Tuesday, September 04, 2007

Login Details for Foreign Embassies in the Wild

Login details for international embassies have been in the wild since August 30th in a full disclosure style : " Here is a list with...

DIY Exploits Embedding Tools - a Retrospective

Great analysis by the Spywareguide folks -- Chris Boyd and Peter Jayaraj in this assessment -- especially my deja vu moment with the King...
Monday, September 03, 2007

Spammers and Phishers Breaking CAPTCHAs

The emergence of CAPTCHA based authentication was a logical move in the fight against automated brute forcing of login details, registration...
Friday, August 31, 2007

Bank of India Serving Malware

Ryan at ZDNet's Security blog is reporting on the breached site of Bank of India , which in the time of blogging is still serving malw...

Malware as a Web Service

Popular malware tools such as binders and downloaders usually come in a typical software application form. Moreover, when I talk about malwa...
Thursday, August 30, 2007

Massive Online Games Malware Attack

Despite Storm Worm's worldwide media coverage, there're many other malware campaigns currently active in the wild, again exploiting...
Wednesday, August 29, 2007

Storm Worm's use of Dropped Domains

The daily updated Bleedingthreats.org's Rules to block Storm worm DNS and C&C keeps growing at a significant speed, and with the gr...

DIY Phishing Kits

In times when socially oriented bureaucrats are prompting such popular projects as the KisMAC and the Default Password List to seek hosti...
Tuesday, August 28, 2007

The Economics of Phishing

Years ago, phishing used to be like fishing at least in respect to the preparation and the patience required for the fisherman to catch some...
Sunday, August 26, 2007

Your Point of View - Requested!

Question : What is the most realistic scenario on what exactly happened in the recent DDoS attacks aimed at Estonia, from your point of vie...
Saturday, August 25, 2007

DIY Pharming Tools

In a previous post I discussed pharming from the perspective of abusing a DNS server and starting a wide-scale pharming attack. However, i...
Friday, August 24, 2007

Distributed WiFi Scanning Through Malware

Distributed computing through malware , OSINT thought botnets, distributed password cracking and distributed malicious economies of scale - ...

GIMF - "We Will Remain"

After having both of its blogs shut down , the Global Islamic Media Front issued a modest statement " Global Islamic Media Front: We w...
Wednesday, August 22, 2007

The Nuclear Malware Kit

Web based C&C malware kits are already a commodity, and with the source codes of MPack and IcePack freely available in the wild, modif...

Excuse Us for Our Insecurities

This Security Public Relations Excuse Bingo is very entertaining as it objectively provides random excuses that security vendors and public...
Tuesday, August 21, 2007

Offensive Storm Worm Obfuscation

Malware authors, often pissed off at the detection rates of their malware releases, tend to include offensive comments or messages within th...
Monday, August 20, 2007

RATs or Malware?

After the Shark 2 DIY Malware got the publicity it deserved as perhaps the most recent and publicly obtainable DIY malware , another DIY RA...
Friday, August 17, 2007

Analyses of Cyber Jihadist Forums and Blogs

Where are cyber jihadists linking to, outside their online communities? Which are the most popular file sharing and video hosting services u...
Thursday, August 16, 2007

534 Biographies of Jihadist Fighters

On the look for patterns of terrorist behaviour researchers often stereotype in order to portrait a terrorist. The Book of Martyrs (compiled...