Malicious Streams

Digging for Malware: Suspicious Filesystem Geography

Malware has moved to the forefront of the information security landscape. Malicious software is involved in nearly every major data breach.  While host-based anti-malware products are a must they are not getting the job done entirely.  The flood of ever changing malware continues to flow over the walls of protection and into our systems.  Once malicious files have embedded themselves, the challenge falls on the incident responders and forensics experts to identify, contain, and eradicate these threats.  This article is the first in a series focused on arming these responders with additional tools to accomplish the job.

This article will explore ways to discover malware by identifying suspicious filesystem locations most commonly used by malware.

Read More

PRESS RELEASE: Malicious Streams Named 2014 Verizon DBIR Contributor

Daleville, Virginia - February 26, 2014 - Malicious Streams is named as an official contributor to Verizon’s 2014 Data Breach Investigators Report.

Today Verizon unveils the list of official Verizon DBIR contributors at the annual RSA conference. The listed contributors span both public and private entities that cover threats across 95 different countries. According to Wade Baker of the Verizon RISK team, “The most disturbing trend we are seeing among the data is that hackers are getting better at their jobs and the security community is not improving fast enough to keep up in the fight against cybercrime”.

Malicious Streams is among those listed contributors, lending their international investigation data to the report. “We are proud to partner with Verizon and assist with building a more complete picture of this year’s data breaches," said company Founder & Chief Scientist, Joel Yonts.

Verizon Announcement:
2014 Data Breach Investigations Report to Represent Data from Nearly 50 Contributors

Malicious Streams Public Relations
44 Kingston Dr, Suite #249
Daleville, Virginia 24083


Identifying Persistence on Mac OS X

The need to persist tools and infections between reboots is critical for the cyber criminal. In the Microsoft Windows world, we have an established body of knowledge and tools for determining programs set to launch at startup. This same level of maturity does not exist for the Mac OS X platform. Even though details of OS X’s startup systems have been widely published, there is a lack of dissemination of this information within the Forensics community. Further, there exists a gap in open source tools to aid in the compilation of OS X startup items. The intent of this article is to explore the startup mechanisms of OS X and to introduce a basic tool to help with the examination of Mac OS X systems.
Read Article