Technical Information Paper: Coreflood Trojan Botnet

Overview

The Coreflood Trojan is designed to leverage the natural structure of a Windows network for account compromise and data theft. This paper helps organizations determine whether their systems have been infected with the Coreflood Trojan, which is classified as vulnerability-independent malware. The paper also provides guidance about how organizations can determine which strategic mitigations to leverage to minimize and prevent Coreflood Trojan infections.

Website Security

Overview

This TIP provides basic guidelines and security safeguard concepts that can be applied to public facing websites to reduce the attack surface area or mitigate the effects of a compromise.

Cyber Threats to Mobile Devices

Overview

Today’s advanced mobile devices are well integrated with the Internet and have far more functionality than mobile phones of the past. They are increasingly used in the same way as personal computers (PCs), potentially making them susceptible to similar threats affecting PCs connected to the Internet. Since mobile devices can contain vast amounts of sensitive and personal information, they are attractive targets that provide unique opportunities for criminals intent on exploiting them.

Practical Identification of SQL Injection Vulnerabilities

Overview

The class of vulnerabilities known as SQL injection continues to present an extremely high risk in the current network threat landscape. In 2011, SQL injection was ranked first on the MITRE Common Weakness Enumeration (CWE)/SANS Top 25 Most Dangerous Software Errors list. Exploitation of these vulnerabilities has been implicated in many recent high-profile intrusions.

DDoS Quick Guide

Overview

The DDoS Quick Guide contains possible attack methods per OSI layer, potential impact and the applicable recommended mitigation strategies and relevant hardware. This report also provides possible DDoS traffic type descriptions.

SQL Injection

Overview

Structured Query Language (SQL) injection is an attack technique that attempts to subvert the relationship between a webpage and its supporting database, typically in order to trick the database into executing malicious code. SQL injection usually involves a combination of overelevated permissions, unsanitized/untyped user input, and/or true software (database) vulnerabilities. Since SQL injection is possible even when no traditional software vulnerabilities exist, mitigation is often much more complicated than simply applying a security patch.

Subscribe to Technical Publications