SEARCH RESULTS
 
Showing 1-10 of 29 records
 
Expand article

The Random JS Malware Exploitation Kit

The Article has images
2008-01-15 20:49:56 by HASH0x8be7244 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...cgi-bin/options.cgi?user id=3335213046&socks=6267&version id=904&passphrase=fkjvhsdvlksdhvlsd&crc=3c64cb2e uptime=00:00:58:38 back39409404.com/cgi-bin/options.cgi?user id=3335213046&socks=6267&version id=904&passphrase=fkjvhsdvlksdhvlsd&crc=3c64cb2e uptime=00:00:58:35 The following files are partly accessible at the still active C&C's, the...
 
Tags: random, malware, random attack approach, cgi, local malware locations, cgi-bincert, cgi-binss, cgi-binoptions, cgi-binpstore
 
 
 
 
Expand article

Serving Malware Through Advertising Networks

The Article has images
2008-02-18 10:58:53 by HASH0x8bfe2fc in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...cgi-bin/pl/affiliates/referral.cgi?referral=3098 (63.219.176.194 look.fxlayer.net/hop.php (87.98.255.2 hartnetwork.org/cgi-bin/in.cgi?p=1018b (216.246.31.236) - Neosploit malware kit Moreover, two other IFRAMEs within banner.php attempt to load a multitude of exploit serving URLs. xtraff.biz/ads1.htm loads winhex.org/tds/in.cgi?9...
 
Tags: malware, php attempt, php, neosploit malware kit, xtraff, exploit, live exploit urls, urls, htm
 
 
 
 
Expand article

Yet Another Massive Embedded Malware Attack

The Article has images
2008-02-27 11:42:39 by HASH0x8b05fe8 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...cgi?11 is currently embedded at couple of hundred sites and forums across the web. And just like the many previous such examples, the process is automated to the very last stage. Repeated requests expose the entire domains portfolio, where once the live exploit is served with the help of a javascript obfuscations, the binaries come into play....
 
Tags: attack, malware attack, malware, free malware cocktails, anti-malware vendor, media malware gang, massive, entire domains portfolio, domains
 
 
 
 
Expand article

Phishing Tactics Evolving

The Article has images
2008-04-21 11:18:17 by HASH0x85bed5c in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...cgi-bin/onlineid.bankofamerica/sso.login.controller user-142o3ds.cable.mindspring.com /halifax-online.co.uk/ mem bin/halifax LogIn/formslogin.aspsource=halifaxcouk stolnick-8marta-8b-r1-c1-45.ekb.unitline.ru /halifax-online.co.uk/ mem bin zux006-052-125.adsl.green.c h/onlineid/cgi-bin/onlineid.bankofamerica/sso.login.controller...
 
Tags: halifax-online, halifax, mem binformslogin, user, user-142o3ds, web application vulnerabilities, mem binhalifax loginformslogin, vulnerable sites, turkish defacement
 
 
 
 
Expand article

Underground Multitasking in Action

The Article has images
2008-06-23 09:20:41 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...cgi?2&1400397 tapki .cn/1.html?92465 dificalgot .net/s/in.cgi?2?1121268b0d022308 my-page-de .info?default.cgi magichotgaming .net allextra .com/best/go.php?sid=2&tds-parametr1=Taryn+Manning newextra .com/in.cgi?19&group=allextra drivemedirect .com/soft.php?aid=0358&d=3&product=XPA securityscannersite .com/2008/3/freescan.php?aid=880358 Sampe...
 
Tags: malicious, malicious domains, party, malicious party, php, multiple javascript obfuscations, javascript obfuscations, malicious activities, casino adware
 
 
 
 
Expand article

Have Your Malware In a Timely Fashion

The Article has images
2007-12-15 08:35:11 by HASH0x89f6724 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...cgi?14 (58.65.233.98) loads an IFRAME to fernando123.ws/forum/index.php (88.255.94.114) which is MPack hosting the actual binary at fernando123.ws/forum/load.php or fernando123.ws/forum/load.exe Detection rate : Result: 9/32 (28.13 File size: 43008 bytes MD5: 8ce2134060b284fa9826d8d7ca119f33 SHA1: 3074f95d6b54fa49079b20876efa0f4722e7fe7d As...
 
Tags: malware, attack, malware attack, malware downloaders, media malware gang, loads, web site, site, php
 
 
 
 
Expand article

Spreading Malware Around the Christmas Tree

The Article has images
2007-12-24 18:33:57 by HASH0x896b164 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...cgi-bin/in.cgi?p=100 where two javascipt obfuscations, courtesy of the Neosploit attack kit attempt to load. Current binary (stripshow.exe) has an over 50% detection rate 17/32 (53.13%). Stay tuned, AV vendors will reach another milestone on the number of malware variants detected, despite that compared to the real , massive Storm Worm...
 
Tags: contact, contact postal code, technical contact, server, contact organization, contact city, contact country, contact street1, contact phone
 
 
 
 
Expand article

Malware Serving Online Casinos

The Article has images
2007-11-29 16:37:13 by HASH0x8968208 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...cgi?5 which is now down The second casino is fabispalmscasino.com (82.165.121.138) with current obfuscation attempting to connect to the now down stat1count.net/strong , a host residing on a netblock I covered before showcasing a scammy ecosystem . The third one is sypercasino.com which was resolving to 203.117.111.102 early this week, and...
 
Tags: obfuscation, current obfuscation, obfuscation loads, play poker, poker, internal url statistics-gdf, statistics-gdf, average javascript obfuscation, php
 
 
 
 
Expand article

Links for 2008-01-04 [del.icio.us]

2008-01-05 00:00:00 by Editor in Anton Chuvakin Blog -
 
Looking in the crystal ball: 2007 in retrospect - heise Security http://www.networkworld.com/cgi-bin/mailto/x.cgi?pagetosend=/export/home/httpd/htdocs/news/2007/120607-can-mid-market-merchants-comply-with.html Security predictions for 2008 | InfoWorld | Column | 2008-01-04 | By Roger A. Grimes Database Logging: Option Number 3 | securosis.com
 
Tags: crystal ball, security predictions, heise security, cgi, infoworld, database, grimes, html, roger