New RSA FirstWatch articles on the RSA Speaking of Security blog site

Discussion created by SeffyGHops Employee on May 21, 2013

There are a couple of new blogs by the RSA FirstWatch research team over on the "big blog" at RSA Speaking of Security.

RSA FirstWatch « Speaking of Security – The RSA Blog and Podcast


The first blog is is called "Don't Fear The Hangover - Network Detection of Hangover Malware Samples" and is a follow-up from the Norman and Shadowserver paper that revealed a large ongoing campaign, running as far back as September 2010, reportedly run out of India.

You can read the excellent report by Norman here: THE HANGOVER REPORT | Norman Blog


The second blog is called "Manidant Malware? Not exactly" which outlines a common attack methodology crossing over into APT territory by disguising themselves as a Mandiant binary.


Both go into some detail about how the attacks were detected and investigated using RSA Security Analytics. 


Let us know your thoughts.