Month: April 2010

The Battle of the Hyper Giants (Part I)

My blog post last month on the rapid growth of Google generated a bit of discussion around Google and its competitors. In particular, this Wired article (“Google’s Traffic Is Giant”) suggests Google’s infrastructure should “frighten the world’s current ISPs” and content distributors (i.e. CDNs like […]

Read more

A Brief Look at Facebook Outage

Since we’ve written about Google’s multiple past outages (e.g., the GoogleLapes of May 2009 and the more recent Google Blip), it seems only fair to quickly cover Facebook’s problems last Friday. The below graph shows coarse grain Facebook (ASN 32934) traffic statistics from 60 randomly […]

Read more

LEET 2010 Coming Up

This year I again had the pleasure of serving on the LEET program committee, which let me view some excellent research from people around the world. This year’s submissions were very high quality, and this year’s LEET workshop looks to be a very valuable day […]

Read more

Trojan.Heloag Downloader Analysis

Trojan.Heloag is a Trojan horse designed to manage the installation of other malware on the infected PC. This malcode gives complete control to the attacker and enables them to install arbitrary malcode on the PC. This one appeared in our zoo recently and after reading […]

Read more

Why Hackers Love the Cloud

Network World Podcast – April 7th, 2010 The growth of cloud services has led many enterprises to move data and applications to the cloud, but the hacker community is also moving there. With content consolidation and multi-tenant infrastructures comes more opportunities for hackers to steal […]

Read more

WhiteLotus DDoS Botnet Analysis

Another new DDoS botnet family we found in our malcode zoo recently, which we have dubbed “WhiteLotus”, resembles BlackEnergy v2 but differs enough that we knew it wasn’t BEv2. Looking at Joe Stewart’s excellent BlackEnergy v2 analysis shows how this new version is modular, adds […]

Read more

TT-Bot DDoS Bot Analysis

We recently spotted this family in our malware zoo, another HTTP DDoS bot. This one’s identifying mark is the string “User-Agent: TT-Bot 1.0.0” in the client requests. We do not know if this is a kit, this one appears to be in limited use. We […]

Read more