Monday, May 05, 2008

MySpace Hosting MySpace Phishing Profiles

The ongoing arms race between phishers and social networking sites, is a great example of how malicious parties continue to be a step ahead ...
Friday, May 02, 2008

Segmenting and Localizing Spam Campaigns

One-to-many or one-to-one communication channel? That's the questions from a spammer's perspective. Given that spammers have long em...

Testing Signature-based Antivirus Products Contest

This is both interesting, yet irrelevant and outdated as well : " The Race to Zero contest is being held during Defcon 16 at the Rivie...
Wednesday, April 30, 2008

Detection Rates for Malware in the Wild

Yet another Early Warning Security Event System has been made available to the public, earlier this month. The Malware Threat Center is cu...

Fake Directory Listings Acquiring Traffic to Serve Malware

Malicious parties are known to deliver what the unsuspecting and unaware end user is searching for, by persistently innovating at the infect...

Response Rate for an IM Malware Attack

Remember the MSN Spamming Bot in action ? Consider this screenshot not just as a real-example of IM spamming in action, but also, pay attent...
Tuesday, April 29, 2008

New DIY Malware in the Wild

Yet another do-it-yourself malware is getting pitched as one with low detection rate due to its proprietary nature , following the logic tha...
Monday, April 28, 2008

DIY Exploit Embedding Tool - A Proprietary Release

Remember the reprospective on DIY exploit embedding tools , those cybercrime 1.0 point'n'click exploits serving generators? Despite ...

Web Site Defacement Groups Going Phishing

Following a recent post commenting on changing phishing tactics , more evidence of web site defacement groups' vertical integration in t...
Sunday, April 27, 2008

The FirePack Exploitation Kit - Part Two

Has the web malware exploitations kits cash bubble popped already? A recently released, yet another proprietary version of the Firepack malw...
Saturday, April 26, 2008

A Botnet Master's To-Do List

Directory climbing it all of its simplicity, and OSINT quality , just like it's happened before. The process of developing malware bots ...
Thursday, April 24, 2008

Crimeware in the Middle - Zeus

Virtual greed, or response rate optimization? The idea of converging phishing emails with embedded exploits and banking malware is nothing n...
Wednesday, April 23, 2008

The United Nations Serving Malware

Yet another massive SQL injection attack is making its rounds online, and this time without the SEO poisoning as an attack tactic , has mana...

The DDoS Attack Against CNN.com

The DDoS attack against CNN.com, whether successful or not in terms of the perspective of complete knock-out, which didn't happen, is a ...
Tuesday, April 22, 2008

Chinese Hacktivists Waging People's Information Warfare Against CNN

Empowering and coordinating script kiddies by releasing DIY DDoS tools (backdoored as well) during the DDoS attacks against Estonia for in...