The most recent content from our members.
We are getting a couple of alerts from servers that are creating a ps1 script in a temp directory under the appdata folder of the solarwinds service account used to manage the servers. The file is flagged by malware/XDR server as a double extension. The alert shows an odd / randomly named file xxdwewe.doc.ps1. When we look…
This morning I had the opportunity to participate in a podcast with my buddies and the co-hosts of Cisco's TechWiseTV Jimmy Ray Pursor and Robb Boyd. The subject was the Conficker threat and I must say that I learned a few things as Jimmy Ray really knows his bots. We also talked about the best ways to avoid bots, the…
Hi, I am looking for some advice regarding the malware detecting capabilities of SEM. I am trying to test out how well it can detect some different malicious programs that may makes their way onto end devices such as Trojans, RATs or Worms. I have an environment set up locally with multiple Windows 10 end devices and a…
I hope everyone had a Happy Easter this past weekend. We celebrated in the usual way, with the burning of the Christmas tree and eating our weight in ham. As always, here are some links from the Intertubz that I hope will hold your interest. Enjoy! Mueller report forced Congress to find PCs with disc drives The Mueller…
Home from Las Vegas and AWS re:Invent for 60 hours, then I’m back on the road. In Orlando this week for SQL Live, where I have four sessions to deliver. I’ll also be working the SolarWinds booth. If you are attending SQL Live, let’s connect and talk data. As always, here are some links from the Intertubz that I hope will…
Malware prevention is a very hot topic due to the recent ransomware attacks that have completely crippled several companies and organizations. For most smaller companies, being able to hire a full-time security engineer is a pipe dream at best, and even larger companies just don't see the need to spend money on a dedicated…
I've been seeing malware CNC alerts in my IPS for traffic that's coming from a domain controller. I did a packet capture on the DC and found the actual origin of the DNS lookups is the LEM server. Through research, I've determined that LEM attempts to resolve DNS it sees in the logs. However, when I try to search in LEM…
Malware is an issue that has been around since shortly after the start of computing and isn't something that is going to go away anytime soon. Over the years, the motivations, sophistication, and appearance have changed, but the core tenants remain the same. The most recent iteration of malware is called ransomware.…
We have been watching the spread of ransomware and this malware's success with increasing concern. Hospitals appear to be of particular interest this year. And who hasn't had a friend or colleague call in a panic this year already. As many of you know, most ransomware gets onto the system through a phishing attack, so…
It was recently found by CERT that there’s a new type of DDOS botnet that is infecting both Windows and Linux platforms. This is a highly sophisticated cross-platform malware which impacts computers by causing DNS amplification. WHAT IS DNS AMPLIFICATION? A DNS Amplification Attack is a Distributed Denial of Service (DDOS)…
It looks like you're new here. Sign in or register to get started.