Windows Crash Reports and Intrusion Detection

Websense recently published a whitepaper discussing how to use Windows crash reports to identify intrusions. They took their analysis one extra step past detecting known attack signatures to look for new, unknown attacks.

While researching the whitepaper, Websense used their methodology to identify a new targeted attack against a mobile network provider and a government agency, and a new Zeus-based POS (Point of Sale terminal) attack.