Thursday, October 09, 2008

Cybercriminals Abusing Lycos Spain To Serve Malware

Spanish cybercriminals have recently started taking advantage of the bogus accounts at Lycos Spain, which they seem to be registering on the...

Commoditization of Anti Debugging Features in RATs - Part Two

Yet another piece of malware promoted as a RAT (remote access tool) includes what's turning into the defacto set of anti-debugging feat...
Tuesday, October 07, 2008

Summarizing Zero Day's Posts for September

As usual, here's September's summary of all of my posts at Zero Day . You may also want to catch up and go through August's and...

A Diverse Portfolio of Fake Security Software - Part Eight

In the spirit of " taking a bite out of cybercrime ", here are the latest fake security software domains, typosquatted and already...

Web Based Malware Emphasizes on Anti-Debugging Features

Following the ongoing development of a particular web based malware, always comes handy in terms of assessing the commoditization of anti-d...
Monday, October 06, 2008

Fake Windows XP Activation Trojan Wants Your CVV2 Code

In a self-contradicting social engineering attempt, a malware author is offering to sale a ( updated version of Kardphisher) DIY fake Windo...
Friday, October 03, 2008

Inside a Managed Spam Service

A managed spam vendor always has to raise the stakes during its introduction period on the market. But what happens when a market follower ...

Syndicating Google Trends Keywords for Blackhat SEO

Several hundred Windows Live Spaces and AOL Journals , are currently syndicating the most popular keywords provided by Google Trends, and ar...
Thursday, October 02, 2008

Managed Fast Flux Provider - Part Two

We're slowly entering into a stage where RBN bullet proof hosting franchises are vertically integrating, and due to the requests from t...

Knock, Knock, Knockin' on Carder's Door

This video of Cha0's bust earlier this month in Turkey , is a perfect example of what happens when someone starts over-performing in the...

Monetizing Infected Hosts by Hijacking Search Results

When logs with accounting data are no longer of interest due to low liquidity on the underground market, monetization of the infected hosts ...

Copycat Web Malware Exploitation Kit Comes with Disclaimer

Such disclaimers make you wonder what's the point of including a notice forwarding the responsibility for the upcoming cybercrime activi...
Wednesday, October 01, 2008

Web Based Malware Eradicates Rootkits and Competing Malware

A tiny 20kb antivirus module within "yet another web based malware in the wild", promises to get rid of all Zeus variants, and als...
Tuesday, September 30, 2008

Identifying the Gpcode Ransomware Author

Interesting article, but it implies that there has been a shortage of quality OSINT regarding the campaigners behind the recent Gpcode targ...

A Diverse Portfolio of Fake Security Software - Part Seven

In case you haven't heard - Microsoft and the Washington state are suing a U.S based -- naturally -- "scareware" vendor Branc...
Monday, September 29, 2008

Modified Zeus Crimeware Kit Comes With Built-in MP3 Player

Modified versions of popular open source crimeware kits rarely make the headlines due to the fact that anyone can hijack a crimeware kit...

The Commercialization of Anti Debugging Tactics in Malware

Commoditization or commercialization, Themida or Code Virtualizer, individually crypting or outsourcing to an experienced malware crypting ...
Friday, September 26, 2008

Hijacking a Spam Campaign's Click-through Rate

This spammer is DomainKeys verified , a natural observation considering that the spam compaign which I discussed last Wednesday is using bo...
Thursday, September 25, 2008

250k of Harvested Hotmail Emails Go For?

$50 in this particular case, however, keeping in mind that the email harvester is anything but ethical, this very same database will be sold...
Wednesday, September 24, 2008

A Diverse Portfolio of Fake Security Software - Part Six

Thanks to misconfigured traffic management kits, not taking advantage of all the built-in features that could have made a research a little ...