemann | Cuckoo 0.4 is out - cool new features for malware analysis http://www.cuckoosandbox.org/ |
| 2012-07-24/a> | Richard Porter | Wireshark 1.8.1 Released http://www.wireshark.org/ |
| 2012-07-24/a> | Richard Porter | Report of spike in DNS Queries gd21.net |
| 2012-07-20/a> | Mark Baggett | Syria Internet connection cut? |
| 2012-07-19/a> | Mark Baggett | Diagnosing Malware with Resource Monitor |
| 2012-07-19/a> | Mark Baggett | A Heap of Overflows? |
| 2012-07-16/a> | Richard Porter | Sysinternals Update @ http://blogs.technet.com/b/sysinternals/archive/2012/07/16/updates-handle-v3-5-process-explorer-v15-22-process-monitor-v3-03-rammap-v1-21-zoomit-v4-3.aspx |
| 2012-07-13/a> | Richard Porter | Yesterday (not as on the ball as Rob) at SANSFire |
| 2012-07-12/a> | Rick Wanner | Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Immersive Endpoint Devices - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-cts |
| 2012-07-12/a> | Rick Wanner | Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Manager - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctsman |
| 2012-07-12/a> | Rick Wanner | Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctms |
| 2012-07-12/a> | Rick Wanner | Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Recording Server - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctrs |
| 2012-07-09/a> | Johannes Ullrich | The FBI will turn off the Internet on Monday (or not) |
| 2012-07-09/a> | Manuel Humberto Santander Pelaez | Internet Storm Center panel tonight at SANSFIRE 2012! |
| 2012-07-05/a> | Adrien de Beaupre | New OS X trojan backdoor MaControl variant reported |
| 2012-07-02/a> | Joel Esler | A rough guide to keeping your website up |
| 2012-07-02/a> | Joel Esler | Linux & Java leap second bug |
| 2012-06-29/a> | Jim Clausing | Updated SysInternals tools - Autoruns, Process Explorer, Process Monitor, PSKill -- http://blogs.technet.com/b/sysinternals/archive/2012/06/28/updates-autoruns-v11-32-process-explorer-v15-21-process-monitor-v3-02-pskill-v1-15-rammap-v1-2.aspx |
| 2012-06-21/a> | Russ McRee | Analysis of drive-by attack sample set |
| 2012-06-21/a> | Russ McRee | Wireshark 1.8.0 released 21 JUN 2012 http://www.wireshark.org/download.html |
| 2012-06-19/a> | Daniel Wesemann | Vulnerabilityqueerprocessbrittleness |
| 2012-05-16/a> | Johannes Ullrich | Avira Antivirus false positives http://forum.avira.com/wbb/index.php?page=Thread&threadID=144875 |
| 2012-04-26/a> | Richard Porter | Define Irony: A medical device with a Virus? |
| 2012-04-13/a> | Daniel Wesemann | Anti-virus scanning exclusions |
| 2012-03-05/a> | Johannes Ullrich | Flashback Malware now with Twitter C&C |
| 2011-07-02/a> | Pedro Bueno | Bootkits, they are back at full speed... |
| 2011-06-02/a> | Johannes Ullrich | Some Insight into Apple's Anti-Virus Signatures |
| 2011-05-31/a> | Johannes Ullrich | Apple Improving OS X Anti-Malware Feature |
| 2011-05-19/a> | Daniel Wesemann | Fake AV Bingo |
| 2011-04-20/a> | Daniel Wesemann | Virustotal.com hiccup |
| 2011-03-17/a> | Kevin Liston | So You Got an AV Alert. Now What? |
| 2011-03-09/a> | Kevin Shortt | AVG Anti-Virus 2011 False Positives - Luhe.Exploit.PDF.B |
| 2011-03-01/a> | Daniel Wesemann | AV software and "sharing samples" |
| 2011-02-07/a> | Pedro Bueno | The Good , the Bad and the Unknown Online Scanners |
| 2011-01-18/a> | Daniel Wesemann | Yet another rogue anti-virus |
| 2011-01-10/a> | Manuel Humberto Santander Pelaez | Facebook virus spreads via photo album chat messages |
| 2011-01-10/a> | Manuel Humberto Santander Pelaez | VirusTotal VTzilla firefox/chrome plugin |
| 2010-11-11/a> | Daniel Wesemann | Fake AV scams via Skype Chat |
| 2010-09-09/a> | Marcus Sachs | 'Here You Have' Email |
| 2010-06-14/a> | Manuel Humberto Santander Pelaez | Small lot of Olympus Stylus Tough 6010 shipped with malware |
| 2010-05-26/a> | Bojan Zdrnja | Malware modularization and AV detection evasion |
| 2010-02-15/a> | Johannes Ullrich | Various Olympics Related Dangerous Google Searches |
| 2009-12-03/a> | Mark Hofman | Avast false positives |
| 2009-09-25/a> | Lenny Zeltser | Categories of Common Malware Traits |
| 2009-09-17/a> | Bojan Zdrnja | Why is Rogue/Fake AV so successful? |
| 2009-08-29/a> | Guy Bruneau | Immunet Protect - Cloud and Community Malware Protection |
| 2009-08-19/a> | Daniel Wesemann | Checking your protection |
| 2009-08-13/a> | Johannes Ullrich | CA eTrust update crashes systems |
| 2008-09-15/a> | donald smith | Fake antivirus 2009 and search engine results |
| 2006-10-30/a> | William Salusky | ToD - Configuration Management - maintaining security awareness |
| 2000-01-02/a> | Deborah Hale | 2010 A Look Back - 2011 A Look Ahead |
