Wednesday, March 24, 2010

Zeus Crimeware/Client-Side Exploits Serving Campaign in the Wild

UPDATED: Friday, March 26, 2010: In a typical multi-tasking fashion like the one we've seen in previous campaigns, more typosquatted dom...
Tuesday, March 23, 2010

GazTransitStroy/GazTranZitStroy: From Scareware to Zeus Crimeware and Client-Side Exploits

Remember 2009's GazTransitStroy/GazTranZitStroy LLC, AS29371 ? The fake Russian gas company whose motto was " In gaz we trust ...
Saturday, March 20, 2010

Keeping Money Mule Recruiters on a Short Leash - Part Three

UPDATED: 7 minutes after notification, EUROACCESS responded that the IPs mentioned within the AS " have been blackholed for the time b...

The Current State of the Crimeware Threat

With Zeus crimeware infections reaching epidemic levels, two-factor authentication under fire , and the actual DIY (do-it-yourself) kit ...
Monday, March 15, 2010

Koobface Redirectors and Scareware Campaigns Now Hosted in Moldova

Just how greedy has the Koobface gang become these days? Very greedy. In fact, their currently active scareware campaigns operate with a cha...
Friday, March 12, 2010

Scareware, Sinowal, Client-Side Exploits Serving Spam Campaign in the Wild

AS50215 Troyak-as customers are back, with an ugly mix of scareware, sinowal, and client-side exploits serving campaign using the " Y...
Thursday, March 11, 2010

Money Mule Recruiters on Yahoo!'s Web Hosting

UPDATED: Saturday, March 13, 2010 - Yahoo! Web Hosting abuse just pinged me that " We have investigated the sites and taken the necessa...
Wednesday, March 10, 2010

AS50215 Troyak-as Taken Offline, Zeus C&Cs Drop from 249 to 181

2nd update for Friday, March, 12, 2010 - Troyak-AS is down again - " This AS is not currently used to announce prefixes in the global ...