Taking Down the World's Largest Botnets: An Inside Look at Grum

Atif Mushtaq, Sr. Staff Scientist, FireEye
Botnets are controlled by sophisticated cybercriminals. Grum, the world's third-largest botnet, included a network of hundreds of thousands of infected computers perpetrating cybercrime and online fraud, impacting consumers and organizations worldwide.

Hear directly from a FireEye malware expert who led the effort to take down Grum, including:

• Distinct strategies for botnet takedowns
• Evolution of Grum
• Role of the research community in finding Grum master CnC servers
• A blow-by-blow account of how the criminals tried to salvage Grum and what's next

Learn how botnets operate and how research and technology from FireEye played a key role in dismantling four of the world's largest botnets since 2008, including Grum, Rustock, Ozdok/Mega-D, and Srizbi.
Aug 14 2012
49 mins
Taking Down the World's Largest Botnets: An Inside Look at Grum
More from this community:

IT Governance, Risk and Compliance

  • Live 1 and recorded (3292)
  • Upcoming (66)
  • Date
  • Rating
  • Views
  • Wall Street expects it and customer demand it – accountability from Sr. Executives for the future direction of their organizations. How can executives ensure their strategic plans are in action and on track? How can they shift and pivot to changing market conditions along with the risks and impacts to the long-term vision and goals? How do you thread accountability from planning to execution to results?

    Join this session, where David Werner, Senior Principal Product Marketing Manager, CA Technologies, speaks with Rick Morris, published Author and Owner/President of R2 Consulting about ways to bring more accountability through your strategic plan.
  • A recent analyst study found that 88% of organizations are “doing Project and Portfolio Management (PPM).” This finding could lead many to believe all is well with this critical business process so essential to strategic success. This is hardly the case as studies also show PPM is still generally immature in enterprises today. The lack of maturity is largely due to the fact that most organizations are addressing only a subset of PPM capabilities. So though almost every organization can lay claim to doing PPM, few are actually doing PPM for all its worth. Many of these organizations will continue to miss out on the incredible possibility and promise of this essential business capability until they grasp and appreciate the full scope and potential of PPM.

    One of the greatest barriers to realizing the full potential of PPM is an enterprise-wide awareness of the span of PPM and the likely gap that must be overcome to achieve it. There is a plethora of great PPM insight contained in the numerous books, methodologies, and frameworks available today, but using this volume of information to get everyone on the same page is a daunting challenge. The key is to use a simple approach and model to quickly establish a common understanding of this critical business discipline and to easily foster the conversations and discussions to drive the endeavor to raise PPM proficiency.

    This brief webcast will present a PPM model that is easy to remember, easy to communicate, and proven to quickly illuminate the gap between existing immature PPM processes and the full scope and potential of comprehensive Project and Portfolio Management.
  • At its most basic level, communication is the transfer of information and ideas between two or more entities. In the context of organizational project and program management, communication is a core competency that, when properly executed, connects every member of a project team to a common set of strategies, goals and actions. Unless these components are effectively shared by project leads and understood by stakeholders, project outcomes are jeopardized and budgets incur unnecessary risk. Effective communications leads to more successful projects, allowing organizations to become high performers and risk 14 times fewer dollars than their low-performing counterparts.

    This webinar reveals the communications challenges that prevent organizations from accomplishing more successful projects, and identifies key initiatives enable organizations to improve their communication as they face their own unique challenges in an ever-changing complex and risky environment.

    This session is approved for 1 Professional Development Unit (PDU) credit.
  • A recent comprehensive survey commissioned by CA revealed some very clear trends in portfolio management and provided evidence of what distinguishes a strong portfolio performer from a weak one.

    In this engaging presentation report author, Andy Jordan will explore these indicators and provide recommendations for how your organization can become more adaptable, agile and responsive to portfolio changes.

    Learn how you can build improved effectiveness into your portfolio execution approach, and how communication can contribute to your success.

    This event is approved for 1 Professional Development Unit (PDU) credit.
  • The C-level suite agrees that aligning business and technology objectives are an essential element in achieving what’s necessary to win, retain and serve their customers, however, are they putting their money where their mouths are? The data tells a different story. According to Forrester Research, while two thirds of CIOs and CMOs agree that the CMO is an active participant in strategic planning, the perception of CIO involvement varies significantly between the two roles. Moreover, half of surveyed PMO leaders feel they have all the tools in place to competently manage the portfolio pipeline. Companies are routinely adopting practices to deliver faster and better; it’s time for executives to do the same. Effectively managing a portfolio that enables business leaders to achieve their strategic objectives requires tooling that supports pragmatic practices in order to gather data at the right level and at the right time.

    This presentation examines portfolio management trends and best practices that high achieving organizations have applied to turbo charge their planning process.

    Forrester Research, Inc., The State Of Strategic Execution In 2015, January 27, 2015

    This event is approved for 1 Professional Development Unit (PDU) credit.
  • At a time when digital transformation is driving significant change across all industry sectors, it is critical that organizations are able to align functional and cross-functional project activities to their strategic objectives. In the digital economy, the lines between technology, new product development, applications, service delivery and change management are increasingly blurred, and it's vital for the business to have an integrated view, not only to support strategic planning and investment prioritization, but also to effectively manage these initiatives through execution. The project portfolio management process must also evolve to handle both fast-moving digital initiatives and longer-term projects, with a shortened feedback loop that engages project teams and business stakeholders, and provides visibility at all levels. This session will address topics including:

    ·How to align projects to business goals in planning AND execution
    ·Why PPM is vital for a digital project portfolio
    ·How PPM can unify cross-functional initiatives
    ·When to consider changes to PPM processes
    ·Why project visibility is critical to successful business change

    This event is approved for 1 Professional Development Unit (PDU) credit.
  • Connecting buyer & supplier: Das Zusammenspiel von Lieferanten und Einkäufern im B2B stellt von je her die Anforderung an noch mehr Geschwindigkeit aber auch an verlässliche und korrekte Informationen über Produkte und Dienstleistungen.

    In diesem Webinar erfahren Einkäufer und B2B Lieferanten alles über die neue Version von Informatica Procurement 8.0 und ...

    - Informatica Procurement im Überblick

    - Catalog Stream the B2B Commerce Machine: für bessere Integration und Datenqualität von Lieferanten durch die direkte Anbindung von PIM-Systemen.

    - Simple Order: Einfache Bestell- und Freigabeprozesse mit erweiterter ERP-Integration und E-Mail

    - Always Auto Content: Automatisches Katalog-Refresh für stets validen Content, perfekte Suchergebnisse bei neuen Katalogen – auch für Anwenderbasierte Sichten

    - Catalog Information Everywhere: Einfache Integration mit verbundenen Anwendungen auf Basis der Service API z.B. für mobile Apps.

    - Live-Demo & mehr…
  • The risks and opportunities which digital technologies, devices and media bring us are manifest. Cyber risk is never a matter purely for the IT team, although they clearly play a vital role. An organisation's risk management function need a thorough understanding of the constantly evolving risks as well as the practical tools and techniques available to address them
  • In this webinar we will examine what information security and threat analysts can expect in 2015. Topics will include using threat intelligence before and after data breaches, information sharing, the Internet of Things, and the role of the CISO.
  • Effective data governance requires the effective application of people, process, policy and technology to ensure consistent delivery of trusted, connected, and secure data across an enterprise.

    Organizations across all industries are investing in data governance to gain business value from their data to meet industry regulations, reduce the cost of doing business, and grow revenue and profits.

    In this webinar dedicated to data governance, Michael Wodzinski, Director of Information Architecture team, Lisa Bemis, Director of Master Data, and Fabian Torres, Director, Project Management at Houghton Mifflin Harcourt (HMH), global leader in publishing, will share their experiences in implementing a data governance program within HMH. Our guest speakers from HMH will discuss some of the unique data management challenges within HMH, how the data governance program has helped address those issues and open up new opportunities for the company. While walking you through their data governance journey, our guest speakers will offer their insights on how to establish a viable data governance practice in a complex enterprise environment, share their best practices and lessons learned. David Lyle, VP of Produce Strategy, from Informatica will share his observations in the data governance space, discuss Informatica’s data governance solutions and our thought leadership behind those offerings.
  • Channel
  • Channel profile
  • Enhancing a Security Posture with Network Forensics Mar 12 2015 5:00 pm UTC 45 mins
    Well-maintained perimeter defenses are a key part of any security strategy. Organizations increasingly recognize that they must also complement their perimeter defenses with strong forensics capabilities to investigate and analyze attacks. When attacked, an enterprise needs to be able to rapidly investigate and determine the scope and impact of the incident so they can effectively contain the threat and secure their network.
    In interactive this session, you will learn about:
    • The key use cases for network forensics
    • The typical organization that acquires network forensics technologies
    • How FireEye Enterprise Forensics enables the proper response to today’s cyber attacks
  • Protecting Government Assets in an Era of Cyber Warfare Mar 5 2015 4:00 pm UTC 60 mins
    FireEye recently released a new report that documents how and why governments around the world are turning to the cyber domain as a cost-effective way to spy on other countries, steal technology, and even wage war.

    Whether it’s sensitive military, diplomatic, or economic information, governments depend on the integrity of their data. If that data falls into the wrong hands, the consequences could be severe.

    In the wake of two apparent state- and government-sponsored attacks, APT1 and APT28, government agencies must understand why they are in attackers’ crosshairs, what attackers might be seeking, and how they can protect themselves.

    Join us for a dynamic discussion with subject matter experts where you will learn:

    •What makes your government-related organization an appealing target – whether you’re a political opponent, business, agency or vendor
    •Why it’s important to determine who could be planning an attack, their motives, and how they might carry out their goals
    •How to assess your level of preparedness and how to protect yourself if you are not ready for this new era of cyber warfare
  • Behind the Syrian Conflict's Digital Front Lines Recorded: Feb 19 2015 59 mins
    FireEye recently released a new report “Behind the Syrian Conflict’s Digital Frontlines” that documents a well-executed hacking operation that successfully breached the Syrian opposition.

    Between at least November 2013 and January 2014, the hackers stole a cache of critical documents and Skype conversations revealing the Syrian opposition’s strategy, tactical battle plans, supply needs, and troves of personal information and chat sessions. This data belonged to the men fighting against Syrian President Bashar al-Assad’s forces as well as media activists, humanitarian aid workers, and others within the opposition located in Syria, the region and beyond.

    We have only limited indications about the origins of this threat activity. Our research revealed multiple references to Lebanon both in the course of examining the malware and in the avatar’s social media use. While we do not know who conducted this hacking operation, if this data was acquired by Assad’s forces or their allies it could confer a distinct battlefield advantage.

    Join us for a roundtable discussion with subject matter experts where we’ll talk about the details of the report and explore surrounding topics, to include:

    • An overview of the conflict in Syria and why cyber-espionage is an increasingly important factor
    • An in-depth analysis of a critical breach of the Syrian opposition including an overview of the tools and techniques used by the threat actors

    All webinar attendees will receive a free copy of the new Syrian report. Register today!
  • Top Predictions for Security in 2015 Recorded: Dec 12 2014 40 mins
    From Cryptolocker to the Apple iOS vulnerability, there have been numerous high-profile breaches in 2014. With the ever-changing threat landscape and advanced cyber attacks showing no sign of slowing down, organizations need to be prepared as we head into 2015.

    Join our live webinar where Bryce Boland, CTO for Asia Pacific at FireEye, will share top, global security predictions and challenges for 2015. In this webinar:
    •Find out the top 10 security predictions for 2015 and how they impacts organizations
    •Discover the data that drove these predictions
    •Learn about key strategies to take a proactive stance against advanced attacks
  • Hacking the Street? FIN4 Likely Playing the Market Recorded: Dec 5 2014 58 mins
    This week FireEye released a new report called Hacking the Street? FIN4 Likely Playing the Market. This report focuses on a targeted threat group that we call FIN4 (Financially Motivated Group 4), whose tactics are surprisingly low-tech yet insidiously effective at obtaining access to confidential discussions at the highest levels of targeted companies. Our research suggests that FIN4 is likely targeting these companies in order to obtain advance knowledge of “market catalysts,” or events that cause the price of stocks to rise or fall dramatically.

    Join us for a roundtable discussion with subject matter experts where we’ll talk about the details of the report and explore surrounding topics, to include:

    • A deep dive into FIN4’s tactics and why they are simple yet surprisingly effective
    • How FIN4 may be monitoring insider communications for a trading advantage
    • Why FIN4 is different from other threat groups FireEye tracks
    • A profile of organizations at risk, and what they can do to protect themselves.

    All webinar attendees will receive a complimentary copy of the Hacking the Street? report.
  • APT 28: Cyber Espionage and the Russian Government? Recorded: Nov 4 2014 49 mins
    FireEye just released a report called APT28: A Window Into Russia's Cyber Espionage Operations? The report focuses on a targeted threat group that we call APT28 (Advanced Persistent Threat group 28) and details ongoing, focused operations that we believe indicate a government sponsor - most likely the Russian government.

    Join us for a roundtable discussion with Russian security expert, Edward Lucas of The Economist, and Jen Weedon, Manager of Threat Intelligence at FireEye.

    Discussion topics will include:

    •Russia's intentions and motivations in cyberspace
    •Whether APT28's activity supports Russia's geopolitical strategy
    •How Russian and Chinese network operations compare
    •Which organizations and agencies are most at risk
  • Building a Better Budget for Advanced Threat Detection and Prevention Recorded: Oct 28 2014 57 mins
    The cyber threat landscape is dramatically evolving, but one thing is certain – attackers are becoming more and more sophisticated, and most organizations are struggling to keep pace. In a recent IANS and FireEye survey, security practitioners and decision makers share their perspective on the type of attackers they’re dealing with, how they’re responding to the growing threat, and the effect on organizations that have experienced a breach.

    Join FireEye’s Chief Security Strategist (Forensics Group) Josh Goldfarb, and Dave Shackleford, IANS Lead Faculty, as they discuss:
    •The kinds of products and controls most organizations are implementing
    •What new technologies security teams are focusing on, and
    •How security budgets are changing to align with security’s growing importance to the enterprise

    This is one hour you will not want to miss!
  • Sidewinder Targeted Attack Against Android Recorded: Oct 14 2014 43 mins
    In this webinar, our experts will present one practical case of such attacks called "Sidewinder Targeted Attack." It targets victims by intercepting location information reported from ad libs, which can be used to locate targeted areas such as a CEO's office or some specific conference rooms. When the target is identified, "Sidewinder Targeted Attack" exploits popular vulnerabilities in ad libs, such as JavaScript-binding-over-HTTP or dynamic-loading-over-HTTP.

    Join us for this for this live session to learn:
    •How a Sidewinder Targeted Attack can disrupt and hijack the network where targeted victims reside
    •The risks of remote attacks on Android devices through apps downloaded from Google Play
    •Different forms of attacks to Android vulnerabilities
    •Current trends and best practices around mobile security
  • New Employee Success Tips: How to Drive Security Maturity Recorded: Sep 23 2014 45 mins
    Taking on security needs at a new organization can be complicated as you learn what’s currently in place, where the gaps are and the best way to drive change in your new organization. Get helpful guidance, beyond the technical details, from an experienced change agent.

    This talk will discuss some of the ways in which security can be approached as a business process, rather than as an enigma, including:

    •Your first 30 days: fame and foibles when taking over a new
    security program
    •Gauging your business executives: how to talk with senior
    business leaders and classify their responses to security in order
    to make your relationship more effective
    •Show me the money: how to review a security budget and quickly
    match it up against your new organization's risk profile
    •Finding strategic partners: a litmus test for discussions with key
    vendors to figure out who to trust and who is selling you a bridge
  • Reimagining Security – Adaptive Defense Strategy to Keep Pace with Attackers Recorded: Sep 19 2014 56 mins
    Threat actors’ tactics and motivations are evolving. Successful security teams continuously adapt to anticipate new tactics. That means adopting new approaches. Join us for this webinar, where we share FireEye’s point of view about how organizations can implement adaptive defense strategies that position them to detect, analyze and respond to security incidents of all kinds.

    FireEye’s CTO, Dave Merkel, will discuss how security teams can reduce the time to detect and resolve security incidents.

    Register for this webinar here.
  • A New Approach to IPS – Reduce Your Exposure and Costs Recorded: Sep 4 2014 35 mins
    Current IPS products are deficient for lots of reasons—they’re signature-based, unable to detect modern threats, and, they create excessive alerts that require additional resources to manage. Using an outdated protection model results in distracting false positives and a lack of actionable threat intelligence. Organizations need a holistic view of multi-vector attacks that goes well beyond what conventional IPS tools offer.

    In just 30 minutes, you’ll learn how to:

    * Confirm attacks via timely and validated threat notifications
    * Minimize time and resource investments resulting from false alerts
    * Consolidate known and unknown threats on a single platform
    * Create actionable insights by correlating threats to derive richer intelligence and speed incident response times

    Join FireEye for this brief webinar and discover a new approach to IPS. You’ll quickly realize how you can save your organization time, money, and reduce your exposure to the threats lurking out there.
  • State of the Hack: Spotlight on Healthcare Recorded: Aug 28 2014 34 mins
    Join us for this webinar where we’ll share our latest intelligence and recommend how healthcare, pharmaceutical and medical device manufacturers can protect themselves from attackers that target these industries.

    In this webinar we will cover:
    • Which threat actors target these industries?
    • What information do they typically steal?
    • What type of tools and tactics do attackers use to gain access?
    • What can we expect from these threat actors in the coming year?
    • How can organizations protect themselves from the attackers that
    are targeting them?
  • FLARE on Fire: Reverse Engineering with the FLARE Team Recorded: Aug 26 2014 58 mins
    Join us for this exciting webinar as we introduce the FireEye Labs Advanced Reverse Engineering (F.L.A.R.E.) and learn about:

    * FLARE's background, mission and industry-leading team members
    * Reversing Agent .BTZ (Case Study)
    * Reversing .NET samples (Case Study)
    * Proactive assessment of security software via RE (Case Study)

    You'll also get an in-depth look at two prevalent malware families and learn how to combat against these targeted attacks.
  • Speed Dating for Security Teams: Finding Alerts that Lead to Compromise Recorded: Aug 12 2014 46 mins
    This webinar will address the following topics:

    - How to quickly triage and validate the seemingly overwhelming volume
    of daily alerts
    - Strategies for prioritizing and throttling your workflow
    - Tools for querying intel and obtaining context
    - Approaches for creating an indicator management process
  • DeCryptoLocker: Relief for CryptoLocker Victims Recorded: Aug 6 2014 14 mins
    Join Uttang Dawda, FireEye's resident Malware Researcher, as he gives us a comprehensive overview of CryptoLocker and the FireEye and Fox-IT decryption solution for victims.
  • Understanding the Adversary: The Role of Intelligence in Your Security Strategy Recorded: Jul 22 2014 61 mins
    • What is an intelligence-led defense?
    • What is “adversary intel”? Where do you get it and how can you
    act on it?
    • What is “attribution” and how important is it?
    • What intel should a security organization maintain internally? How
    should it supplement this with 3rd party intel?
    • What is the right balance between detection-based intel and
    adversary intel
  • Cybersecurity’s Maginot Line: A Real-World Assessment of Defense-in-Depth Recorded: Jun 25 2014 60 mins
    Are you building another Maginot Line? France’s famed border defense was hailed as a military marvel in the run-up to World War II — and quickly rendered useless by new blitzkrieg-style warfare. In much the same way, many common cybersecurity tools are not stopping today’s attacks.
    In a first-of-its-kind study, we analyzed data from 1,216 organizations in 63 countries across more than 20 industries. FireEye sits behind other layers in the typical defense-in-depth architecture. That placement offers a unique vantage point to observe them in action.

    Here’s what we found:
    •97% of organizations were breached, even with multiple security layers.
    •More than one-fourth of all organizations experienced events consistent with advance persistent threat (APT) attacks.
    •Three fourths of organizations had active command-and-control communications.
    •Even after an organization was breached, attackers attempted to compromise the typical organization more than once per week (1.6 times) on average.

    Join us in a live briefing to discuss these findings and what they mean for your cyber defense plan.
  • Cover Your Assets: How to Keep Your Data Safe Recorded: Jun 12 2014 34 mins
    Cyber security experts suggest that it’s likely your organization’s data has already been breached. So rather than asking “what if?”, it’s time to ask “now what?”. Hackers use spear phishing and malware to target your trusted insiders, and then leverage stolen credentials to navigate the company network and gain access to the data center. Your data center is the ultimate goal for these attacks because it contains a concentration of sensitive data, as well as critical business applications.

    This session will discuss a risk-based approach to protecting critical files, databases, and sensitive applications from compromised users. Join us to learn how to minimize downtime, save time, and keep your employees productive during the remediation process. We will also discuss how to track and analyze user activity once malware is detected.
  • How to Use War-Gaming to Improve Response Capabilities Across Business Functions Recorded: Jun 12 2014 42 mins
    In this presentation we will cover how to use war-gaming to improve capabilities to respond to an attack across business functions. Too often, organizations leave response planning until a serious attack has occurred. With serious cyber breaches occurring more frequently and now impacting almost every major business function, a lack of effective planning can severely impact the ability of the business to respond.

    We will cover how cyber-security operating models will need to evolve, what best practice war gaming and incident response looks like, as well as approaches for developing a war gaming program.
  • Experts Panel - Beyond SIEM: Enterprise Security Monitoring Recorded: Jun 12 2014 59 mins
    Moderated by Richard Bejtlich, Chief Security Strategist, FireEye.

    When you think of “event data”, chances are good that you think of SIEM. If so, you may be missing out on much of the value of your logs for detecting, investigating and responding to security events.

    Based on extensive real-world experience with large organizations, the Enterprise Security Monitoring (ESM) philosophy extends current host-, network- and event-based collection strategies, bringing data from all three domains under one roof for a unified view of what’s going on inside your organization.

    In this session, our panelists will discuss key aspects of the ESM approach, including:
    • Data collection priorities based on your organization’s security goals
    • Enterprise-scale collection strategies
    • Deriving context from events
    • Integrating threat intelligence to improve detection and speed response
    • Increasing your adversaries’ costs using the “Pyramid of Pain” and “Detection Maturity Level” models

    This will be a very interactive session, with plenty of audience interaction. We welcome the tough questions. Come learn about a better way of fully leveraging the data you are already collecting to better protect your organization!
The leading provider of next generation threat protection
FireEye is the world leader in combating advanced malware, zero-day and targeted attacks that bypass traditional defenses, such as firewalls, IPS and antivirus.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Taking Down the World's Largest Botnets: An Inside Look at Grum
  • Live at: Aug 14 2012 6:00 pm
  • Presented by: Atif Mushtaq, Sr. Staff Scientist, FireEye
  • From:
Your email has been sent.
or close
You must be logged in to email this