In part 1 of this blog, “Beyond the Zero Day” we focused on detecting malicious JVM [Java Virtual Machine] activity and identifying the ‘blob’ that was downloaded. No subsequent network activity was detected after the download, but that doesn’t discount successful malware delivery and deployment. We can certainly seize and forensically examine the host, but that might require massive time investment for an organization and we don’t even know what we’re looking for yet. The first place to start is by examining the Class file that kicked off the HTTP GET for our ‘blob’.
read more.........http://blogs.rsa.com/beyond-the-zero-day-reverse-engineering-malicious-class-files/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SecurityBloggersNetwork+%28Security+Bloggers+Network%29
read more.........http://blogs.rsa.com/beyond-the-zero-day-reverse-engineering-malicious-class-files/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SecurityBloggersNetwork+%28Security+Bloggers+Network%29