SSDP Distributed Reflection Denial of Service (DrDoS) Attacks may be biggest threat – Traffic Sample & Snort Rule

  SSDP Distributed Reflection Denial of Service attacks are on the rise and may be the biggest threat right now. SSDP attacks do not have the biggest amplification number but they may have the most vulnerable systems to abuse in a reflection attack. Open source reports indicate that there are over 5 million vulnerable systems … Read more

Malware PCAP Traffic Analysis – Can you name the different types of malware?

Be careful, it might not all be malware, adware, PUPs and innocuous traffic is in play. Download PCAP : netstream VM executables used will be included in the next post. 2016-08-25 20:40:37.831293 IP > Flags [P.], seq 0:267, ack 1, win 256, length 267: HTTP: GET /cgi-bin/get_protect.cgi?checking=true&version=gmsd_us_233&forceGEO=US HTTP/1.1 E..3?…..~^…f%….@.P.._.p?..P…^…GET /cgi-bin/get_protect.cgi?checking=true&version=gmsd_us_233&forceGEO=US HTTP/1.1 Content-Type: application/x-www-form-urlencoded … Read more

Traffic Sample PCAP of FakeAV Malware and Kazy Trojan Downloader

Two key indicators: FakeAV POST – POST /hrrgkkwhjdwwwww/order.php?pid=390 (attempting to setup a payment for the FakeAV with the pid linking to the current session) Trojan Downloader function – GET /week.exe HTTP/1.1     2015-08-27 11:39:35.045855 ARP, Request who-has tell, length 28 …….. .’*….8 ……..8. 2015-08-27 11:39:35.046218 ARP, Reply is-at 0a:00:27:00:00:00, length 46 …….. .’…..8. … Read more