Category Archives: Resources

16th March 2018 resources updates

Added to the AMD section of the Meltdown/Spectre resource page, which for administrative reasons has now been moved here

Added to the Intel section:

John Leyden waxes satirical at Intel’s expense in The Register: Intel: Our next chips won’t have data leak flaws we told you totally not to worry about – “Meltdown, Spectre-free CPUs coming this year, allegedly”

Added to the Microsoft/Windows section:

Richard Chirgwin for The Register: Microsoft starts buying speculative execution exploits – “Adds bug bounty class for Meltdown and Spectre attacks on Windows and Azure”

David Harley

12th March 2018 resources updates

Specific Ransomware Families and Types

Ransomware Resources

Cryptocurrency/Crypto-mining News and Resources

(1) Paul Ducklin for Sophos: Cryptomining versus cryptojacking – what’s the difference?

(2) Bleeping Computer tells us: Microsoft Stops Malware Campaign That Tried to Infect 400,000 Users in 12 Hours
ZDNet is even more enthusiastic: Windows security: Microsoft fights massive cryptocoin miner malware outbreak – “Microsoft has blocked a malware outbreak that could have earned big bucks for one criminal group.”
Other players in the security industry were more restrained (as per the entry for March 8th below), notably myself, Sean Sullivan and Luis Corrons, quoted in an article by Kevin Townsend: Microsoft Detects Massive Dofoil Attack. Kevin didn’t quote me in full, so here’s (most of) what I said:

I don’t read that article as actually saying that Defender detected that particular campaign and no-one else did/does (which isn’t the case: note that some of the hashes in the figures show a VirusTotal score), or claiming that Microsoft actually disrupted the campaign, or even that it was the first product to detect this particular iteration of Dofoil or the Coinminer it’s delivering. If there’s a suggestion that detection by other products was tested, I missed it.

If it gives the impression that this detection ‘proves’ that all such attacks will be detected by Defender, well, that’s what AV products (often) do, but the phrase ‘hostage to fortune’ springs to mind. But the way I read it, Windows Defender did a good job of detecting this particular campaign, and deserve credit for it. As does any company that offers prompt/proactive detection of a sophisticated campaign, and there are several that do.

Do the Defender team have an unfair advantage? Well, I guess they have direct access to the OS developers, but spotting behavioural anomalies is bread-and-butter lab work, and incorporating such detection into cloud protection and machine learning is standard stuff. And I’m sure most labs value good knowledge of OS processes.

David Harley

8th March 2018 resources updates

Specific Ransomware Families and Types

Ransomware Resources

An article on ransomware I  contributed to ESET’s Trends 2018 report has been republished as a blog article on WeLiveSecurity. Trends 2018: The ransomware revolution

Cryptocurrency/Crypto-mining News and Resources (or Cryptocurrency/Crypto-mining News and Resources)

Microsoft: Behavior monitoring combined with machine learning spoils a massive Dofoil coin mining campaign. Rather self-congratulatory – sounds as if Microsoft stopped a campaign all by itself and Windows Defender is The Answer to crypto-mining and world hunger, but still…

March 7th 2018 resources update

Updates to Cryptocurrency/Crypto-mining News and Resources

Update to Meltdown/Spectre – Related Resources

David Harley

March 5th 2018 resources update

Update to Ransomware Recovery and Prevention

Update to Cryptocurrency/Crypto-mining News and Resources

Update to Specific Ransomware Families and Types

Update to Meltdown/Spectre – Related Resources

David Harley

March 3rd 2018 resources update

Updates to Specific Ransomware Families and Types:

David Harley

March 1st 2018 resources update


Specific Ransomware Families and Types

Meltdown/Spectre – Related Resources

February 28th 2018 resources updates





David Harley

Reporting cybercrime

I haven’t checked the links yet, but Yasin Soliman’s article for Graham Cluley’s site looks really useful. How to report a cybercrime – Who you gonna call? includes a table with contact points in the US appropriate to several categories: I’m guessing that followers of this blog will find the links for ‘Internet fraud and SPAM’ particularly relevant. There are also links to agencies in other parts of the world.

The trouble with compiling such lists of links (which I’ve done many times over the years, in a variety of contexts) is that the links change over time, not only because web pages get changed around, but because agencies (like security companies) are renamed or replaced, or disappear altogether. Right now, though, this looks like an excellent resource.

David Harley