Wednesday, February 27, 2008

RBN's Phishing Activities

As we're on the topic of RBN's zombies trying to connect to their old netblocks , and botnets being used to host and send out phishi...

Yet Another Massive Embedded Malware Attack

The following central redirection point in a portfolio of exploits and malware serving domains - buytraffic.cn/in.cgi?11 is currently embed...
Tuesday, February 26, 2008

RBN's Malware Puppets Need Their Master

Despite that it's already been a couple of months since RBN's main ASN got "withdrawn" from the Internet due the public...
Monday, February 25, 2008

The Continuing .Gov Blackhat SEO Campaign - Part Two

As it's becoming increasing clear that blackhat SEOers are actively experimenting with embedding their content on high pagerank sites, s...
Friday, February 22, 2008

Malware Infected Hosts as Stepping Stones

The following service that's offering socks hosts on demand, is pretty much like the Botnet on Demand one, with the only difference in ...
Thursday, February 21, 2008

Localizing Cybercrime - Cultural Diversity on Demand

Cultural diversity on demand is something I anticipated as a future malware trend two years ago - " Localization as a concept will att...

Malicious Advertising (Malvertising) Increasing

In the wake of the recent malvertising incidents, it's about time we get to the bottom of the campaigns, define the exact hosts and IPs ...
Wednesday, February 20, 2008

Uncovering a MSN Social Engineering Scam

This MSN scam trying to socially engineer end users into handling their accounting data by offering them the opportunity to supposidely see ...

The FirePack Web Malware Exploitation Kit

In a typical tactical warfare from a marketing perspective, malicious parties are fighting for "hearth share" of their potential c...
Monday, February 18, 2008

The Continuing .Gov Blackat SEO Campaign

Just like the situation in the previous case of injecting SEO content into .gov domains , once the pages are up and running, they get activ...

Serving Malware Through Advertising Networks

This summary is not available. Please click here to view the post.

Geolocating Malicious ISPs

Here are some of the ISPs knowingly or unknowingly providing infrastructure to the RBN and the New Media Malware Gang , a customer of th...

Massive Blackhat SEO Targeting Blogspot

With Blogspot's fancy pagerank and with Google's recent introduction of real-time content indexing of blogs using the service, the i...

Malware Embedded Link at Pod-Planet

The " the World's largest Podcast Directory " is currently embedded with a malicious link, whereas thankfully the campaign...
Wednesday, February 13, 2008

Statistics from a Malware Embedded Attack

It's all a matter of perspective. For instance, it's one thing to do unethical pen-testing on the RBN's infrastructure , and ent...

Visualizing a SEO Links Farm

This visualization was generated over a month ago, using one of the two search engine optimization link farms I blogged about before, as a ...

The New Media Malware Gang - Part Three

Boutique cybercrime organizations are on the verge of extinction, and are getting replaced by cybercrime powerhouses, the indication for whi...

Anti-Malware Vendor's Site Serving Malware

Even though AvSoft Technologies isn't really enjoying a large market share, making the impact of this malware coming out of their site e...
Tuesday, February 12, 2008

BlackEnergy DDoS Bot Web Based C&Cs

Remember the Google Hacking for MPacks, Zunkers and WebAttackers experiment, proving that malicious parties don't even take the basic p...

U.K's FETA Serving Malware

Yet another high-profile malware embedded attack worth commenting on, just like the most recent one at the Dutch embassy in Moscow . Website...