With the fake subpoena e-mails and the FBI warning of fake grand jury summons, it does point to the phishmen going after information rather than being solely focused on stealing financial data.

Here is the FBI warning. Not sure if it ties into the spear phishing with the fake subpoenas.

http://www.fbi.gov/cyberinvest/e...vest/ escams.htm
ed dickson | Homepage | 04.19.08 - 4:25 am | #

I think I can provide an alternate perspective regarding what use enterprise customers would have for the sandbox. Security teams don't have a lot of time on their hands, so when some piece of malware gets through, whether it's due to malfunctioning A/V or whatever, we want to know what it is and what it's doing as quickly as possible. I may want to know what addresses it communicates with so I can look for related traffic or block the host, for example. It takes time to manually reverse malware (either static or dynamic), so the ability to drop something into a sandbox and get immediate information about its behavior has a lot of value. So it's more than just "is this bad or not," but the ability to quickly and easily get data I can act upon.
Tyler Krpata | Homepage | 04.23.08 - 1:36 pm | #