Friday, March 07, 2008

Injecting IFRAMEs by Abusing Input Validation

More news coverage follows regarding the now fixed , injection of IFRAMEs at high page rank-ed sites owned by CNET Networks, in fact Sym...
Thursday, March 06, 2008

More CNET Sites Under IFRAME Attack

News is spreading fast, appropriate credit is given , but not as fast as the IFRAME campaign targeting several more CNET Networks' ...
Wednesday, March 05, 2008

Unprofessionally Piggybacking on my Research

Why did I bother to send this message to Full-Disclosure last night, despite that I already posted it here? Because I knew that this would ...

Rogue RBN Software Pushed Through Blackhat SEO

On numerous occasions in the past, I emphasized on the malicious attacker Keep it Simple Stupid (KISS) approach for anything starting from ...
Tuesday, March 04, 2008

ZDNet Asia and TorrentReactor IFRAME-ed

UPDATED: More CNET Sites Under IFRAME Attack ; Rogue RBN Software Pushed Through Blackhat SEO . This currently ongoing malware embedded at...
Monday, March 03, 2008

Embedding Malicious IFRAMEs Through Stolen FTP Accounts

Keywords for gaining attention from a marketing perspective for last week - embedded malware , IFRAMEs , stolen FTP accounts , Fortune 500 ...
Wednesday, February 27, 2008

RBN's Phishing Activities

As we're on the topic of RBN's zombies trying to connect to their old netblocks , and botnets being used to host and send out phishi...

Yet Another Massive Embedded Malware Attack

The following central redirection point in a portfolio of exploits and malware serving domains - buytraffic.cn/in.cgi?11 is currently embed...
Tuesday, February 26, 2008

RBN's Malware Puppets Need Their Master

Despite that it's already been a couple of months since RBN's main ASN got "withdrawn" from the Internet due the public...
Monday, February 25, 2008

The Continuing .Gov Blackhat SEO Campaign - Part Two

As it's becoming increasing clear that blackhat SEOers are actively experimenting with embedding their content on high pagerank sites, s...
Friday, February 22, 2008

Malware Infected Hosts as Stepping Stones

The following service that's offering socks hosts on demand, is pretty much like the Botnet on Demand one, with the only difference in ...
Thursday, February 21, 2008

Localizing Cybercrime - Cultural Diversity on Demand

Cultural diversity on demand is something I anticipated as a future malware trend two years ago - " Localization as a concept will att...

Malicious Advertising (Malvertising) Increasing

In the wake of the recent malvertising incidents, it's about time we get to the bottom of the campaigns, define the exact hosts and IPs ...
Wednesday, February 20, 2008

Uncovering a MSN Social Engineering Scam

This MSN scam trying to socially engineer end users into handling their accounting data by offering them the opportunity to supposidely see ...

The FirePack Web Malware Exploitation Kit

In a typical tactical warfare from a marketing perspective, malicious parties are fighting for "hearth share" of their potential c...
Monday, February 18, 2008

The Continuing .Gov Blackat SEO Campaign

Just like the situation in the previous case of injecting SEO content into .gov domains , once the pages are up and running, they get activ...

Serving Malware Through Advertising Networks

This summary is not available. Please click here to view the post.

Geolocating Malicious ISPs

Here are some of the ISPs knowingly or unknowingly providing infrastructure to the RBN and the New Media Malware Gang , a customer of th...

Massive Blackhat SEO Targeting Blogspot

With Blogspot's fancy pagerank and with Google's recent introduction of real-time content indexing of blogs using the service, the i...

Malware Embedded Link at Pod-Planet

The " the World's largest Podcast Directory " is currently embedded with a malicious link, whereas thankfully the campaign...