Wednesday, February 13, 2008

Statistics from a Malware Embedded Attack

It's all a matter of perspective. For instance, it's one thing to do unethical pen-testing on the RBN's infrastructure , and ent...

Visualizing a SEO Links Farm

This visualization was generated over a month ago, using one of the two search engine optimization link farms I blogged about before, as a ...

The New Media Malware Gang - Part Three

Boutique cybercrime organizations are on the verge of extinction, and are getting replaced by cybercrime powerhouses, the indication for whi...

Anti-Malware Vendor's Site Serving Malware

Even though AvSoft Technologies isn't really enjoying a large market share, making the impact of this malware coming out of their site e...
Tuesday, February 12, 2008

BlackEnergy DDoS Bot Web Based C&Cs

Remember the Google Hacking for MPacks, Zunkers and WebAttackers experiment, proving that malicious parties don't even take the basic p...

U.K's FETA Serving Malware

Yet another high-profile malware embedded attack worth commenting on, just like the most recent one at the Dutch embassy in Moscow . Website...
Monday, February 11, 2008

GCHQing with the Honeynet Project

Nothing's impossible, the impossible just takes a little longer. If someone told me an year ago that I'll be presenting next to the ...
Thursday, January 31, 2008

The Shark3 Malware is in the Wild

Life's too short to live in uncertainty, the stakes are too high. A month ago, I indicated the upcoming release of the third version o...
Monday, January 28, 2008

The Dutch Embassy in Moscow Serving Malware

The Register reports that the Royal Netherlands Embassy in Moscow was serving malware to its visitors at the beginning of last week : ...
Monday, January 21, 2008

Mujahideen Secrets 2 Encryption Tool Released

Originally introduced by the Global Islamic Media Front (GIMF), the second version of the Mujahideen Secrets encryption tool was releas...

E-crime and Socioeconomic Factors

Interesting points by F-Secure with two main issues covered, namely the lack of employment opportunities for skilled IT people who turn to ...
Thursday, January 17, 2008

DIY Fake MSN Client Stealing Passwords

This tool deserves our attention mostly because of its do-it-yourself (DIY) nature , just like the many other related ones I discussed ...
Wednesday, January 16, 2008

Storm Worm's St. Valentine Campaign

The Riders on the Storm Worm started riding on yet another short term window of opportunity as always - St. Valentine's day with a mass...
Tuesday, January 15, 2008

The Random JS Malware Exploitation Kit

The Random JS infection kit as originally named by Finjan , is perhaps the first publicly announced malicious innovation for 2008, in fact ...

RBN's Fake Account Suspended Notices

In the last quarter of 2007, under the public pressure put on the Russian Business Network's malicious practices, the RBN started faking...
Monday, January 14, 2008

PAINTing a Botnet IRC Channel

I suppose that even for a script kiddie it takes extra time and patience to come up with such a spoofed IRC channel getting crowded with inf...

The Pseudo "Real Players"

What happened with the recent RealPlayer massive embedded malware attack ? Two of the main hosts are now, and the third one ucmal.com/0.js ...
Thursday, January 10, 2008

Malware Serving Exploits Embedded Sites as Usual

The combination of the recent RealPlayer exploit and MDAC is a fad, but the very same is getting embraced in the short-term by malicious p...
Tuesday, January 08, 2008

The Invisible Blackhat SEO Campaign

Count this as a historical example of a blackhat SEO campaign, and despite that "Fresh Afield's" blog ( blogs.mdc.mo.gov ) is ...
Monday, January 07, 2008

MySpace Phishers Now Targeting Facebook

The "campaigners" behind the MySpace phishing attack which I briefly assessed in previous posts seem to have started targeting F...