malware

4 December 2017 at 2:32pm

An Emotet malware incident write up

Julian Fort
malware
incident response
#security
Janet network CSIRT recently provided guidance to a Janet-connected organisation that experienced a malware infection. The site performed a full analysis of the incident and wrote a post mortem of the event and the lessons learned from it. The report was created initially for internal use, but they have kindly allowed us to publish a redacted version, in case it is useful for other institutions: 1 Summary
Read more
13 June 2014 at 4:07pm

Update on NCA Action on GameOver Zeus and Cryptolocker

James Davis
Zeus
cryptolocker
malware
infosec
nca
The period of protection offered by the joint action between the NCA and FBI ends at 00:00BST on Tuesday 17 June. We recommend that you take full advantage of the remaining time and clean up any infected hosts.
Read more
2 June 2014 at 4:39pm

NCA action on GameOver Zeus and Cryptolocker

James Davis
malware
nca
DNS
infosec
cyber
As you may now be aware, the FBI and NCA are coordinating 'global day of action' against the Zeus-P2p and Cryptolocker families of malware. Law enforcement and industry partners will be collaborating to interrupt infrastructure vital to the malware's operation and to raise public awareness of these threats.
Read more
19 February 2014 at 9:35am

Conficker monitoring

James Davis
conficker
malware
NetFlow
infosec
We've disabled our monitoring of netflow feeds for W32/Conficker/Downadup infections. Given the decreasing number of vulnerable systems, the wide awareness of this issue and the low threat posed by the malware we've decided it was no longer worth the effort and resources to maintain a system that was generating a handful of alerts each day. Our reports of infections will continue, but they'll only be sourced from data sent to us by third parties such as Shadowserver.
Read more
14 February 2014 at 8:50am

Swiss law on malware-infected domains

Andrew Cormack
Botnets
Domain Names
malware
The recent TF-CSIRT meeting in Zurich included a talk by the Swiss telecoms regulator (like ours, called Ofcom, though their 'F' stands for Federal!) on the law covering websites in the .ch domain that distribute malware, normally as the result of a compromise.
Read more
11 July 2013 at 9:51am

Revised direct.uk proposal from Nominet

Andrew Cormack
Domain Names
Nominet
malware
Yesterday I attended a round-table for Nominet’s revised proposal for allowing registrations directly under the .uk domain.
Read more
11 June 2013 at 10:00am

Citadel/Zeus sinkholes

James Davis
infosec
malware
Zeus
citadel
Microsoft's recent take down of domains related to Citadel (a varient of Zeus) botnets has unfortunatly also taken down a number of sinkhole domains that were being used by researchers to monitor and report on Citadel infections. As a result of this our reporting of Citadel and Zeus infections may see a drop in the coming weeks. Any decrease in the number of infections seen at a particular site may be due to this lack of visibility.
Read more
29 April 2013 at 11:45am

Nominet direct.uk consultation response

Andrew Cormack
Nominet
malware
Domain Names
Thanks to all those who have provided feedback on Nominet’s direct.uk proposal to allow the creation of domains directly under .uk subject to certain conditions.
Read more
13 November 2012 at 4:43pm

Legal issues in dealing with Botnets

Andrew Cormack
Botnets
Data Protection Regulation
CSIRT
ePrivacy Directive
incident response
malware
An interesting paper from ENISA and the NATO Cyberdefence Centre illustrates the narrow space that the law allows for incident response, and the importance of ensuring that new laws don’t prevent incident response teams from protecting networks, systems, their users and information against attack.
Read more
Subscribe to malware