Threat Level: green Handler on Duty: Russ McRee

SANS ISC Internet Storm Center

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Latest Diaries

Friday Digest - 27 MAR 2015

Published: 2015-03-27
Last Updated: 2015-03-28 00:59:25 UTC
by Russ McRee (Version: 1)
2 comment(s)

JS Malware uptick

We've been seeing an uptick in JS malware (TrojanDownloader:JS/Nemucod.K) loosely disguised as .doc files. The JavaScript is reasonably obfuscated but if executed does result in a trojan'd system. Payloads have been delivered as resumes, invoices, or shipping notices. You'll note payloads given nomenclature such as payload.doc.js.
Feel free to let us know if you've noticed similar, and send along samples via the diary submittal form for comparison (best submitted a password protected zip).

VirusTotal sample data:

Security Weekly

I was interviewed for Episode 411 of Paul Asadoorian's Security Weekly. While I had to often speak in sadly generic and vague terms, a few key takeaways popped out in the conversation.
We all largely agreed that the best tooling and datasets mean nothing when protecting organzations without applied context.
Consider the fact that one of the best ways for a security team to properly design and implement tooling and monitoring is to leverage the network architect to better understand design and layout. This allows goals to be established. Rather than a mission that is based on implementing a tool, the mission should be goal based. What are you trying to protect, not what are trying to install. The premise of operational threat modeling really factors here too. The practice can help prioritize area of importance (avoid boiling the ocean) and allow better goals determination.
Great talking with Paul and team, I appreciate the opportunity.

On a related note, check out Episode 409 with Keren Elazari, go watch her TED talk, then get a copy of this month's Scientific American which includes her article, How To Survive Cyberwar.

Book offering

Wiley is offering a free download (for a limited time) of The Database Hacker's Handbook: Defending Database Servers

GitHub DDoS

GitHub has been under a brutal DDoS attack for 24 hours +.
Keep an eye on for updates.


Overheard by a pentester after a recent pentest:
Passwords.doc is a bad idea :-)

Have a great weekend!

Russ McRee | @holisticinfosec

2 comment(s)
ISC StormCast for Friday, March 27th 2015

If you have more information or corrections regarding our diary, please share.

Recent Diaries

Pin-up on your Smartphone!
2 days ago by Daniel (8 comments)

Repurposing Logs
3 days ago by Kevin Liston (3 comments)

Interesting Home Depot Spam
4 days ago by Rick (4 comments)

Watch for updated router firmware!
4 days ago by Rick (0 comments)

Have you seen my personal information? It has been lost. Again.
1 week ago by Russell (12 comments)

PHP 5.5.23 is available
4 decades ago by Kevin Liston (1 comment)

4 decades ago by Kevin Liston (0 comments)

Nmap/Google Summer of Code
4 decades ago by Kevin Liston (0 comments)

View All Diaries →

Latest Discussions

Cryptofortress and variants - Network Enumeration
created 3 days ago by Anonymous (0 replies)

Getting Into Digital Forensics
created 5 days ago by Hel10s (0 replies)

Security Requirements vs. Secure Requirements
created 1 week ago by SecArchitect (0 replies)

Alien Vault Reviews
created 1 week ago by Victor Hugo (3 replies)

Botnet "attacking" our site but I can't figure out why.
created 2 weeks ago by adama (1 reply)

View All Forums →

Latest News

View All News →