There are a couple of new blogs by the RSA FirstWatch research team over on the "big blog" at RSA Speaking of Security.
The first blog is is called "Don't Fear The Hangover - Network Detection of Hangover Malware Samples" and is a follow-up from the Norman and Shadowserver paper that revealed a large ongoing campaign, running as far back as September 2010, reportedly run out of India.
You can read the excellent report by Norman here: THE HANGOVER REPORT | Norman Blog
The second blog is called "Manidant Malware? Not exactly" which outlines a common attack methodology crossing over into APT territory by disguising themselves as a Mandiant binary.
Both go into some detail about how the attacks were detected and investigated using RSA Security Analytics.
Let us know your thoughts.