Category: SANS Internet Storm Center

Tech tip follow-up: Using the data Invoked with R’s system command, (Fri, Jul 31st) 0

Tech tip follow-up: Using the data Invoked with R’s system command, (Fri, Jul 31st)

In follow up to yesterdays discussion re invoking OS commands with Rs system function, I wanted to show you just a bit of how straightforward it is to then use the resulting data. After grabbing the Windowssecurity event log with a call to Log Parser and writing it out to CSV, you have numerous options driven by whats interesting to you.Perhaps youre interested in counts per Event ID to say what your Top 10 events are. The issue is, that Log Parser just grabbed all of the”> secevt – read.columns(security.csv,c(EventID,TimeWritten,EventTypeName,Message), sep=,)”> EventID, TimeWritten, EventTypeName, Message”> columns into a new data frame, the contents of which are stored in”> the other 11 columns are no longer cluttering to the in-memory data set.

Malicious spam continues to serve zip archives of javascript files, (Wed, Jul 29th) 0

Malicious spam continues to serve zip archives of javascript files, (Wed, Jul 29th)

Introduction In January 2015, the Asprox botnet switched from sending malware attachments to spamming pornography and diet-related scams [ 1 ]. Since then, weve noticed an increase is a different type of malicious spam (malspam). This malspam haszip attachments containing javascript files (.js), and ituses the same type of subject lines we saw from the Asprox botnet prior to 2015 [ 1 ].