Daserf – A Backdoor to Espionage

August 24, 2016 | Patrick Bedwell
Patrick Bedwell

Patrick Bedwell

VP, Product Marketing

Patrick has been working in information security for over 17 years, creating and executing marketing strategies for both startups and public companies.

August 24, 2016 | Patrick Bedwell

Daserf – A Backdoor to Espionage

Background Daserf is an example of a backdoor, malware that provides attackers with access to the compromised system. It’s commonly used for data theft, as you can see from the number of AlienVault blog posts that include the term. The Daserf malware has been around for about 10 years, created by a low-profile team that the security response crew…

August 9, 2016 | Patrick Bedwell

OnionDog – An Example of a Regional, Targeted Attack

Background Bad actors are getting more sophisticated with the techniques they employ, including their ability to target specific industries and geographical regions. OnionDog is a good example of an attack that exploits a vulnerability in an application that is both popular in the target region, and is commonly deployed in the organizations the attackers wish to compromise. The Helios team…

Get the latest security news in your inbox.

Subscribe via email


July 15, 2016 | Patrick Bedwell

Keydnap – All Your Keychain Are Belong to Us

Background Malware that attempts to harvest credentials from compromised systems is nothing new. However, the crew at ESET recently announced a new threat targeting Mac OS: Keydnap. Keydnap is noteworthy for two reasons: It establishes a permanent backdoor to a C&C server Its goal is to exfiltrate the Keychain file in Mac OS And, as Dan Goodin of Ars…

June 23, 2016 | Patrick Bedwell

FastPOS, Point of Sale Malware Targeting SMEs

Background Point of Sale (POS) threats are often associated with the retail industry because of the large number of high-profile retailers who have suffered significant losses (2014 became known as the ‘year of the mega breach’). In 2015, high profile losses also hit the hospitality industry, with several large chains disclosing breaches. According to the 2016 Verizon Data Breach Investigations Report,…

June 10, 2016 | Patrick Bedwell

Danti’s APT Inferno

In contrast to the many high-profile data breaches being reported under various state or industry guidelines, cyberespionage of political targets (and the resulting loss of data) rarely gets reported. One example of such an attack is Danti, which is an APT that focuses primarily on government organizations in India. Danti exploits CVE-2015-2545, which was announced and patched by Microsoft…

May 27, 2016 | Patrick Bedwell

How Attackers Use a Flash Exploit to Distribute Crimeware and Other Malware

Background Adobe Flash is multimedia software that runs on more than 1 billion systems worldwide. Its long list of security vulnerabilities and huge market presence make it a ‘target-rich environment’ for attackers to exploit. According to Recorded Future, from January 1, 2015 to September 30, 2015, Adobe Flash Player comprised eight of the top 10 vulnerabilities leveraged by exploit kits. Here is an illustration…

May 19, 2016 | Patrick Bedwell

Infy Malware – Almost 10 years of Espionage; One Family of Malware

Background As we all know, nothing on the internet never goes away. Ever. Exhibit A: Infy malware, identified by our friends at Palo Alto Networks’ threat research center as having been around since 2007 or earlier. PAN’s team has documented 40+ variants of a previously unpublished malware family, which it christened ‘Infy’. Malware, which is a broadly used term for software…

April 28, 2016 | Patrick Bedwell

JIGSAW Ransomware: Deleting Files Instead of Encrypting Them

Background Ransomware, which is malware that holds users’ data for ransom, keeps showing up in the news. In February, Hollywood Presbyterian was locked out of its electronic medical records (patient information is kind of important to running a hospital) until it forked over 40 bitcoins, worth then about $17K. This time, it’s JIGSAW. Our colleagues at Trend Micro have uncovered…

April 20, 2016 | Patrick Bedwell

OSX-Pirrit Adware: Notes from the Underground

Background “Adware” is a portmanteau (one of my favorite words) of ‘advertising’ and ‘software’. It is advertising-supported software that can be both annoying and malicious. Some adware is legitimate, such as when it’s used by developers to generate revenue for free or open source applications or tools. Adware has been around since time began (or so it seems) and…

March 30, 2016 | Patrick Bedwell

Cmstar APT Malware Exploits CVE-2012-0158

Background APTs (Advanced Persistent Threats) are a type of threat that targets a specific group of potential victims. For example, they have been used in cyber-espionage campaigns to target governments, anti-government activists, military organizations, as well as private companies. Their goal is to penetrate a targeted system or network, remain hidden for extended periods, and collect and exfiltrate data. A…

March 17, 2016 | Patrick Bedwell

Exploit Kits for Drive-by Download Attacks

Exploit Kits (EKs) are malicious code embedded in a website. They are commercially available and many are easy to use (even by those cybercriminals with little coding experience). They contain pre-packaged code that seeks to exploit out-of-date browsers, insecure applications, or vulnerable services. They are used in ‘Drive-by Download’ attacks that target the visitors of a website. When a visitor…

February 23, 2016 | Patrick Bedwell

When Infosec Is Life or Death - Ransomware Hits a Hospital

A hospital in Southern California made news last week after being the victim of ransomware for 10 days. Hollywood Presbyterian was only able to regain access to its electronic medical records (EMR) system after paying 40 bitcoins, or roughly $17K. Sophos put the impact of the ransomware on Hollywood Presbyterian bluntly: "This was no joke: ambulances were diverted, electronic medical records disappeared,…