More industry attention on web-based malware
Yesterday, Google announced that it plans to start providing owners of malware-infected sites with samples of the bad code that its scanners have uncovered. This new functionality is launching as an...
View ArticleClik here to view.
New Q3'09 malware data, and the Dasient Infection Library
Ed. Note: The data in this post is drawn primarily from Dasient's proprietary malware analysis platform, which gathers data on web-based malware attacks from across the web and in the last six months...
View ArticleFor malware attacks, WAFs need to be complemented by WAM
Dmitry Evteev of Positive Technologies recently posted about a method to bypass web application firewalls (like mod-security) to mount SQL injection attacks.While web application firewalls (or WAFs)...
View ArticleStructural vulnerabilities, and the importance of being prepared
Interesting story in the media late last week, with several articles detailing a newly discovered vulnerability created by the origin policies for third-party Flash objects embedded on sites. This...
View ArticleAnother step forward in the fight against malvertising
Last week, Google announced that it will now be taking a zero-tolerance approach to dealing with advertisers that place ads that violate its terms of service, including malicious ads that can infect...
View ArticleDasient WAM monitoring and diagnostic services now OOB
Some of you may have already seen our announcement earlier this morning, but for those of you who haven't: The Dasient Web Anti-Malware (WAM) monitoring and diagnostic services have graduated out of...
View ArticleClik here to view.
Q4'09 web-based malware data and trends
Ed. Note: The data in this post is drawn primarily from Dasient's proprietary malware analysis platform, which gathers data on web-based malware attacks from across the web, and in the last year has...
View ArticleAnatomy of the Bablodos drive-by-download attack
Hackers have come to rely less on distributing malware via emailattachments, and have opted for infecting legitimate websites withdrive-by-downloads as the de facto way of more aggresssivedistribution....
View ArticleClik here to view.
Q1'10 web-based malware data and trends
Each quarter we pull together data for web-based malware attacks from across the web. Our proprietary malware analysis platform allows us to monitor millions of websites and draw results from a wealth...
View ArticleThird-party JavaScript widget discovered to be infected with malware
Potentially thousands of legitimate websites that embed the widget are serving malware to their users.Many websites use third-party JavaScript widgets for counting traffic, tracking users, sharing...
View ArticleMore Zeus via drive-by, now improved with targeted phishing against banks
By Tufan Demir, Neil Daswani, Rajesh G.Date first added to infection library: June 8, 2010Infection library link: http://wam.dasient.com/wam/infection_library/cdc7f46229a8abfcad40538bfe08f1bdThe Zeus...
View ArticleSomething to consider: How much traffic do malware-ridden "parked domains"...
Over the past few days, there have been widespread reports that parked domains hosted by Network Solutions have been serving up malware, probably for several months. We are definitely glad to see that...
View ArticleTechCrunch Reinfected with Malware
If you have visited the TechCrunch Europe site in the past days you will want to make sure you didn’t accidentally download any malware. The latest reports from TechCrunch say that the problem has been...
View ArticleClik here to view.
Continued growth in web-based malware attacks -- over 1M web sites infected...
It’s time again for our quarterly web-based malware update. We’ve pulled the Q2 data from our telemetry systems that monitor millions of web sites daily, producing the data and forensics that allow us...
View ArticleThird party application infects a Quantcast 100 site
Last week we detected an infection on a Quantcast 100 publisher site which was due to a vulnerable, third-party ad server (We have also observed the same attack on 400 different sites since September...
View ArticleClik here to view.
Dasient Q3 Malware Update: Web-Based Malware Infections Double Since Last...
In Q3 Dasient continued to monitor millions of sites on the Internet for web-based malware infections and malvertisements. Based on the data gathered, we estimate that in Q3 over 1.2 million web sites...
View ArticleFast Forward: Dasient's Security Predictions for 2011
As we wrap up 2010 and reflect on some of the major security headlines of the year - Aurora, Zeus, WikiLeaks, Stuxnet - it's hard to look at 2011 without wondering how much worse it will get before it...
View ArticleNASDAQ Exchange website infected with malware
According to various sources, a website operated by Nasdaq was compromised and infected with web based malware. Reports of the attack surfaced last week. The target of this attack are the roughly...
View ArticleNew Funding, New Website, New Research
It's been an exciting week for us. We raised new funding by Google Ventures, launched a new website and Neil and team have published new research on the widgetization of the web.Malware is one of the...
View ArticleNew financial malware hijacks online banking session after user logs out
There are manyreportstoday about a new, sophisticated type of financial malware called “OddJob” that will hijack a user’s session after they have logged out of their online banking account to commit...
View ArticleClik here to view.
The Dasient Q4 Malware Update: Significant Rise in Malvertising Attacks,...
Q4 2010 was a quarter in which we saw continued growth of web malware and malvertising attacks targeting legitimate sites. In this report, we focus on (1) quantitative measurements around web malware...
View ArticleDebunking The Myths Of Mac And Mobile Malware
Writing malware, as with writing any other type of software, involves costs and benefits. Like any software developer, malware authors want to reach as many users as they can, usually by creating a...
View ArticleBlackHat Talk Preview: "Mobile Malware Madness and How to Cap the Mad Hatters"
Last week, we had given previews of some of our findings from an analysis of 10,000 Android apps to a few reporters including Tim Wilson at DarkReading, Rob Westervelt at SearchSecurity, and Sean...
View ArticleClik here to view.
Hashing IMEI numbers does not protect privacy
In an effort to protect the privacy of users, mobile apps sometimes hash the user’s IMEI number prior to sending it to a server. We found that hashing IMEIs does not protect the privacy of users, even...
View ArticleDasient Has Been Acquired by Twitter
The Dasient team is excited to announce that we have been acquired by Twitter! Effective immediately, we will be bringing our technology, tools, and team to the revenue engineering team at...
View Article
