Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

Email: dancho.danchev@hush.com Bitcoin Donate: bc1qncspyks7uwdkyyxzxzp6zjgqlrwm3er3q88dju TOX ID: 53B409440A6DC34F1BA458869A0462D92C15B467AF6319D481CA353690C88667833A0EE82969

Monday, June 09, 2008

Using Market Forces to Disrupt Botnets

There's never been a shortage of radical approaches for disrupting the most successful botnets , but a surplus of ethics on behalf on r...

Thursday, June 05, 2008

Blackhat SEO Redirects to Malware and Rogue Software

A black SEO farm with built-in redirection to a multitude of sites serving rogue codecs (Zlob malware variants) and fake security software ...

Tuesday, June 03, 2008

Price Discrimination in the Market for Stolen Credit Cards

What would be the price of a stolen credit card with an already verified balance, and based on what factors would the sellers come up with t...

Monday, June 02, 2008

U.K's Crime Reduction Portal Hosting Phishing Pages

Poste Italiane seems to have relocated to a brand new location online, in this case the U.K's Crime Reduction Portal which is currently ...

Friday, May 30, 2008

Storm Worm Hosting Pharmaceutical Scams

With Storm's recent SQL injection and introduction of several new domains within, the very latest additions to their domain portfolio a...

Comcast.net not Hacked, DNS Records Hijacked

Two days ago in a show off move, the Kryogenics team managed to change the DNS records of Comcast.net , and consequently, redirect traffic ...

Tuesday, May 27, 2008

Malware Attack Exploiting Flash Zero Day Vulnerability

It's been a while since we've last witnessed malware attacks using zero day vulnerabilities, and the latest one exploiting a zero d...

Asprox Phishing Campaigns Dominated in April

According to the latest report from the Phishtank , a great resource for OSINT data, five IPs were hosting 6547 phishing campaigns in April,...

Monday, May 26, 2008

Yet Another Massive SQL Injection Spotted in the Wild

Another SQL injection attack was spotted in the wild during the last couple of hours, and while it continues remaining active, surprisingly...

Web 2.0 Privacy and Security Workshop - Papers Released

Last week, the 2008's W2Sp workshop held in Oakland, California and sponsored by the IEEE Symposium on Security and Privacy , made ava...

A Review of Hakin9 IT Security Magazine

A new issue of the Hakin9 - Hard Core IT Security Magazine is "in the wild", and since the editorial staff has been kind enough t...

How Does a Botnet with 100k Infected PCs Look Like?

Digitally ugly for sure, the point is that this malware campaign has been spreading pretty rapidly over MSN and AIM as of recently, and with...

Friday, May 23, 2008

The Icepack Exploitation Kit Localized to French

Bonjour! In a surprising move by the French blackhats, the Icepack web malware exploitation kit has been localized to French, further expand...

Thursday, May 22, 2008

Malware Domains Used in the SQL Injection Attacks

Whereas the value of these malicious domains lies in the historical preservation of evidence, as long as hundreds of thousands of sites cont...

Wednesday, May 21, 2008

Yet Another DIY Proprietary Malware Builder

Following the most recent proprietary web malware exploitation kits, and DIY malware tools found in the wild , this is among the latest m...

The Whitehouse.org Serving Malware

The Whitehouse.org a parody site of the original Whitehouse.gov is serving malware. From TrendMicro's blog : " According to Trend...

Tuesday, May 20, 2008

Pro-Serbian Hacktivists Attacking Albanian Web Sites

The rise of pro-kosovo web site defacement groups was marked in April, 2008, with a massive web site defacement spreading pro-kosovo propag...

Fake PestPatrol Security Software

Continuing the rogue security software series I've just stumbled upon a fake PestPatrol site - pest-patrol.com (85.255.121.181) host...

All You Need is Storm Worm's Love

The Storm Worm malware launched yet another spam campaign promoting links to malware serving hosts, in between a SQL injection related to St...

Monday, May 19, 2008

Fast-Fluxing SQL Injection Attacks

The botnet masters behind Asprox are converging tactics already, by fast-fluxing the SQL injected domains . Related URLs for this campaign :...

View web version

About Me

Dancho Danchev: Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com

View my complete profile

Powered by Blogger.