Get to know # Rob Downs *** ** * ** *** Blogs by Rob Downs Sort By: Recent Recent Popular *** ** * ** *** [](https://www2.paloaltonetworks.com/blog/2016/08/unit42-exploring-the-cybercrime-underground-part-2-the-forum-ecosystem/) ## [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown) ### [Exploring the Cybercrime Underground: Part 2 -- The Forum Ecosystem](https://www2.paloaltonetworks.com/blog/2016/08/unit42-exploring-the-cybercrime-underground-part-2-the-forum-ecosystem/) In this second part of Unit 42's Cybercrime Underground blog series, we dive into the cybercrime forum ecosystem and focus on observed cybercriminal roles, as well as prevalent tools and services bought ... Aug 29, 2016 By [Vicky Ray](https://www.paloaltonetworks.com/blog/author/vicky-khan/?ts=markdown "Posts by Vicky Ray") and [Rob Downs](https://www.paloaltonetworks.com/blog/author/rob-downs/?ts=markdown "Posts by Rob Downs") *** ** * ** *** [](https://www2.paloaltonetworks.com/blog/2016/08/unit42-exploring-the-cybercrime-underground-part-1-an-introduction/) ## [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown) ### [Exploring the Cybercrime Underground: Part 1 -- An Introduction](https://www2.paloaltonetworks.com/blog/2016/08/unit42-exploring-the-cybercrime-underground-part-1-an-introduction/) This post is the first in a series by Unit 42 covering the cybercrime underground. Cybercrime persists as an epidemic that continues to worsen every year, with associated impacts and losses steadily ... Aug 19, 2016 By [Rob Downs](https://www.paloaltonetworks.com/blog/author/rob-downs/?ts=markdown "Posts by Rob Downs") and [Vicky Ray](https://www.paloaltonetworks.com/blog/author/vicky-khan/?ts=markdown "Posts by Vicky Ray") *** ** * ** *** [](https://www2.paloaltonetworks.com/blog/2016/02/locky-new-ransomware-mimics-dridex-style-distribution/) ## [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown) ### [Locky: New Ransomware Mimics Dridex-Style Distribution](https://www2.paloaltonetworks.com/blog/2016/02/locky-new-ransomware-mimics-dridex-style-distribution/) Ransomware persists as one of the top crimeware threats thus far into 2016. While the use of document-based macros for ransomware distribution remains relatively uncommon, a new family calling itself "Locky" has ... Feb 16, 2016 By [Brandon Levene](https://www.paloaltonetworks.com/blog/author/brandon-levene/?ts=markdown "Posts by Brandon Levene"), [Micah Yates](https://www.paloaltonetworks.com/blog/author/micah-yates/?ts=markdown "Posts by Micah Yates") and [Rob Downs](https://www.paloaltonetworks.com/blog/author/rob-downs/?ts=markdown "Posts by Rob Downs") *** ** * ** *** [](https://www2.paloaltonetworks.com/blog/2016/02/a-look-into-fysbis-sofacys-linux-backdoor/) ## [Malware](https://www.paloaltonetworks.com/blog/category/malware-2/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown) ### [A Look Into Fysbis: Sofacy's Linux Backdoor](https://www2.paloaltonetworks.com/blog/2016/02/a-look-into-fysbis-sofacys-linux-backdoor/) Introduction The Sofacy group, also known as APT28 and Sednit, is a fairly well known cyber espionage group believed to have ties to Russia. Their targets have spanned all across the world, ... Feb 12, 2016 By [Bryan Lee](https://www.paloaltonetworks.com/blog/author/bryan-lee/?ts=markdown "Posts by Bryan Lee") and [Rob Downs](https://www.paloaltonetworks.com/blog/author/rob-downs/?ts=markdown "Posts by Rob Downs") *** ** * ** *** [](https://www2.paloaltonetworks.com/blog/2015/12/adversaries-and-their-motivations-part-3/) ## [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown) ### [Adversaries and Their Motivations (Part 3)](https://www2.paloaltonetworks.com/blog/2015/12/adversaries-and-their-motivations-part-3/) In part three of the Adversaries and Their Motivations blog series, we'll explore the following top-level actor motivations: Cyber Warfare, Cyber Terrorism, and Cyber Mischief. Even Fuzzier Boundaries The high-level actor motivations ... Dec 03, 2015 By [Rob Downs](https://www.paloaltonetworks.com/blog/author/rob-downs/?ts=markdown "Posts by Rob Downs") *** ** * ** *** Load more *** ** * ** *** Blogs by Rob Downs Sort By: Popular Popular Recent *** ** * ** *** [](https://www2.paloaltonetworks.com/blog/2014/12/follow-vba-initiated-infostealer-campaign-exploring-related-malware-actors/) ## [Malware](https://www.paloaltonetworks.com/blog/category/malware-2/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown) ### [Follow-On to VBA-Initiated Infostealer Campaign: Exploring Related Malware ...](https://www2.paloaltonetworks.com/blog/2014/12/follow-vba-initiated-infostealer-campaign-exploring-related-malware-actors/) In late October, we began examination of a VBA-initiated Infostealer campaign. This blog post follows up on additional information we gathered on related malware and associated actors. Pivot On Initial Predator Pain ... Dec 03, 2014 By [Rob Downs](https://www.paloaltonetworks.com/blog/author/rob-downs/?ts=markdown "Posts by Rob Downs") and [Vicky Ray](https://www.paloaltonetworks.com/blog/author/vicky-khan/?ts=markdown "Posts by Vicky Ray") *** ** * ** *** [](https://www2.paloaltonetworks.com/blog/2014/08/new-release-decrypting-netwire-c2-traffic/) ## [Threat Advisories - Advisories](https://www.paloaltonetworks.com/blog/category/threat-advisories-advisories/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown) ### [New Release: Decrypting NetWire C2 Traffic](https://www2.paloaltonetworks.com/blog/2014/08/new-release-decrypting-netwire-c2-traffic/) On July 22, Palo Alto Networks threat intelligence team, Unit 42, released our first report on the evolution of "Silver Spaniel" 419 scammers. Of particular note is how these actors use a ... Aug 04, 2014 By [Phil Da Silva](https://www.paloaltonetworks.com/blog/author/phil-da-silva/?ts=markdown "Posts by Phil Da Silva"), [Rob Downs](https://www.paloaltonetworks.com/blog/author/rob-downs/?ts=markdown "Posts by Rob Downs") and [Ryan Olson](https://www.paloaltonetworks.com/blog/author/ryan-olson/?ts=markdown "Posts by Ryan Olson") *** ** * ** *** [](https://www2.paloaltonetworks.com/blog/2014/08/backoff-citadel-abuse-remote-access-tools/) ## [Threat Advisories - Advisories](https://www.paloaltonetworks.com/blog/category/threat-advisories-advisories/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown) ### [Backoff and Citadel Abuse Remote Access Tools](https://www2.paloaltonetworks.com/blog/2014/08/backoff-citadel-abuse-remote-access-tools/) Recent events continue to highlight the abuse of remote access applications in the enterprise. Last Tuesday, Trusteer reported that a new variant of Citadel, which has long relied on VNC to give ... Aug 04, 2014 By [Rob Downs](https://www.paloaltonetworks.com/blog/author/rob-downs/?ts=markdown "Posts by Rob Downs") and [Ryan Olson](https://www.paloaltonetworks.com/blog/author/ryan-olson/?ts=markdown "Posts by Ryan Olson") *** ** * ** *** [](https://www2.paloaltonetworks.com/blog/2014/08/attacks-east-asia-using-google-code-command-control/) ## [Threat Advisory/Analysis](https://www.paloaltonetworks.com/blog/category/threat-advisory-analysis/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown) ### [Attacks on East Asia using Google Code for Command and Control](https://www2.paloaltonetworks.com/blog/2014/08/attacks-east-asia-using-google-code-command-control/) Recently, FireEye published a blog titled "Operation Poisoned Hurricane" which detailed the use of PlugX malware variants signed with legitimate certificates that used Google Code project pages for command and control (C2). ... Aug 15, 2014 By [Jen Miller-Osborn](https://www.paloaltonetworks.com/blog/author/jen-miller-osborn/?ts=markdown "Posts by Jen Miller-Osborn") and [Rob Downs](https://www.paloaltonetworks.com/blog/author/rob-downs/?ts=markdown "Posts by Rob Downs") *** ** * ** *** [](https://www2.paloaltonetworks.com/blog/2014/08/pivot-google-code-c2-reveals-additional-malware/) ## [Malware](https://www.paloaltonetworks.com/blog/category/malware-2/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown) ### [Pivot on Google Code C2 Reveals Additional Malware](https://www2.paloaltonetworks.com/blog/2014/08/pivot-google-code-c2-reveals-additional-malware/) Last week, we reported on attacks observed against East Asia that used Google Code for command and control (C2). As follow-on to that work, we pivoted on the C2 indicators of compromise ... Aug 21, 2014 By [Rob Downs](https://www.paloaltonetworks.com/blog/author/rob-downs/?ts=markdown "Posts by Rob Downs") and [Ryan Olson](https://www.paloaltonetworks.com/blog/author/ryan-olson/?ts=markdown "Posts by Ryan Olson") *** ** * ** *** Load more {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language