OpenDNS is now part of Cisco Learn More

Vinny’s Python and the Only Fail

Python. All the cool kids are doing it. It’s almost a buzzword at this point, but it’s actually not a buzzword, it’s a just coding language, dummy. And it’s great too, I love it. I mean syntax errors, amirite? I love ’em. There’s nothing like a little unsolicited, constructive criticism from my stubborn computer after continued troubleshooting of my feeble, beginners Python code. Just warms my afternoon right up like a cup of hot chocolate.

Sarcasm aside, I ...

TeslaCrypt Revisited

Finding yourself victim to Ransomware is a lot like having the power go out on you while typing an extremely important document — the resulting (foul) language is the same, and the odds of getting the files back on your own are equally dismal. Ending April on a good note, our friends at the Talos Security Intelligence and Research Group released a tool alongside their blog post on TeslaCrypt, one of the most recent variants of ransomware. TeslaCrypt presents itself with a love letter ...

Log Analysis with OpenDNS

Logs…They try to tell you what’s going on in a system, but it takes a special kind of patience to read through hundreds of thousands of lines of machine generated text full of arcane errors and differing timestamps.

As a security analyst, part of my job involves looking at DNS logs for potential customers and showing what they might have on their network as well as what OpenDNS would have blocked. In these reviews, we don’t have access to the systems or ...

XCodeGhost ‘Materializes’ on App Store

According to several sources, Apple’s App Store, known for being a strictly regulated closed ecosystem, has been infiltrated with malware that our friends over at Palo Alto Networks‘ Unit 42 are calling XcodeGhost. Unit 42 initially discovered that the malware had infected 39 iOS apps (a number that keeps climbing and is north of 50 apps at time of publishing) potentially impacting hundreds of millions of users by embedding malicious code into specific iOS apps.

Claud Xiao, author of the technical blog post, states that the XcodeGhost code ...

Phishing, Spiking, and Bad Hosting

At OpenDNS Labs we have developed a number of predictive models to hunt down evil on the Internet. We have discussed in previous blogs and conferences our algorithms NLPRank [1][2][3], Spike detector [4][5][6], and malicious IP space/rogue host detectors [7][8](section 14)[9][10][11][12][13][14][15].

In this blog we will discuss how we integrate all of these detection models to improve detection coverage of current threats and walk through a few interesting examples.

Phishing and Spikes

One of the recent samples we have found was a Facebook phishing campaign that was surfaced by our real-time alert system. Our ...