Gary Warner

Gary Warner has been involved in Information Security Information Sharing since 1990 and has been working with law enforcement on Cybercrime issues since 2000. He is the CTO of Malcovery Security and the Director of Research in Computer Forensics at the University of Alabama at Birmingham (UAB)
Find me on:

Recent Posts

ASProx malware threat targets holiday shoppers

Posted by Gary Warner on Wed, Dec 3, '14

Last holiday season the operators of the ASProx bot had a tremendously successful infection season as they found new ways to prey on our greatest fears.  We have long known that the keys to successful social engineering are Fear and Greed.  When presented with compelling stimuli in the Fear and Greed category, criminals can count on a significant number of their potential victims temporarily suspending their InfoSec Awareness Training and clicking the link.  In December 2013, spammers used #ASProx to deliver fear in the form of a Failed Delivery email from CostCo, BestBuy, or WalMart.  Malcovery analysts identified more than 600 hacked websites that were used as intermediaries to prevent detection by causing the spammed links to point to websites that had been "known good" until the morning of the attack.  In addition to bypassing reputation systems in that way, criminals know they can bypass DMARC by using a FROM domain that is not at the vendor.

Read More

WhatsApp Spam: a malware distribution scam

Posted by Gary Warner on Mon, Feb 24, '14

On February 19, 2014, Facebook Announced the purchase of WhatsApp for $4 billion in cash and 183,865,778 shares of Facebook stock ($12 Billion in current value) plus an additional $3 billion in shares to the founders that will vest over four years, for a total purchase price of $19 Billion. Within 24 hours, spammers were using WhatsApp lures to attract traffic to counterfeit pharmaceutical websites! Journalists in the United States were scurrying trying to figure out what WhatsApp even is, let alone why it should be worth $19 Billion.

Read More

Target Breach: Lessons Learned

Posted by Gary Warner on Fri, Jan 24, '14

This is an excerpt from Special Report: Lessons Learned from the Target Breach, written by Malcovery CTO, Gary Warner. In the report, which was published earlier this week, we use the Heartland Payments Breach of 2010 as a case study for what might have occurred in the Target Breach. Keep reading or download the full report to learn more.

Read More
View Webinar Now