Entries filed under 'FireEye'

Threat Research Blog

The FireEye Labs team posts blog entries under threat research to present and discuss cyber attacks and threat intelligence from a technical perspective. They cover the full spectrum of exploits and vulnerabilities, including advanced malware and targeted threats.


    More Flame/sKyWIper CNC Behavior Uncovered

    By Ali Islam
    When news of the Flame/SkyWiper malware hit the headlines last month, the world went into a frenzy. Flame was immediately hailed as the world’s most sophisticated malware. While security researchers will surely be talking about Flame for years to come, FireEye has since made another discovery regarding Flame’s command and control (CNC) behavior: it appears that the Flamer/sKyWIper malware’s callback has recently changed.Specifically, we have evidence that the malware is likely proxy-aware Read more...


    Silent Rustock

    By Atif Mushtaq
    There has been a significant observed drop in worldwide SPAM levels during the last month or so.  M86 thinks it's due to Rustock, the world's largest spam botnet, suddenly stopped sending spam for unknown reasons.   McAfee has expressed a different point of view. According to them, the steep drop in spam levels is due to recent attempts to shutdown Pushdo.D, another famous spam botnet.  It's clear that spam levels are dropping, so Read more...


    Srizbi and Rustock: Family Feud or Sibling Rivalry? Part II

    By Atif Mushtaq
    FireEye recently dove into the world of spam email Botnets to further strengthen our belief that Botnets like Srizbi, Pushdo, and Rustock, although having completely different C&C architectures, are operated by same group.This go around, we looked at the servers that control these Botnets and spam created from live Bots in our lab. As part of this investigation, we analyzed multiple malware samples of these Botnets in our both virtual and real Read more...


    Rootkits - making malware more powerful - part 2

    By FireEye | Advanced Malware

    The second part of this series will examine the mechanisms that rootkits use in order to provide stealth, data collection, and protection for BOTs and other malware. Since this is a lengthy topic, this part will start with user-land techniques and then part 3 will discuss kernel techniques.

    Read more...


    Rootkits - making malware more powerful - part 1

    By FireEye

    This series of blog entries will examine the topic of rootkits , what they are, and how they work. Rootkits are a utility component to bots and other malware that provides stealth and protection for the malware. They are also the reason that makes malware very difficult to remove and sometimes detect. Therefore they are an important topic to explore as they apply to BOTs as well as other types of malware. This first part will examine what they are, why they exist and why they are a concern.

    Read more...