Hello, welcome to the Thursday, March 30th, 2017 edition of the Santanet Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

Xavier today had an interesting example of one of the better-done fishing emails.

Of course, the problem sometimes with fishing exercises or

when we are showing fishing messages to users is that they're almost too obvious bad

in his case well he actually received a pretty good one that you certainly could

fall for it was one of those package delivery failed messages that didn't have

any typos. It looked just like the real thing. And of course, well, like many people, he orders a lot

of stuff online. So he did expect some deliveries. It's always good to throw in one of these better emails in order to really get

users ready for what they should expect from some of the more sophisticated fishing scams.

Encapsalize providing us with an update what's going on with the Merai botnet these days.

Now, Marai, of course, it's still around, it's still strong, there are still hundreds of thousands of hosts

that are in some form connected to one version or the other of these botnets.

And in Encapsulize's case, one part of that Myri Botnet was used to attack US College.

Sort of interesting here that they actually used a Layer 7 attack, which means they used

valid HTTP requests.

Now, overall, that's not really new for Mirai. Mirai had that

capability from the beginning and we have actually seen some denial of service attacks like

this from Internet of Things botnets before they were called Mirai. Sort of different here is that

the requests vary quite a bit, making, filtering even more

difficult. Most of these simple, in-in-of-of-things, botnets, if they attacked you, all of them

sent the same request. Here, user-achshund alike keeps changing. And then, then of course and that's again typical

...