OpenDNS is now part of Cisco Learn More

Grammar and Spelling Errors in Phishing and Malware

Mistakes happen. You’re in a hurry or spell check modifies a word, creating a grammatical error in its place.

But what about all the poorly written phishing emails, off-putting malware names or their misspelled user agents?

Cybercriminals are able to write a program and orchestrate a maze of elaborate fraud schemes, but just can’t seem to get the wording right. If those criminals can put so much effort into creating phishing attempts that appear to be from a legitimate bank, why wouldn’t ...

BSidesNYC 2016 Recap

New York, New York

The inaugural BSidesNYC was held on January 16th at the John Jay College of Criminal Justice in New York City, not far from Times Square. I was one of the lucky ones selected to speak at the event, where I presented “The Ransomware Threat: Tracking the Digital Footprints” to a standing room only crowd. The take away of the talk centers around using DNS and other behavioral traits to detect proxies (read: compromised servers) used in various ...

FloCon 2016 Recap

Last week, OpenDNS Research Labs attended FloCon 2016 where we presented two talks showcasing our latest work in threat research and development.  First, Jeremiah O’Connor and Thibault Reuille presented “The Security Wolf of Wall Street: Fighting Crime with High-Frequency Classification and Natural Language Processing” The talk was received very nicely, and Thibault and Jeremiah enjoyed getting some great technical questions from the audience, which gave us some more fuel to go back and improve our system.

Then Dhia Mahjoub and Thomas ...

New Cuckoo for You

Cuckoo Round Two

In reality, that title is a bit misleading, as what I’m about to tell you isn’t really anything “new.” However, it is new(er) for me. Back in June, I gave a run down of how to set up and use your own dynamic malware analysis system using an open source project called Cuckoo Sandbox. Out of the box, Cuckoo works great on its own; no complaint here. But, out of the box does not always mean everything is ...

SPRank and IP Space Monitoring at BruCON & Hack.lu

In October, the OpenDNS research team was in Europe presenting new threat detection models at two renowned security conferences. First, Security Researcher Thomas Mathew and I (Dhia Mahjoub) presented at BruCON on Oct. 9 about a “Unified DNS View to Track Threats.” Then a couple weeks later I presented on Oct. 22 at Hack.lu about “A Collective View of Current Trends in Criminal Hosting Infrastructures.”

SPRank at BruCON

In the talk “Unified DNS View to Track ...