Browse communities
Presenting a webinar?
Share this content

Taking Down the World's Largest Botnets: An Inside Look at Grum

Atif Mushtaq, Sr. Staff Scientist, FireEye
Botnets are controlled by sophisticated cybercriminals. Grum, the world's third-largest botnet, included a network of hundreds of thousands of infected computers perpetrating cybercrime and online fraud, impacting consumers and organizations worldwide.

Hear directly from a FireEye malware expert who led the effort to take down Grum, including:

• Distinct strategies for botnet takedowns
• Evolution of Grum
• Role of the research community in finding Grum master CnC servers
• A blow-by-blow account of how the criminals tried to salvage Grum and what's next

Learn how botnets operate and how research and technology from FireEye played a key role in dismantling four of the world's largest botnets since 2008, including Grum, Rustock, Ozdok/Mega-D, and Srizbi.
Aug 14 2012
49 mins
Taking Down the World's Largest Botnets: An Inside Look at Grum
botnet apt cybercrime threat attack fraud
More from this community:

IT Governance, Risk and Compliance

Webinars and videos

  • Live and recorded (2076)
  • Upcoming (80)
  • Date
  • Rating
  • Views
  • Channel
  • Channel profile

FireEye Next-Generation Threat Protection

Up Down
  • How Does a Modern Malware Attack Defeat a Layered Security Design? Recorded: Jun 12 2013 48 mins
    In this webinar,Jason Steer will present a deeper dive into some very recent malware attacks and what can we learn from them to increase our security posture.
  • Closing the Loop: Automating Security Response Recorded: Jun 7 2013 44 mins
    Anthony Di Bello, Strategic Partnerships Manager with Guidance Software will discuss the benefits and technical implementation of an automated incident response workflow leveraging EnCase and FireEye technology. You will see how the two technologies work together to deliver an industry-first approach to detect, respond to and remediate today’s cyber-attacks. The integrated solution is designed to:

    · Dramatically reduces time-to-discovery and time-to-response
    · Enables security analysts to clearly prioritize their response based on threat severity
    · Delivers the next evolutionary step of the security stack with data-driven, automated actions
    · Reduces the risks and high costs associated with cyber-attacks through an end-to-end approach from detection to recovery
  • BYOD - A Layered Approach to Mitigate Security Incidents Recorded: Jun 7 2013 49 mins
    BYOD is the most radical shift in client computing for business since the rise of PCs. Allowing personally owned devices in corporate environments poses many security challenges. A user can very easily bring a compromised mobile device into the office causing a security incident. During this session Presidio will cover some of the current BYOD threats and trends as well as discuss strategies for building a layered security architecture to help detect and prevent security incidents and allow organizations to securely support BYOD adoption.
  • Investigating and Remediating Security Incidents: How Prepared Are You? Recorded: Jun 7 2013 38 mins
    Do you suspect you have a security incident? Time is of the essence. Your initial approach can determine how much damage the cyber security incident does—or does not do—to your organization.

    What if you could reduce the time it takes to investigate and remediate a security incident from days to minutes? Join us for this webcast to learn how you can improve your incident response by:

    •Locating every instance of a suspicious file across your endpoints and servers
    •Knowing if the malware executed, when, and what it did
    •Stopping an attack and preventing it from happening again
    •Analyzing files that arrive on your endpoints and servers to quickly determine their risk
  • Digital Forensics and Incident Response – Why You Need Them Both Recorded: Jun 7 2013 45 mins
    Nobody wants to fall sick, and yet we all do. By the same token, nobody expects their systems to be breached, and yet it happens. When that happens, companies need a blend of Digital Forensics and Incident Response expertise to deal with the incident. However, the distinction between these two related but different services and their roles in responding to a breach are often not clear to the victims of the breach. In this session, Vivek Chudgar, Director of FireEye Labs (APAC), will explain the key differences between Digital Forensics and Incident Response and demystify the role each service plays in effectively responding to a breach.
  • Incident Response 2.0 - Triage, Containment, & Remediation for Evolving Threats Recorded: Jun 6 2013 46 mins
    Colby Clark will present a rapid incident response methodology used by the FishNet Security Incident Management team utilizing a combination of best-of-breed solutions to rapidly facilitate all phases of an IR investigation of evolving threats. The methodology begins with identification from network indicators with NetWitness, triage and containment using FireEye and FireAmp, and in-depth forensic investigations on system artifacts (memory, volatile data, and file system) using EnCase Enterprise.
  • Targeted Attacks 101 - Eight Incident Response Steps Recorded: Jun 6 2013 45 mins
    Is your business safe from malware and targeted attacks? Sophisticated attacks now leverage social engineering techniques and malware to compromise those individuals already on the inside of your enterprise, and then target your data. This session covers the basics of how this continues to happen, despite more money than ever being spent on perimeter and endpoint defenses. We’ll present an eight step incident response model to help prevent, detect and respond to these attacks.
  • Incident Response Panel - Reimagining the Modern Enterprise Security Paradigm Recorded: Jun 6 2013 59 mins
    Today's accepted wisdom is that there are only two types of organizations, those that have been breached and know it and those that have been breached and don't. With this new vision comes the realization that building perimeter defenses is no longer enough, but that remediation, situational awareness and fast response time are what separate well secured organizations from the rest.

    Join this panel as they discuss the transition to an incident response world and the important operational and philosophical battles that will define it - from the federal and commercial perspectives to using forensics for risk analysis and IT investment and the attribution debate.

    Panel:

    Tom Field, Vice President, Editorial, Information Security Media Group (moderator)
    Bill Hau, VP of FireEye Labs,
    Pete Allor, Steering Committee member of FIRST
    Vernon Habersetzer, IR Team Lead, Walmart
  • Building Your Incident Response Team: Luck is Not a Strategy Recorded: Jun 6 2013 43 mins
    A sound incident response strategy requires planning, diligence and practice. Without it, organizations rely on a strategy of luck to prepare and react to security threats and breaches. In this webinar, learn the current threats, sound solutions for dealing with those threats and appropriate frameworks for a comprehensive incident response plan.
  • Lifecycle of a Breach – 6 Steps Toward Better Security Recorded: Jun 6 2013 64 mins
    This webinar will review the methodology lifecycle of a breach at an organization and highlight best-practices and efficiencies that can help your organization learn from breaches and continually strengthen your security posture.
  • Threat Indicators: Telltale Signs You’ve Been Owned Recorded: Jun 5 2013 49 mins
    Based on recent high-profile reports of attackers compromising victims long before the breach is discovered, many security professionals want to know: “Are we already compromised?”

    Ben Feinstein, Director of our Counter Threat Unit’s operations and development teams, will discuss threat indicators and the subtle traces of an attacker’s tradecraft and presence in your environment. Ben will share findings from helping organizations defend against targeted attacks, focusing on tactics, techniques and procedures exhibited by organized cybercriminals and APT. He will also discuss using threat indicators to learn about the adversary and show how vital this intelligence is to successful incident response.

    Key Topics:

    · Understanding threat indicators that suggest your organization may already be compromised

    · Inspecting networks and hosts for signs of compromise

    · Strategies for response when attacker presence is found
  • Detecting File Execution: What Runs but Never Walks Recorded: Jun 5 2013 54 mins
    In this webinar, I will begin with a brief discussion of the different types of attackers, and show how all threat actors are not equal. Then, I will discuss four main ways attackers execute code in a Windows environment. Reviewing real cases of recent attacks, I will show how to detect file execution using static, dynamic, and advanced analysis techniques. I will show how to use artifacts such as the Windows registry, logs, prefetch files, and network data to determine whether an attacker executed files. Finally, there will be a discussion of tools used for forensic analysis, including free tools such as the ShimCacheParser and MANDIANT Redline.
  • Full Security Visibility For Effective Incident Response Recorded: Jun 5 2013 49 mins
    Despite significant time and effort deploying multiple security solutions, incident responders know more than anyone that existing signature-based, “set it and forget it” security technologies have not stopped the advanced persistent threat. Signature- and rule-based technologies are easily evaded with today’s advanced targeted attacks, morphing malware and zero-day threats. Tools like FireEye’s Malware Analysis System are effective in dealing with zero-day malware, but being able to detect this threat does not mean complete resolution.

    In addition, sophisticated attackers employ social engineering or take advantage of misconfigurations in security technologies to breach networks – without using any malware at all. Incident responders need full visibility of everything that is going through the network to understand the nature of how a threat originated, see what attackers actually did to take control over the network, and to answer the questions of what they did after they compromised systems. This session will provide an overview of Big Data Security Intelligence and Analytics and how full security visibility can answer the toughest post-breach questions so you can quickly determine the full source, scope and material impact of an incident.
  • 5 Critical Steps for Incident Response Success Recorded: Jun 5 2013 46 mins
    The ability to respond swiftly and effectively to an incident will have significant influence on the impact of a breach. Learn what critical steps should be implemented to reduce the risks of advanced threats as the security landscape continues to evolve beyond traditional controls.
  • Closing IT Security Gaps for Effective Defense against Today’s Cyber Attacks Recorded: May 2 2013 58 mins
    Attackers have defenders on their heels and it’s because they are effectively exploiting security gaps – and this isn’t only limited to advanced attacks. Even when common threat techniques are used, traditional defenses still miss too much – as demonstrated by the continued success of industrialized attacks.

    Intelligence needs to inform response. We need a new threat protection platform that provides the insight to stop today’s threats in an integrated manner across the enterprise. Matching insight with action requires coordination and integration of the security infrastructure to address the attack lifecycle. However, in recent EMA research, “poor integration” stands out as one of the greatest frustrations with today’s market of security technologies.

    Join Scott Crawford, EMA Managing Research Director, and Phil Lin, FireEye Director of Product Marketing, to learn how your organization can achieve:

    - Better security intelligence: More insight can be useful but to deliver true value, it must enable effective action. Where is intelligence making a difference?

    - Better security response: Intelligence-driven response will become the hallmark of tomorrow’s security technologies. How is this trend emerging today?

    - Better integration of defense: How will successful, integrated measures overcome the silos of legacy defenses that have kept attackers in business for far too long?
  • Advanced Malware Communications: What Every Security Professional Should Know Recorded: Apr 17 2013 48 mins
    During the course of 2012, FireEye monitored hundreds of thousands of infected enterprise hosts, intercepting millions of callbacks. By capturing details of both advanced and more generic malware attacks and monitoring callback activity, a great deal can be learned about an attacker’s intentions, interests and geographic location. This talk will detail:
    - How does malware typically operate?
    - Why do traditional defenses fail to stop advanced attacks?
    - Which verticals and countries are prime targets?
    - What are typical attacker tools, such as RATs, used in malware attacks?
    - What strategies do leading enterprises use to mitigate the threat of malware?
  • The Advanced Threat Landscape: A Look Ahead Recorded: Mar 13 2013 45 mins
    In this webinar, Jason Steer will go through the new breed of cyber attacks, such as advanced malware and Advanced Persistent Threats (APTs). He will look at how these threats manage to easily bypass traditional security defences such as firewalls, IPS, AV and gateways, and what today’s enterprise organisations can do to stop them.
  • Product Demo: FireEye Malware Protection System Recorded: Dec 13 2012 45 mins
    Today’s cybercriminals and threat actors continue to innovate and utilize sophisticated malware exploits to bypass traditional security defenses, infiltrate networks, and steal sensitive data. In fact, over 95 percent of companies are already compromised due to advanced targeted attacks, and most don’t even know it. FireEye delivers a complete security platform that provides integrated, multi-vector protection utilizing stateful attack analysis to stop all stages of an advanced attack. The FireEye Malware Protection System features the Virtual Execution (VX) engine that provides state-of-the-art, signature-less analysis using patented, proprietary virtual machines, and provides a 360-degree, stage-by-stage analysis of an advanced attack, from exploitation to data exfiltration. In this session we will demonstrate FireEye’s game-changing technology and threat intelligence to help you prevent advanced attacks from penetrating your defenses, as well as spreading into file shares and establishing long-term footholds in your network.
  • Spear Phishing: How to Avoid Becoming a Hacker's Trophy Phish Recorded: Dec 12 2012 48 mins
    Spear phishing continues to be highly effective and quickly becoming the "new normal". This talk will review recent IT security reports that show how and why spear phishing attacks are so successful as well as tips to secure against next-generation spear phishing threats.

    Threat actors use spear phishing to exploit your network and trigger an attack which can lead to catastrophic financial, operations, and reputation risks. Discover how to keep your network secure — by learning more about today's spear phishing attacks and how you can close the security gap that sophisticated attackers are exploiting. This session will discuss real-time techniques to analyze and quarantine spear phishing attacks with great accuracy.

    Key topics include:

    - The growing popularity of spear phishing tactics
    - How advanced cyber attacks are triggered and staged
    - A real-world example of spear phishing that lead to an advanced cyber attack
    - Real-time techniques to help you mitigate the threat of spear phishing
  • The Rising Costs of Targeted Attacks on Financial Institutions Recorded: Aug 23 2012 61 mins
    Next-generation threats are aggressively targeting sensitive data, from high value M&A information to consumer PII. And, the increasing regulations around consumer and transaction data makes it more critical than ever to safeguard both the confidentiality as well as the integrity of the information.

    Due to the sophistication of malware as well as the explosion in the number and types of malware variants, traditional defenses like next-generation firewalls, IPS, antivirus, and gateways have been rendered ineffective. Also, with the many 3rd parties accessing your network, like auditors, consultants, and subsidiary organizations, it is increasingly difficult to maintain a secure network.

    This webcast explores the rising costs of targeted attacks and how you can protect against sophisticated malware.

    Learn more about:
    • Dynamic defenses to stop targeted attacks
    • How to block data exfiltration attempts over multiple protocols
    • Integrating inbound and outbound filtering to stop spear phishing
The leading provider of next generation threat protection
FireEye is the world leader in combating advanced malware, zero-day and targeted attacks that bypass traditional defenses, such as firewalls, IPS and antivirus.
  • Upcoming webinars (0)
  • Recorded webinars (28)
  • Subscribers (4,935)
Channel RSS feed
Up Down

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Taking Down the World's Largest Botnets: An Inside Look at Grum
  • Live at: Aug 14 2012 6:00 pm
  • Presented by: Atif Mushtaq, Sr. Staff Scientist, FireEye
  • From:
Your email has been sent.
or close
You must be logged in to email this
OK