Threat Labs


Blog about threats, malware and unicorns

Tracking FastFlux Networks

During an investigation, two weeks ago, we discovered a malware sample that used a new malicious domain: auth-update.ru. The domain pointed to multiple suspicious, rotating IP's. We are still tracking this large fastflux network and keep finding more domains associated with it. Some of these domains include: Read More

Extracting Malware from Malicious Word Document

We received today an obvious phishing email with a Word document attachment. It contained a new malware XML dropper we have been seeing recently. A quick search on Google returned an analysis by techhelplist.com. However, they did not show how to decode the payload. Below is a short video... Read More