Date Author Title

UNSTOPPABLE TECH SUPPORT MALWARE VISH

2010-07-06Rob VandenBrinkBogus Support Organizations use Live Operators to Install Malware

UNSTOPPABLE

2010-07-06/a>Rob VandenBrinkBogus Support Organizations use Live Operators to Install Malware

TECH

2014-08-12/a>Adrien de BeaupreHost discovery with nmap
2013-04-29/a>Adam SwangerReport Fake Tech Support Calls submission form reminder
2010-07-06/a>Rob VandenBrinkBogus Support Organizations use Live Operators to Install Malware
2008-06-17/a>Kyle HaugsnessWhy go high-tech?

SUPPORT

2024-06-17/a>Xavier MertensNew NetSupport Campaign Delivered Through MSIX Packages
2023-08-18/a>Xavier MertensFrom a Zalando Phishing to a RAT
2022-10-21/a>Brad Duncansczriptzzbn inject pushes malware for NetSupport RAT
2020-02-05/a>Brad DuncanFake browser update pages are "still a thing"
2015-06-27/a>Guy BruneauIs Windows XP still around in your Network a year after Support Ended?
2014-07-05/a>Guy BruneauJava Support ends for Windows XP
2012-12-06/a>Daniel WesemannFake tech support calls - revisited
2012-10-03/a>Kevin ShorttFake Support Calls Reported
2011-05-23/a>Mark HofmanMicrosoft Support Scam (again)
2010-07-06/a>Rob VandenBrinkBogus Support Organizations use Live Operators to Install Malware
2010-06-15/a>Manuel Humberto Santander PelaezMicrosoft Windows Help and Support Center vulnerability (CVE 2010-1885) exploit in the wild
2010-03-01/a>Mark HofmanMicrosoft will drop support for Vista (without any Service Packs) on April 13 and support for XP SP2 ends July 13. (i.e. no more security updates). If you are still running these, it it time to update.
2010-02-03/a>Rob VandenBrinkSupport for Legacy Browsers

MALWARE

2024-11-30/a>Xavier MertensFrom a Regular Infostealer to its Obfuscated Version
2024-11-22/a>Xavier MertensAn Infostealer Searching for « BIP-0039 » Data
2024-11-19/a>Xavier MertensDetecting the Presence of a Debugger in Linux
2024-11-07/a>Xavier MertensSteam Account Checker Poisoned with Infostealer
2024-11-05/a>Xavier MertensPython RAT with a Nice Screensharing Feature
2024-10-09/a>Xavier MertensFrom Perfctl to InfoStealer
2024-09-18/a>Xavier MertensPython Infostealer Patching Windows Exodus App
2024-09-17/a>Xavier Mertens23:59, Time to Exfiltrate!
2024-09-16/a>Xavier MertensManaging PE Files With Overlays
2024-09-11/a>Guy BruneauHygiene, Hygiene, Hygiene! [Guest Diary]
2024-08-27/a>Xavier MertensWhy Is Python so Popular to Infect Windows Hosts?
2024-08-26/a>Xavier MertensFrom Highly Obfuscated Batch File to XWorm and Redline
2024-08-19/a>Xavier MertensDo you Like Donuts? Here is a Donut Shellcode Delivered Through PowerShell/Python
2024-08-14/a>Xavier MertensMultiple Malware Dropped Through MSI Package
2024-07-26/a>Xavier MertensExelaStealer Delivered "From Russia With Love"
2024-07-25/a>Xavier MertensXWorm Hidden With Process Hollowing
2024-07-24/a>Xavier Mertens"Mouse Logger" Malicious Python Script
2024-06-06/a>Xavier MertensMalicious Python Script with a "Best Before" Date
2024-05-28/a>Guy BruneauIs that It? Finding the Unknown: Correlations Between Honeypot Logs & PCAPs [Guest Diary]
2024-05-22/a>Guy BruneauAnalysis of ?redtail? File Uploads to ICS Honeypot, a Multi-Architecture Coin Miner [Guest Diary]
2024-04-29/a>Guy BruneauLinux Trojan - Xorddos with Filename eyshcjdmzg
2024-04-25/a>Jesse La GrewDoes it matter if iptables isn't running on my honeypot?
2024-03-28/a>Xavier MertensFrom JavaScript to AsyncRAT
2024-03-13/a>Xavier MertensUsing ChatGPT to Deobfuscate Malicious Scripts
2024-02-29/a>Jesse La Grew[Guest Diary] Dissecting DarkGate: Modular Malware Delivery and Persistence as a Service.
2024-02-08/a>Xavier MertensA Python MP3 Player with Builtin Keylogger Capability
2024-02-06/a>Jan KoprivaComputer viruses are celebrating their 40th birthday (well, 54th, really)
2024-01-26/a>Xavier MertensA Batch File With Multiple Payloads
2024-01-25/a>Xavier MertensFacebook AdsManager Targeted by a Python Infostealer
2024-01-24/a>Johannes UllrichHow Bad User Interfaces Make Security Tools Harmful
2024-01-19/a>Xavier MertensmacOS Python Script Replacing Wallet Applications with Rogue Apps
2024-01-07/a>Guy BruneauSuspicious Prometei Botnet Activity
2024-01-03/a>Jan KoprivaInteresting large and small malspam attachments from 2023
2023-12-22/a>Xavier MertensShall We Play a Game?
2023-11-18/a>Xavier MertensQuasar RAT Delivered Through Updated SharpLoader
2023-11-15/a>Xavier MertensRedline Dropped Through MSIX Package
2023-11-09/a>Xavier MertensVisual Examples of Code Injection
2023-11-01/a>Xavier MertensMalware Dropped Through a ZPAQ Archive
2023-10-31/a>Xavier MertensMultiple Layers of Anti-Sandboxing Techniques
2023-10-28/a>Xavier MertensSize Matters for Many Security Controls
2023-10-18/a>Jesse La GrewHiding in Hex
2023-09-30/a>Xavier MertensSimple Netcat Backdoor in Python Script
2023-09-29/a>Xavier MertensAre You Still Storing Passwords In Plain Text Files?
2023-08-25/a>Xavier MertensPython Malware Using Postgresql for C2 Communications
2023-08-23/a>Xavier MertensMore Exotic Excel Files Dropping AgentTesla
2023-08-22/a>Xavier MertensHave You Ever Heard of the Fernet Encryption Algorithm?
2023-08-21/a>Xavier MertensQuick Malware Triage With Inotify Tools
2023-08-20/a>Guy BruneauSystemBC Malware Activity
2023-08-18/a>Xavier MertensFrom a Zalando Phishing to a RAT
2023-08-11/a>Xavier MertensShow me All Your Windows!
2023-08-03/a>Jan KoprivaFrom small LNK to large malicious BAT file with zero VT score
2023-07-29/a>Xavier MertensDo Attackers Pay More Attention to IPv6?
2023-07-28/a>Xavier MertensShellCode Hidden with Steganography
2023-07-26/a>Xavier MertensSuspicious IP Addresses Avoided by Malware Samples
2023-06-27/a>Xavier MertensThe Importance of Malware Triage
2023-06-23/a>Xavier MertensWord Document with an Online Attached Template
2023-06-21/a>Yee Ching TokAnalyzing a YouTube Sponsorship Phishing Mail and Malware Targeting Content Creators
2023-06-20/a>Xavier MertensMalicious Code Can Be Anywhere
2023-06-19/a>Xavier MertensMalware Delivered Through .inf File
2023-06-16/a>Xavier MertensAnother RAT Delivered Through VBS
2023-05-17/a>Xavier MertensIncrease in Malicious RAR SFX files
2023-04-07/a>Xavier MertensDetecting Suspicious API Usage with YARA Rules
2023-04-04/a>Johannes UllrichAnalyzing the efile.com Malware "efail"
2023-03-30/a>Xavier MertensBypassing PowerShell Strong Obfuscation
2023-03-26/a>Didier StevensExtra: "String Obfuscation: Character Pair Reversal"
2023-03-01/a>Xavier MertensPython Infostealer Targeting Gamers
2023-02-09/a>Xavier MertensA Backdoor with Smart Screenshot Capability
2023-02-04/a>Guy BruneauAssemblyline as a Malware Analysis Sandbox
2023-01-25/a>Xavier MertensA First Malicious OneNote Document
2023-01-16/a>Johannes UllrichPSA: Why you must run an ad blocker when using Google
2023-01-06/a>Xavier MertensAutoIT Remains Popular in the Malware Landscape
2023-01-05/a>Brad DuncanMore Brazil malspam pushing Astaroth (Guildma) in January 2023
2022-12-21/a>Guy BruneauDShield Sensor Setup in Azure
2022-12-18/a>Guy BruneauInfostealer Malware with Double Extension
2022-11-19/a>Guy BruneauMcAfee Fake Antivirus Phishing Campaign is Back!
2022-11-09/a>Xavier MertensAnother Script-Based Ransomware
2022-11-05/a>Guy BruneauWindows Malware with VHD Extension
2022-11-04/a>Xavier MertensRemcos Downloader with Unicode Obfuscation
2022-10-24/a>Xavier MertensC2 Communications Through outlook.com
2022-10-21/a>Brad Duncansczriptzzbn inject pushes malware for NetSupport RAT
2022-10-18/a>Xavier MertensPython Obfuscation for Dummies
2022-10-17/a>Xavier MertensFileless Powershell Dropper
2022-10-15/a>Guy BruneauMalware - Covid Vaccination Supplier Declaration
2022-10-07/a>Xavier MertensPowershell Backdoor with DGA Capability
2022-09-25/a>Didier StevensDownloading Samples From Takendown Domains
2022-09-24/a>Didier StevensMaldoc Analysis Info On MalwareBazaar
2022-09-23/a>Xavier MertensKids Like Cookies, Malware Too!
2022-09-22/a>Xavier MertensRAT Delivered Through FODHelper
2022-09-15/a>Xavier MertensMalicious Word Document with a Frameset
2022-09-14/a>Xavier MertensEasy Process Injection within Python
2022-09-10/a>Guy BruneauPhishing Word Documents with Suspicious URL
2022-09-03/a>Didier StevensVideo: James Webb JPEG With Malware
2022-09-02/a>Didier StevensJames Webb JPEG With Malware
2022-08-30/a>Johannes UllrichTwo things that will never die: bash scripts and IRC!
2022-08-22/a>Xavier Mertens32 or 64 bits Malware?
2022-07-29/a>Johannes UllrichPDF Analysis Intro and OpenActions Entries
2022-07-25/a>Xavier MertensPowerShell Script with Fileless Capability
2022-07-20/a>Xavier MertensMalicious Python Script Behaving Like a Rubber Ducky
2022-06-25/a>Xavier MertensMalicious Code Passed to PowerShell via the Clipboard
2022-06-22/a>Xavier MertensMalicious PowerShell Targeting Cryptocurrency Browser Extensions
2022-06-16/a>Xavier MertensHoudini is Back Delivered Through a JavaScript Dropper
2022-06-04/a>Guy BruneauSpam Email Contains a Very Large ISO file
2022-06-03/a>Xavier MertensSandbox Evasion... With Just a Filename!
2022-05-31/a>Xavier MertensFirst Exploitation of Follina Seen in the Wild
2022-05-20/a>Xavier MertensA 'Zip Bomb' to Bypass Security Controls & Sandboxes
2022-05-19/a>Brad DuncanBumblebee Malware from TransferXL URLs
2022-05-11/a>Brad DuncanTA578 using thread-hijacked emails to push ISO files for Bumblebee malware
2022-05-07/a>Guy BruneauPhishing PDF Received in my ISC Mailbox
2022-05-06/a>Jan KoprivaWhat is the simplest malware in the world?
2022-05-05/a>Brad DuncanPassword-protected Excel spreadsheet pushes Remcos RAT
2022-04-21/a>Xavier MertensMulti-Cryptocurrency Clipboard Swapper
2022-04-06/a>Brad DuncanWindows MetaStealer Malware
2022-03-25/a>Xavier MertensXLSB Files: Because Binary is Stealthier Than XML
2022-03-24/a>Xavier MertensMalware Delivered Through Free Sharing Tool
2022-03-23/a>Brad DuncanArkei Variants: From Vidar to Mars Stealer
2022-03-11/a>Xavier MertensKeep an Eye on WebSockets
2022-03-09/a>Xavier MertensInfostealer in a Batch File
2022-02-22/a>Xavier MertensA Good Old Equation Editor Vulnerability Delivering Malware
2022-02-18/a>Xavier MertensRemcos RAT Delivered Through Double Compressed Archive
2022-02-11/a>Xavier MertensCinaRAT Delivered Through HTML ID Attributes
2022-01-20/a>Xavier MertensRedLine Stealer Delivered Through FTP
2022-01-07/a>Xavier MertensCustom Python RAT Builder
2022-01-06/a>Xavier MertensMalicious Python Script Targeting Chinese People
2022-01-05/a>Xavier MertensCode Reuse In the Malware Landscape
2021-12-21/a>Xavier MertensMore Undetected PowerShell Dropper
2021-12-15/a>Xavier MertensSimple but Undetected PowerShell Backdoor
2021-12-03/a>Xavier MertensThe UPX Packer Will Never Die!
2021-12-02/a>Brad DuncanTA551 (Shathak) pushes IcedID (Bokbot)
2021-11-19/a>Xavier MertensDownloader Disguised as Excel Add-In (XLL)
2021-11-18/a>Xavier MertensJavaScript Downloader Delivers Agent Tesla Trojan
2021-10-21/a>Brad Duncan"Stolen Images Evidence" campaign pushes Sliver-based malware
2021-10-01/a>Xavier MertensNew Tool to Add to Your LOLBAS List: cvtres.exe
2021-09-23/a>Xavier MertensExcel Recipe: Some VBA Code with a Touch of Excel4 Macro
2021-09-01/a>Brad DuncanSTRRAT: a Java-based RAT that doesn't care if you have Java
2021-08-30/a>Xavier MertensCryptocurrency Clipboard Swapper Delivered With Love
2021-08-20/a>Xavier MertensWaiting for the C2 to Show Up
2021-08-15/a>Didier StevensSimple Tips For Triage Of MALWARE Bazaar's Daily Malware Batches
2021-08-07/a>Didier StevensMALWARE Bazaar "Download daily malware batches"
2021-08-06/a>Xavier MertensMalicious Microsoft Word Remains A Key Infection Vector
2021-07-30/a>Xavier MertensInfected With a .reg File
2021-07-29/a>Xavier MertensMalicious Content Delivered Through archive.org
2021-07-24/a>Xavier MertensAgent.Tesla Dropped via a .daa Image and Talking to Telegram
2021-07-16/a>Xavier MertensMultiple BaseXX Obfuscations
2021-07-06/a>Xavier MertensPython DLL Injection Check
2021-06-30/a>Brad DuncanJune 2021 Forensic Contest: Answers and Analysis
2021-06-11/a>Xavier MertensKeeping an Eye on Dangerous Python Modules
2021-06-09/a>Jan KoprivaArchitecture, compilers and black magic, or "what else affects the ability of AVs to detect malicious files"
2021-06-04/a>Xavier MertensRussian Dolls VBS Obfuscation
2021-05-28/a>Xavier MertensMalicious PowerShell Hosted on script.google.com
2021-05-27/a>Jan KoprivaAll your Base are...nearly equal when it comes to AV evasion, but 64-bit executables are not
2021-05-21/a>Xavier MertensLocking Kernel32.dll As Anti-Debugging Technique
2021-05-19/a>Brad DuncanMay 2021 Forensic Contest: Answers and Analysis
2021-05-18/a>Xavier MertensFrom RunDLL32 to JavaScript then PowerShell
2021-05-06/a>Xavier MertensAlternative Ways To Perform Basic Tasks
2021-05-05/a>Brad DuncanMay 2021 Forensic Contest
2021-04-29/a>Xavier MertensFrom Python to .Net
2021-04-28/a>Xavier MertensDeeper Analyzis of my Last Malicious PowerPoint Add-On
2021-04-23/a>Xavier MertensMalicious PowerPoint Add-On: "Small Is Beautiful"
2021-04-09/a>Xavier MertensNo Python Interpreter? This Simple RAT Installs Its Own Copy
2021-04-08/a>Xavier MertensSimple Powershell Ransomware Creating a 7Z Archive of your Files
2021-04-06/a>Jan KoprivaMalspam with Lokibot vs. Outlook and RFCs
2021-04-02/a>Xavier MertensC2 Activity: Sandboxes or Real Victims?
2021-04-01/a>Brad DuncanApril 2021 Forensic Quiz
2021-03-31/a>Xavier MertensQuick Analysis of a Modular InfoStealer
2021-03-19/a>Xavier MertensPastebin.com Used As a Simple C2 Channel
2021-03-18/a>Xavier MertensSimple Python Keylogger
2021-03-17/a>Xavier MertensDefenders, Know Your Operating System Like Attackers Do!
2021-03-16/a>Jan Kopriva50 years of malware? Not really. 50 years of computer worms? That's a different story...
2021-03-04/a>Xavier MertensFrom VBS, PowerShell, C Sharp, Process Hollowing to RAT
2021-02-19/a>Xavier MertensDynamic Data Exchange (DDE) is Back in the Wild?
2021-02-14/a>Didier StevensVideo: tshark & Malware Analysis
2021-02-12/a>Xavier MertensAgentTesla Dropped Through Automatic Click in Microsoft Help File
2021-02-11/a>Jan KoprivaAgent Tesla hidden in a historical anti-malware tool
2021-02-03/a>Brad DuncanExcel spreadsheets push SystemBC malware
2021-02-02/a>Xavier MertensNew Example of XSL Script Processing aka "Mitre T1220"
2021-01-22/a>Xavier MertensAnother File Extension to Block in your MTA: .jnlp
2021-01-21/a>Xavier MertensPowershell Dropping a REvil Ransomware
2021-01-04/a>Jan KoprivaFrom a small BAT file to Mass Logger infostealer
2021-01-02/a>Guy BruneauProtecting Home Office and Enterprise in 2021
2020-12-24/a>Xavier MertensMalicious Word Document Delivering an Octopus Backdoor
2020-12-22/a>Xavier MertensMalware Victim Selection Through WiFi Identification
2020-12-03/a>Brad DuncanTraffic Analysis Quiz: Mr Natural
2020-11-25/a>Xavier MertensLive Patching Windows API Calls Using PowerShell
2020-11-23/a>Didier StevensQuick Tip: Cobalt Strike Beacon Analysis
2020-11-09/a>Xavier MertensHow Attackers Brush Up Their Malicious Scripts
2020-10-25/a>Didier StevensVideo: Pascal Strings
2020-10-21/a>Daniel WesemannShipping dangerous goods
2020-09-24/a>Xavier MertensParty in Ibiza with PowerShell
2020-09-23/a>Xavier MertensMalicious Word Document with Dynamic Content
2020-09-18/a>Xavier MertensA Mix of Python & VBA in a Malicious Word Document
2020-09-15/a>Brad DuncanTraffic Analysis Quiz: Oh No... Another Infection!
2020-09-04/a>Jan KoprivaA blast from the past - XXEncoded VB6.0 Trojan
2020-09-03/a>Xavier MertensSandbox Evasion Using NTP
2020-08-28/a>Xavier MertensExample of Malicious DLL Injected in PowerShell
2020-08-26/a>Xavier MertensMalicious Excel Sheet with a NULL VT Score
2020-08-24/a>Xavier MertensTracking A Malware Campaign Through VT
2020-08-19/a>Xavier MertensExample of Word Document Delivering Qakbot
2020-08-18/a>Xavier MertensUsing API's to Track Attackers
2020-08-14/a>Jan KoprivaDefinition of 'overkill' - using 130 MB executable to hide 24 kB malware
2020-08-06/a>Xavier MertensA Fork of the FTCode Powershell Ransomware
2020-08-05/a>Brad DuncanTraffic Analysis Quiz: What's the Malware From This Infection?
2020-07-24/a>Xavier MertensCompromized Desktop Applications by Web Technologies
2020-07-15/a>Brad DuncanWord docs with macros for IcedID (Bokbot)
2020-07-10/a>Brad DuncanExcel spreasheet macro kicks off Formbook infection
2020-07-08/a>Xavier MertensIf You Want Something Done Right, You Have To Do It Yourself... Malware Too!
2020-06-13/a>Guy BruneauMirai Botnet Activity
2020-06-04/a>Xavier MertensAnti-Debugging Technique based on Memory Protection
2020-06-01/a>Jim ClausingStackstrings, type 2
2020-05-23/a>Xavier MertensAgentTesla Delivered via a Malicious PowerPoint Add-In
2020-05-21/a>Xavier MertensMalware Triage with FLOSS: API Calls Based Behavior
2020-05-20/a>Brad DuncanMicrosoft Word document with malicious macro pushes IcedID (Bokbot)
2020-05-06/a>Xavier MertensKeeping an Eye on Malicious Files Life Time
2020-04-27/a>Xavier MertensPowershell Payload Stored in a PSCredential Object
2020-04-25/a>Didier StevensMALWARE Bazaar
2020-04-24/a>Xavier MertensMalicious Excel With a Strong Obfuscation and Sandbox Evasion
2020-04-20/a>Didier StevensKPOT AutoIt Script: Analysis
2020-04-17/a>Xavier MertensWeaponized RTF Document Generator & Mailer in PowerShell
2020-04-12/a>Didier StevensReader Analysis: "Dynamic analysis technique to get decrypted KPOT Malware."
2020-04-10/a>Xavier MertensPowerShell Sample Extracting Payload From SSL
2020-04-03/a>Xavier MertensObfuscated with a Simple 0x0A
2020-03-31/a>Johannes UllrichKwampirs Targeted Attacks Involving Healthcare Sector
2020-03-27/a>Xavier MertensMalicious JavaScript Dropping Payload in the Registry
2020-03-26/a>Xavier MertensVery Large Sample as Evasion Technique?
2020-03-23/a>Didier StevensKPOT Deployed via AutoIt Script
2020-03-22/a>Didier StevensMore COVID-19 Themed Malware
2020-03-21/a>Guy BruneauHoneypot - Scanning and Targeting Devices & Services
2020-03-19/a>Xavier MertensCOVID-19 Themed Multistage Malware
2020-03-11/a>Xavier MertensAgent Tesla Delivered via Fake Canon EOS Notification on Free OwnCloud Account
2020-03-06/a>Xavier MertensA Safe Excel Sheet Not So Safe
2020-02-21/a>Xavier MertensQuick Analysis of an Encrypted Compound Document Format
2020-02-14/a>Xavier MertensKeep an Eye on Command-Line Browsers
2020-02-07/a>Xavier MertensSandbox Detection Tricks & Nice Obfuscation in a Single VBScript
2020-02-03/a>Jan KoprivaAnalysis of a triple-encrypted AZORult downloader
2020-01-16/a>Jan KoprivaPicks of 2019 malware - the large, the small and the one full of null bytes
2020-01-10/a>Xavier MertensMore Data Exfiltration
2020-01-09/a>Xavier MertensQuick Analyzis of a(nother) Maldoc
2020-01-02/a>Xavier MertensRansomware in Node.js
2019-12-24/a>Brad DuncanMalspam with links to Word docs pushes IcedID (Bokbot)
2019-12-12/a>Xavier MertensCode & Data Reuse in the Malware Ecosystem
2019-11-23/a>Guy BruneauLocal Malware Analysis with Malice
2019-10-18/a>Xavier MertensQuick Malicious VBS Analysis
2019-10-03/a>Xavier Mertens"Lost_Files" Ransomware
2019-09-19/a>Xavier MertensAgent Tesla Trojan Abusing Corporate Email Accounts
2019-08-30/a>Xavier MertensMalware Dropping a Local Node.js Instance
2019-08-28/a>Xavier MertensMalware Samples Compiling Their Next Stage on Premise
2019-08-22/a>Xavier MertensSimple Mimikatz & RDPWrapper Dropper
2019-08-18/a>Didier StevensVideo: Analyzing DAA Files
2019-08-16/a>Didier StevensThe DAA File Format
2019-08-12/a>Didier StevensMalicious .DAA Attachments
2019-07-18/a>Xavier MertensMalicious PHP Script Back on Stage?
2019-07-11/a>Xavier MertensRussian Dolls Malicious Script Delivering Ursnif
2019-07-02/a>Xavier MertensMalicious Script With Multiple Payloads
2019-06-14/a>Jim ClausingA few Ghidra tips for IDA users, part 4 - function call graphs
2019-06-10/a>Xavier MertensInteresting JavaScript Obfuscation Example
2019-05-29/a>Xavier MertensBehavioural Malware Analysis with Microsoft ASA
2019-05-13/a>Xavier MertensFrom Phishing To Ransomware?
2019-05-03/a>Jim ClausingA few Ghidra tips for IDA users, part 3 - conversion, labels, and comments
2019-05-01/a>Xavier MertensAnother Day, Another Suspicious UDF File
2019-04-19/a>Didier StevensAnalyzing UDF Files with Python
2019-04-17/a>Jim ClausingA few Ghidra tips for IDA users, part 2 - strings and parameters
2019-04-17/a>Xavier MertensMalware Sample Delivered Through UDF Image
2019-04-08/a>Jim ClausingA few Ghidra tips for IDA users, part 1 - the decompiler/unreachable code
2019-04-03/a>Jim ClausingA few Ghidra tips for IDA users, part 0 - automatic comments for API call parameters
2019-03-30/a>Didier Stevens"404" is not Malware
2019-03-10/a>Didier StevensMalicious HTA Analysis by a Reader
2019-03-10/a>Didier StevensQuick and Dirty Malicious HTA Analysis
2019-02-14/a>Xavier MertensOld H-Worm Delivered Through GitHub
2019-01-16/a>Brad DuncanEmotet infections and follow-up malware
2019-01-06/a>Didier StevensMalicious .tar Attachments
2019-01-05/a>Didier StevensA Malicious JPEG? Second Example
2019-01-04/a>Didier StevensA Malicious JPEG?
2019-01-02/a>Xavier MertensMalicious Script Leaking Data via FTP
2018-12-09/a>Didier StevensQuickie: String Analysis is Still Useful
2018-12-08/a>Didier StevensReader Malware Submission: MHT File Inside a ZIP File
2018-11-27/a>Xavier MertensMore obfuscated shell scripts: Fake MacOS Flash update
2018-11-26/a>Xavier MertensObfuscated bash script targeting QNap boxes
2018-11-22/a>Xavier MertensDivided Payload in Multiple Pasties
2018-11-06/a>Xavier MertensMalicious Powershell Script Dissection
2018-10-23/a>Xavier MertensDiving into Malicious AutoIT Code
2018-10-22/a>Xavier MertensMalicious Powershell using a Decoy Picture
2018-10-21/a>Pasquale StirparoBeyond good ol’ LaunchAgent - part 0
2018-10-12/a>Xavier MertensMore Equation Editor Exploit Waves
2018-09-28/a>Xavier MertensMore Excel DDE Code Injection
2018-09-22/a>Didier StevensSuspicious DNS Requests ... Issued by a Firewall
2018-09-16/a>Didier Stevens20/20 malware vision
2018-09-13/a>Xavier MertensMalware Delivered Through MHT Files
2018-09-05/a>Xavier MertensMalicious PowerShell Compiling C# Code on the Fly
2018-08-31/a>Jim ClausingQuickie: Using radare2 to disassemble shellcode
2018-08-30/a>Xavier MertensCrypto Mining Is More Popular Than Ever!
2018-08-26/a>Didier StevensIdentifying numeric obfuscation
2018-08-26/a>Didier Stevens"When was this machine infected?"
2018-08-24/a>Xavier MertensMicrosoft Publisher Files Delivering Malware
2018-08-21/a>Xavier MertensMalicious DLL Loaded Through AutoIT
2018-08-06/a>Didier StevensNumeric obfuscation: another example
2018-08-04/a>Didier StevensDealing with numeric obfuscation in malicious scripts
2018-08-02/a>Brad DuncanDHL-themed malspam reveals embedded malware in animated gif
2018-07-26/a>Xavier MertensWindows Batch File Deobfuscation
2018-07-09/a>Renato MarinhoCriminals Don't Read Instructions or Use Strong Passwords
2018-06-07/a>Remco VerhoefAutomated twitter loot collection
2018-06-05/a>Xavier MertensMalicious Post-Exploitation Batch File
2018-06-01/a>Remco VerhoefBinary analysis with Radare2
2018-05-22/a>Xavier MertensMalware Distributed via .slk Files
2018-05-19/a>Xavier MertensMalicious Powershell Targeting UK Bank Customers
2018-05-09/a>Xavier MertensNice Phishing Sample Delivering Trickbot
2018-05-07/a>Xavier MertensAdding Persistence Via Scheduled Tasks
2018-05-01/a>Xavier MertensDiving into a Simple Maldoc Generator
2018-03-05/a>Xavier MertensMalicious Bash Script with Multiple Features
2018-03-04/a>Xavier MertensThe Crypto Miners Fight For CPU Cycles
2018-02-25/a>Didier StevensRetrieving malware over Tor on Windows
2018-02-02/a>Xavier MertensSimple but Effective Malicious XLS Sheet
2018-01-28/a>Didier StevensIs this a pentest?
2018-01-26/a>Xavier MertensInvestigating Microsoft BITS Activity
2018-01-25/a>Xavier MertensRansomware as a Service
2018-01-11/a>Xavier MertensMining or Nothing!
2017-12-19/a>Xavier MertensExample of 'MouseOver' Link in a Powerpoint File
2017-12-16/a>Xavier MertensMicrosoft Office VBA Macro Obfuscation via Metadata
2017-11-29/a>Xavier MertensFileless Malicious PowerShell Sample
2017-11-16/a>Xavier MertensSuspicious Domains Tracking Dashboard
2017-11-15/a>Xavier MertensIf you want something done right, do it yourself!
2017-11-13/a>Guy BruneauVBE Embeded Script (info.zip)
2017-11-07/a>Xavier MertensInteresting VBA Dropper
2017-11-03/a>Xavier MertensSimple Analysis of an Obfuscated JAR File
2017-10-31/a>Xavier MertensSome Powershell Malicious Code
2017-10-29/a>Didier StevensRemember ACE files?
2017-10-24/a>Xavier MertensBadRabbit: New ransomware wave hitting RU & UA
2017-10-15/a>Didier StevensPeeking into .msg files
2017-09-09/a>Didier StevensMalware analysis output sanitization
2017-09-02/a>Xavier MertensAutoIT based malware back in the wild
2017-08-26/a>Didier StevensMalware analysis: searching for dots
2017-08-25/a>Xavier MertensMalicious AutoIT script delivered in a self-extracting RAR file
2017-08-23/a>Xavier MertensMalicious script dropping an executable signed by Avast?
2017-08-18/a>Renato MarinhoEngineBox Malware Supports 10+ Brazilian Banks
2017-07-21/a>Didier StevensMalicious .iso Attachments
2017-07-09/a>Russ McReeAdversary hunting with SOF-ELK
2017-07-05/a>Didier StevensSelecting domains with random names
2017-06-22/a>Xavier MertensObfuscating without XOR
2017-06-06/a>Didier StevensMalware and XOR - Part 2
2017-06-05/a>Didier StevensMalware and XOR - Part 1
2017-05-16/a>Russ McReeWannaCry? Do your own data analysis.
2017-05-13/a>Guy BruneauMicrosoft Released Guidance for WannaCrypt
2017-04-28/a>Xavier MertensAnother Day, Another Obfuscation Technique
2017-04-19/a>Xavier MertensHunting for Malicious Excel Sheets
2017-04-05/a>Xavier MertensWhitelists: The Holy Grail of Attackers
2017-03-18/a>Xavier MertensExample of Multiple Stages Dropper
2017-03-12/a>Guy BruneauHoneypot Logs and Tracking a VBE Script
2017-03-08/a>Xavier MertensNot All Malware Samples Are Complex
2017-02-05/a>Xavier MertensMany Malware Samples Found on Pastebin
2017-01-31/a>Johannes UllrichMalicious Office files using fileless UAC bypass to drop KEYBASE malware
2017-01-24/a>Xavier MertensMalicious SVG Files in the Wild
2017-01-06/a>John BambenekRansomware Operators Cold Calling UK Schools to Get Malware Through
2017-01-05/a>John BambenekNew Year's Resolution: Build Your Own Malware Lab?
2017-01-01/a>Didier Stevenspy2exe Decompiling - Part 1
2016-12-13/a>Xavier MertensUAC Bypass in JScript Dropper
2016-11-11/a>Rick WannerBenevolent malware? reincarna/Linux.Wifatch
2016-10-30/a>Pasquale StirparoVolatility Bot: Automated Memory Analysis
2016-09-30/a>Xavier MertensAnother Day, Another Malicious Behaviour
2016-09-13/a>Rob VandenBrinkIf it's Free, YOU are the Product
2016-09-05/a>Xavier MertensMalware Delivered via '.pub' Files
2016-09-01/a>Xavier MertensMaxmind.com (Ab)used As Anti-Analysis Technique
2016-08-25/a>Xavier MertensOut-of-Band iOS Patch Fixes 0-Day Vulnerabilities
2016-08-24/a>Xavier MertensExample of Targeted Attack Through a Proxy PAC File
2016-08-23/a>Xavier MertensVoice Message Notifications Deliver Ransomware
2016-08-01/a>Daniel WesemannAre you getting I-CANNED ?
2016-07-27/a>Xavier MertensAnalyze of a Linux botnet client source code
2016-07-25/a>Didier StevensPython Malware - Part 4
2016-07-16/a>Didier StevensPython Malware - Part 3
2016-07-12/a>Xavier MertensHunting for Malicious Files with MISP + OSSEC
2016-06-20/a>Xavier MertensOngoing Spam Campaign Related to Swift
2016-06-18/a>Rob VandenBrinkControlling JavaScript Malware Before it Runs
2016-05-15/a>Didier StevensPython Malware - Part 1
2016-05-13/a>Xavier MertensMISP - Malware Information Sharing Platform
2016-05-05/a>Xavier MertensMicrosoft BITS Used to Download Payloads
2016-05-02/a>Rick WannerFake Chrome update for Android
2016-04-21/a>Daniel WesemannDecoding Pseudo-Darkleech (#1)
2016-04-21/a>Daniel WesemannDecoding Pseudo-Darkleech (Part #2)
2016-04-10/a>Didier StevensHandling Malware Samples
2016-03-07/a>Xavier MertensAnother Malicious Document, Another Way to Deliver Malicious Code
2016-02-24/a>Xavier MertensAnalyzis of a Malicious .lnk File with an Embedded Payload
2016-02-18/a>Xavier MertensHunting for Executable Code in Windows Environments
2016-02-11/a>Tom WebbTomcat IR with XOR.DDoS
2016-01-24/a>Didier StevensObfuscated MIME Files
2016-01-15/a>Xavier MertensJavaScript Deobfuscation Tool
2016-01-01/a>Didier StevensFailure Is An Option
2015-12-26/a>Didier StevensMalfunctioning Malware
2015-12-16/a>Xavier MertensPlaying With Sandboxes Like a Boss
2015-12-06/a>Mark HofmanMalware SPAM a new run has started.
2015-11-09/a>John BambenekProtecting Users and Enterprises from the Mobile Malware Threat
2015-09-29/a>Pedro BuenoTricks for DLL analysis
2015-09-28/a>Johannes Ullrich"Transport of London" Malicious E-Mail
2015-09-21/a>Xavier MertensDetecting XCodeGhost Activity
2015-04-24/a>Basil Alawi S.TaherFileless Malware
2015-04-09/a>Brad DuncanAn example of the malicious emails sometimes sent to the ISC handler addresses
2015-03-18/a>Daniel WesemannNew SANS memory forensics poster
2015-03-14/a>Didier StevensMaldoc VBA Sandbox/Virtualization Detection
2015-03-08/a>Brad DuncanWhat Happened to You, Asprox Botnet?
2015-02-19/a>Daniel WesemannMacros? Really?!
2014-10-03/a>Johannes UllrichCSAM: The Power of Virustotal to Turn Harmless Binaries Malicious
2014-09-22/a>Johannes UllrichFake LogMeIn Certificate Update with Bad AV Detection Rate
2014-08-06/a>Chris MohanFree Service to Help CryptoLocker Victims by FireEye and Fox-IT
2014-07-22/a>Daniel WesemannIvan's Order of Magnitude
2014-07-19/a>Russ McReeKeeping the RATs out: the trap is sprung - Part 3
2014-07-18/a>Russ McReeKeeping the RATs out: **it happens - Part 2
2014-07-18/a>Russ McReeGameover Zeus reported as "returned from the dead"
2014-07-16/a>Russ McReeKeeping the RATs out: an exercise in building IOCs - Part 1
2014-07-05/a>Guy BruneauMalware Analysis with pedump
2014-06-22/a>Russ McReeOfficeMalScanner helps identify the source of a compromise
2014-06-08/a>Guy Bruneauefax Spam Containing Malware
2014-04-06/a>Basil Alawi S.Taher"Power Worm" PowerShell based Malware
2014-04-05/a>Jim ClausingThose strange e-mails with URLs in them can lead to Android malware
2014-03-04/a>Daniel WesemannXPired!
2014-02-28/a>Daniel WesemannFiesta!
2014-01-19/a>Rick WannerAnatomy of a Malware distribution campaign
2013-12-24/a>Daniel WesemannMr Jones wants you to appear in court!
2013-12-23/a>Daniel WesemannCostco, BestBuy, Walmart really want to send you a package!
2013-12-07/a>Guy BruneauSuspected Active Rovnix Botnet Controller
2013-11-02/a>Rick WannerProtecting Your Family's Computers
2013-10-31/a>Russ McReeHappy Halloween: The Ghost Really May Be In The Machine
2013-10-30/a>Russ McReeSIR v15: Five good reasons to leave Windows XP behind
2013-10-28/a>Daniel WesemannExploit cocktail (Struts, Java, Windows) going after 3-month old vulnerabilities
2013-10-24/a>Johannes UllrichFalse Positive: php.net Malware Alert
2013-09-30/a>Adrien de BeaupreTwitter DM spam/malware
2013-09-12/a>Daniel Wesemann37.58.73.42 / 95.156.228.69 / 195.210.43.42, anyone?
2013-09-10/a>Swa FrantzenMacs need to patch too!
2013-08-29/a>Russ McReeSuspect Sendori software
2013-07-04/a>Russ McReeCelebrating 4th of July With a Malware PCAP Visualization
2013-06-18/a>Russ McReeVolatility rules...any questions?
2013-05-21/a>Adrien de BeaupreMoore, Oklahoma tornado charitable organization scams, malware, and phishing
2013-05-17/a>Daniel Wesemanne-netprotections.su ?
2013-05-16/a>Daniel WesemannExtracting signatures from Apple .apps
2013-05-11/a>Lenny ZeltserExtracting Digital Signatures from Signed Malware
2013-05-01/a>Daniel WesemannThe cost of cleaning up
2013-04-10/a>Manuel Humberto Santander PelaezMassive Google scam sent by email to Colombian domains
2013-03-22/a>Mark BaggettWipe the drive! Stealthy Malware Persistence - Part 4
2013-03-20/a>Mark BaggettWipe the drive! Stealthy Malware Persistence - Part 3
2013-03-19/a>Johannes UllrichScam of the day: More fake CNN e-mails
2013-03-15/a>Mark BaggettAVG detect legit file as virus
2013-03-14/a>Mark BaggettWipe the drive! Stealthy Malware Persistence - Part 2
2013-03-13/a>Mark BaggettWipe the drive! Stealthy Malware Persistence Mechanism - Part 1
2013-02-25/a>Johannes UllrichMass-Customized Malware Lures: Don't trust your cat!
2013-01-08/a>Jim ClausingCuckoo 0.5 is out and the world didn't end
2012-12-18/a>Rob VandenBrinkAll I Want for Christmas is to Not Get Hacked !
2012-12-03/a>Kevin ListonMobile Malware: Request for Field Reports
2012-11-02/a>Daniel WesemannLamiabiocasa
2012-11-01/a>Daniel WesemannPatched your Java yet?
2012-10-14/a>Pedro BuenoCyber Security Awareness Month - Day 14 - Poor Man's File Analysis System - Part 1
2012-09-21/a>Guy BruneauStoring your Collection of Malware Samples with Malwarehouse
2012-09-14/a>Lenny ZeltserAnalyzing Malicious RTF Files Using OfficeMalScanner's RTFScan
2012-07-21/a>Rick WannerOpenDNS is looking for a few good malware people!
2012-07-05/a>Adrien de BeaupreNew OS X trojan backdoor MaControl variant reported
2012-06-27/a>Swa FrantzenOnline Banking Heists
2012-06-26/a>Daniel WesemannRun, Forest! (Update)
2012-06-25/a>Rick WannerTargeted Malware for Industrial Espionage?
2012-06-25/a>Swa FrantzenBelgian online banking customers hacked.
2012-06-22/a>Daniel WesemannRun, Forest!
2012-06-21/a>Raul SilesPrint Bomb? (Take 2)
2012-06-21/a>Russ McReeAnalysis of drive-by attack sample set
2012-06-19/a>Daniel Wesemann Vulnerabilityqueerprocessbrittleness
2012-06-04/a>Lenny ZeltserDecoding Common XOR Obfuscation in Malicious Code
2012-04-26/a>Richard PorterDefine Irony: A medical device with a Virus?
2012-04-25/a>Daniel WesemannBlacole's obfuscated JavaScript
2012-04-25/a>Daniel WesemannBlacole's shell code
2012-04-12/a>Guy BruneauHP ProCurve 5400 zl Switch, Flash Cards Infected with Malware
2012-04-12/a>Guy BruneauApple Java Updates for Mac OS X
2012-03-25/a>Daniel Wesemannevilcode.class
2012-03-03/a>Jim ClausingNew automated sandbox for Android malware
2012-02-24/a>Guy BruneauFlashback Trojan in the Wild
2012-02-20/a>Pedro BuenoSimple Malware Research Tools
2012-02-20/a>Rick WannerDNSChanger resolver shutdown deadline is March 8th
2012-01-14/a>Daniel WesemannHello, Antony!
2011-12-28/a>Daniel Wesemann.nl.ai ?
2011-12-10/a>Daniel WesemannUnwanted Presents
2011-12-07/a>Lenny ZeltserV8 as an Alternative to SpiderMonkey for JavaScript Deobfuscation
2011-11-04/a>Guy BruneauDuqu Mitigation
2011-10-20/a>Johannes UllrichEvil Printers Sending Mail
2011-09-07/a>Lenny ZeltserAnalyzing Mobile Device Malware - Honeynet Forensic Challenge 9 and Some Tools
2011-08-29/a>Kevin ShorttInternet Worm in the Wild
2011-06-15/a>Pedro BuenoHit by MacDefender, Apple Web Security (name your Mac FakeAV here)...
2011-05-25/a>Daniel WesemannApple advisory on "MacDefender" malware
2011-05-19/a>Daniel WesemannFake AV Bingo
2011-05-14/a>Guy BruneauWebsense Study Claims Canada Next Hotbed for Cybercrime Web Hosting Activity
2011-05-03/a>Johannes UllrichUpdate on Osama Bin Laden themed Malware
2011-05-02/a>Johannes UllrichBin Laden Death Related Malware
2011-04-23/a>Manuel Humberto Santander PelaezImage search can lead to malware download
2011-03-01/a>Daniel WesemannAV software and "sharing samples"
2011-02-07/a>Pedro BuenoThe Good , the Bad and the Unknown Online Scanners
2011-02-01/a>Lenny ZeltserThe Importance of HTTP Headers When Investigating Malicious Sites
2010-12-29/a>Daniel WesemannMalware Domains 2234.in, 0000002.in & co
2010-12-29/a>Daniel WesemannBeware of strange web sites bearing gifts ...
2010-10-26/a>Pedro BuenoCyber Security Awareness Month - Day 26 - Sharing Office Files
2010-09-09/a>Marcus Sachs'Here You Have' Email
2010-07-21/a>Adrien de Beaupreautorun.inf and .lnk Malware (NOT 'Vulnerability in Windows Shell Could Allow Remote Code Execution' 2286198)
2010-07-21/a>Adrien de BeaupreDell PowerEdge R410 replacement motherboard firmware contains malware
2010-07-06/a>Rob VandenBrinkBogus Support Organizations use Live Operators to Install Malware
2010-07-04/a>Manuel Humberto Santander PelaezMalware inside PDF Files
2010-06-17/a>Deborah HaleFYI - Another bogus site
2010-06-14/a>Manuel Humberto Santander PelaezRogue facebook application acting like a worm
2010-06-07/a>Manuel Humberto Santander PelaezSoftware Restriction Policy to keep malware away
2010-06-02/a>Rob VandenBrinkNew Mac malware - OSX/Onionspy
2010-05-26/a>Bojan ZdrnjaMalware modularization and AV detection evasion
2010-05-23/a>Manuel Humberto Santander Pelaeze-mail scam announcing Fidel Castro's funeral ... and nasty malware to your computer.
2010-05-21/a>Rick WannerIBM distributes malware at AusCERT!
2010-04-30/a>Kevin ListonThe Importance of Small Files
2010-04-19/a>Daniel WesemannLinked into scams?
2010-04-18/a>Guy BruneauSome NetSol hosted sites breached
2010-04-13/a>Johannes UllrichMore Legal Threat Malware E-Mail
2010-03-30/a>Pedro BuenoSharing the Tools
2010-03-26/a>Daniel WesemannGetting the EXE out of the RTF again
2010-03-09/a>Marcus SachsEnergizer Malware
2010-03-04/a>Daniel Wesemannsalefale-dot-com is bad
2010-03-03/a>Johannes UllrichReports about large number of fake Amazon order confirmations
2010-02-21/a>Patrick Nolan Looking for "more useful" malware information? Help develop the format.
2010-01-14/a>Bojan ZdrnjaPDF Babushka
2010-01-07/a>Daniel WesemannStatic analysis of malicious PDFs
2010-01-07/a>Daniel WesemannStatic analysis of malicous PDFs (Part #2)
2009-12-17/a>Daniel Wesemannoverlay.xul is back
2009-12-17/a>Daniel WesemannIn caches, danger lurks
2009-12-16/a>Rob VandenBrinkBeware the Attack of the Christmas Greeting Cards !
2009-12-07/a>Rick WannerCheat Sheet: Analyzing Malicious Documents
2009-12-04/a>Daniel WesemannMax Power's Malware Paradise
2009-12-02/a>Rob VandenBrinkSPAM and Malware taking advantage of H1N1 concerns
2009-11-25/a>Jim ClausingUpdates to my GREM Gold scripts and a new script
2009-09-25/a>Deborah HaleConficker Continues to Impact Networks
2009-09-25/a>Deborah HaleMalware delivered over Google and Yahoo Ad's?
2009-09-25/a>Lenny ZeltserCategories of Common Malware Traits
2009-09-04/a>Adrien de BeaupreFake anti-virus
2009-08-29/a>Guy BruneauImmunet Protect - Cloud and Community Malware Protection
2009-08-26/a>Johannes UllrichMalicious CD ROMs mailed to banks
2009-07-26/a>Jim ClausingNew Volatility plugins
2009-07-03/a>Adrien de BeaupreHappy 4th of July!
2009-07-02/a>Daniel WesemannGetting the EXE out of the RTF
2009-07-02/a>Bojan ZdrnjaCold Fusion web sites getting compromised
2009-06-16/a>John BambenekIran Internet Blackout: Using Twitter for Operational Intelligence
2009-06-16/a>John BambenekURL Shortening Service Cligs Hacked
2009-06-04/a>Raul SilesMalware targetting banks ATM's
2009-06-04/a>Raul SilesTargeted e-mail attacks asking to verify wire transfer details
2009-06-01/a>G. N. WhiteYet another "Digital Certificate" malware campaign
2009-05-20/a>Pedro BuenoCyber Warfare and Kylin thoughts
2009-05-07/a>Deborah HaleMalicious Content on the Web
2009-05-04/a>Tom ListonFacebook phishing malware
2009-04-24/a>Pedro BuenoDid you check your conference goodies?
2009-03-13/a>Bojan ZdrnjaWhen web application security, Microsoft and the AV vendors all fail
2009-02-23/a>Daniel WesemannTurf War
2009-02-23/a>Daniel WesemannAnd the Oscar goes to...
2009-02-10/a>Bojan ZdrnjaMore tricks from Conficker and VM detection
2009-02-09/a>Bojan ZdrnjaSome tricks from Conficker's bag
2009-02-04/a>Daniel WesemannTitan Shields up!
2009-01-31/a>John BambenekGoogle Search Engine's Malware Detection Broken
2009-01-24/a>Pedro BuenoIdentifying and Removing the iWork09 Trojan
2009-01-18/a>Daniel Wesemann3322. org
2009-01-15/a>Bojan ZdrnjaConficker's autorun and social engineering
2009-01-12/a>William SaluskyDownadup / Conficker - MS08-067 exploit and Windows domain account lockout
2009-01-07/a>Bojan ZdrnjaAn Israeli patriot program or a trojan
2009-01-02/a>Rick WannerTools on my Christmas list.
2008-12-25/a>Maarten Van HorenbeeckMerry Christmas, and beware of digital hitchhikers!
2008-12-25/a>Maarten Van HorenbeeckChristmas Ecard Malware
2008-12-17/a>donald smithTeam CYMRU's Malware Hash Registry
2008-12-05/a>Daniel WesemannBeen updatin' your Flash player lately?
2008-12-05/a>Daniel WesemannBaby, baby!
2008-12-04/a>Bojan ZdrnjaRogue DHCP servers
2008-11-17/a>Jim ClausingFinding stealth injected DLLs
2008-11-16/a>Maarten Van HorenbeeckDetection of Trojan control channels
2008-11-12/a>John BambenekThoughts on Security Intelligence (McColo Corp alleged spam/malware host knocked offline)
2008-11-11/a>Swa FrantzenAcrobat continued activity in the wild
2008-11-10/a>Stephen HallAdobe Reader Vulnerability - part 2
2008-10-07/a>Kyle HaugsnessGood reading and a malware challenge
2008-09-29/a>Daniel WesemannASPROX mutant
2008-09-22/a>Maarten Van HorenbeeckData exfiltration and the use of anonymity providers
2008-09-18/a>Bojan ZdrnjaMonitoring HTTP User-Agent fields
2008-09-07/a>Lorna HutchesonMalware Analysis: Tools are only so good
2008-09-03/a>Daniel WesemannStatic analysis of Shellcode
2008-09-03/a>Daniel WesemannStatic analysis of Shellcode - Part 2
2008-09-01/a>John BambenekThe Number of Machines Controlled by Botnets Has Jumped 4x in Last 3 Months
2008-08-13/a>Adrien de BeaupreCNN switched to MSNBC
2008-08-05/a>Daniel WesemannThe news update you never asked for
2008-07-20/a>Kevin ListonMalware Intelligence: Making it Actionable
2008-07-15/a>Maarten Van HorenbeeckExtracting scripts and data from suspect PDF files
2008-07-14/a>Daniel WesemannObfuscated JavaScript Redux
2008-07-07/a>Pedro BuenoBad url classification
2008-06-18/a>Marcus SachsOlympics Part II
2008-06-14/a>Lorna HutchesonMalware Detection - Take the Blinders Off
2008-06-10/a>Swa FrantzenRansomware keybreaking
2008-06-01/a>Mark HofmanFree Yahoo email account! Sign me up, Ok well maybe not.
2008-05-28/a>Adrien de BeaupreAnother example of malicious SWF
2008-05-27/a>Adrien de BeaupreMalicious swf files?
2008-05-26/a>Marcus SachsPredictable Response
2008-05-14/a>Bojan ZdrnjaWar of the worlds?
2008-05-02/a>Adrien de BeaupreHi, remember me?...
2008-04-30/a>Bojan Zdrnja(Minor) evolution in Mac DNS changer malware
2008-04-24/a>Maarten Van HorenbeeckTargeted attacks using malicious PDF files
2008-04-16/a>Bojan ZdrnjaThe 10.000 web sites infection mystery solved
2008-04-15/a>Johannes UllrichSRI Malware Threat Center
2008-04-14/a>John BambenekA Federal Subpoena or Just Some More Spam & Malware?
2008-04-07/a>John BambenekHP USB Keys Shipped with Malware for your Proliant Server
2008-04-07/a>John BambenekGot Kraken?
2008-04-07/a>John BambenekKraken Technical Details: UPDATED x3
2008-04-06/a>Daniel WesemannAdvanced obfuscated JavaScript analysis
2008-04-04/a>Daniel Wesemannnmidahena
2008-04-03/a>Bojan ZdrnjaVB detection: is it so difficult?
2008-04-02/a>Adrien de BeaupreWhen is a DMG file not a DMG file
2008-03-27/a>Maarten Van HorenbeeckGuarding the guardians: a story of PGP key ring theft
2006-08-31/a>Swa FrantzenNT botnet submitted
2000-01-02/a>Deborah Hale2010 A Look Back - 2011 A Look Ahead

VISH

2012-11-08/a>Daniel WesemannGet a 40% discount on your hotel room!
2010-07-06/a>Rob VandenBrinkBogus Support Organizations use Live Operators to Install Malware
2008-10-20/a>Johannes UllrichFraudulent ATM Reactivation Phone Calls.