Tuesday, January 23, 2018

Introduction to Dancho Danchev's Infowar Monitor 2.0

Dear blog readers it's been quite some time since I last posted a quality update following my dissapearance in 2010. I wanted to express my gratitude to everyone who participated in the search including colleagues and companies and wanted to say thanks for taking your time and effort to keep track and follow my research and disappearance.

As I've been busy working on Dancho Danchev's Blog - Mind Streams of Information Security Knowledge Infowar Monitor 2.0 I wanted to let you know that I've recently resumed my Twitter account following a successful career at Webroot Inc. including a short-term venture at GroupSense following a successful launch of my own company called Disruptive Individuals and Threat Data - the World's Most Comprehensive Threats Database including the Obmonix Platform - The World's Most Comprehensive Sensor Network, including a possible book writing project including a successful cyber security consultancy and a possible career opportunity request.

Let's take the time and effort to elaborate on what exactly InfoWar Monitor 2.0 aims to achieve including a detailed explanation of some of the key features of the newly launched portal-based type of research-based Information Security and Cybercrime Research and Threat Intelligence gathering community. Users interested in contributing with content including blog contribution including partnership sponsorship and possible advertising requests can approach me at dancho.danchev@hush.com

01. What is Inforwar Monitor 2.0?
Inforwar Monitor 2.0 aims to build the World's largest and most comprehensive community for Information Security, threat intelligence gathering and cybercrime research. Managed and operated by Dancho Danchev the World's leading expert in Information Security and cybercrime research and threat intelligence gathering the community seeks to provide information data and knowledge to thousands of users globally.

Among the key features include:
- Daily Security News Coverage
- Information Security Videos
- Security and Hacking eBook
- Security Newsletter
- Information Security Podcast
- Security and Hacking E-Zine
- Security Mailing List
- Daily Intelligence Brief
- Closed Security Community

02. What is Disruptive Individuals?
Disruptive Individuals is a research-intensive data-driven company successfully establishing the world's largest snapshot of malicious cybercrime activity for the purpose of offering the industry the world's most versatile portfolio of malicious cybercrime-driven services successfully positioning itself as the world's leading provider of real-time intelligence-driven services and product portfolio including cybercrime-research data malicious activity profiling services and custom-tailored intelligence assessments successfully positioning the company as the world's leading provider of cybercrime-data driven research-intensive intelligence data-driven company.

03. What is the Obmonix Platform?
The Obmonix platform aims to build the World's most versatile and comprehensive sensor network for intercepting monitoring and responding to cybercrime and cyber jihad events successfully deploying a variety of proprietary sensor network based of honeypot appliances industry-wide partnership including the utilization of proprietary cybercrime and cyber jihad forum and community monitoring and infiltration campaigns successfully positioning the platform as the leading indicator for cybercrime and cyber jihad activity globally empowering the operator law enforcement and the security industry with then necessary tactics techniques and procedures (TTPs) for successfully responding and monitoring cybercrime and cyber jihad activity globally leading to successful launch of the Disruptive Individuals startup successfully serving the needs of the Intelligence Community, the security industry and law enforcement agencies globally successfully anticipating an emerging set of malicious and fraudulent tactics techniques and procedures successfully protecting millions of users globally.

04. What is Threat Data?
Threat Data is the industry's leading and most versatile JSON-capable threats database successfully empowering companies and security researchers with the necessary knowledge to stay ahead of current and emerging threats, further, positioning their company and enterprise on the top of its game.

- Russian Business Network coverage
- Koobface Botnet coverage
- Kneber Botnet coverage
- Hundreds of IOCs (Indicators of Compromise)
- Tactics Techniques and Procedures In-Depth Coverage
- Malicious and fraudulent infrastructure mapped and exposed
- Malicious and fraudulent Blackhat SEO coverage
- Malicious spam and phishing campaigns
- Malicious and fraudulent scareware campaigns
- Malicious and fraudulent money mule recruitment scams
- Malicious and fraudulent reshipping mule recruitment scams
- Web based mass attack compromise fraudulent and malicious campaigns
- Malicious and fraudulent client-side exploits serving campaigns

Potential users and clients interested in obtaining access to Threat Data including a possible trial and a sample can approach me at dancho.danchev@hush.com

Stay tuned!

Saturday, January 20, 2018

Dissecting the Latest Koobface Facebook Campaign

The latest Koobface malware campaign at Facebook, is once again exposing a diverse ecosystem worth assessing in times of active migration to alternative ISPs tolerating or conveniently ignoring the malicious activities courtesy of their customers. The -- now removed -- binaries that the dropper was requesting were hosted at the American International Baseball Club in Vienna, indicating a compromise.

us.geocities .com/adanbates84/index.htm
lostart .info/js/js.js (
off34 .com/go/fb.php (
youtube-spyvideo .com/youtube_file.html (
ahdirz .com/movie1.php?id=638&n=teen (
top100clipz .com/m6/movie1.php?id=638&n=teen (
hq-vidz .com/movie1.php?id=638&n=teen (

The dropper then phones back home to : f071108 .com/fb/first.php ( with the binaries hosted at a legitimate site that's been compromised :

aibcvienna.org/youtube/ bnsetup24.exe
aibcvienna.org/youtube/ tinyproxy.exe

Related fake Youtube domains participating :
catshof .com (
youtube-spy .info (
youtubehof .net (
youtube-spyvideo .com (
yyyaaaahhhhoooo.ocom .pl (
youtube-x-files .com (

The development of cybercrime platforms utilizing legitimate infrastructure only, has always been in the works. With spamming systems relying exclusively on the automatically registered email accounts at free web based providers, to the automatic bulk registration of hundreds of thousands of domains enjoying a particular domain registrar's weak anti-abuse policies, it would be interesting to monitor whether marginal thinking or improved OPSEC relying on compromised hosts will be favored in 2009.

Related posts:
Fake YouTube Site Serving Flash Exploits
Facebook Malware Campaigns Rotating Tactics
Phishing Campaign Spreading Across Facebook
Large Scale MySpace Phishing Attack
Update on the MySpace Phishing Campaign
MySpace Phishers Now Targeting Facebook
MySpace Hosting MySpace Phishing Profiles