4 December 2017 at 2:32pm
Janet network CSIRT recently provided guidance to a Janet-connected organisation that experienced a malware infection. The site performed a full analysis of the incident and wrote a post mortem of the event and the lessons learned from it. The report was created initially for internal use, but they have kindly allowed us to publish a redacted version, in case it is useful for other institutions: 1 Summary
13 June 2014 at 4:07pm
The period of protection offered by the joint action between the NCA and FBI ends at 00:00BST on Tuesday 17 June. We recommend that you take full advantage of the remaining time and clean up any infected hosts.
2 June 2014 at 4:39pm
As you may now be aware, the FBI and NCA are coordinating 'global day of action' against the Zeus-P2p and Cryptolocker families of malware. Law enforcement and industry partners will be collaborating to interrupt infrastructure vital to the malware's operation and to raise public awareness of these threats.
19 February 2014 at 9:35am
We've disabled our monitoring of netflow feeds for W32/Conficker/Downadup infections. Given the decreasing number of vulnerable systems, the wide awareness of this issue and the low threat posed by the malware we've decided it was no longer worth the effort and resources to maintain a system that was generating a handful of alerts each day. Our reports of infections will continue, but they'll only be sourced from data sent to us by third parties such as Shadowserver.
14 February 2014 at 8:50am
The recent TF-CSIRT meeting in Zurich included a talk by the Swiss telecoms regulator (like ours, called Ofcom, though their 'F' stands for Federal!) on the law covering websites in the .ch domain that distribute malware, normally as the result of a compromise.
11 July 2013 at 9:51am
Yesterday I attended a round-table for Nominet’s revised proposal for allowing registrations directly under the .uk domain.
11 June 2013 at 10:00am
Microsoft's recent take down of domains related to Citadel (a varient of Zeus) botnets has unfortunatly also taken down a number of sinkhole domains that were being used by researchers to monitor and report on Citadel infections. As a result of this our reporting of Citadel and Zeus infections may see a drop in the coming weeks. Any decrease in the number of infections seen at a particular site may be due to this lack of visibility.
29 April 2013 at 11:45am
Thanks to all those who have provided feedback on Nominet’s proposal to allow the creation of domains directly under .uk subject to certain conditions.
13 November 2012 at 4:43pm
An interesting paper from ENISA and the NATO Cyberdefence Centre illustrates the narrow space that the law allows for incident response, and the importance of ensuring that new laws don’t prevent incident response teams from protecting networks, systems, their users and information against attack.
Subscribe to malware