SEARCH RESULTS
 
Showing 1-10 of 29 records
 
Expand article

The Random JS Malware Exploitation Kit

The Article has images
2008-01-15 20:49:56 by HASH0x8be7244 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
The Random JS infection kit as originally named by Finjan , is perhaps the first publicly announced malicious innovation for 2008, in fact I've managed to obtain a copy of a sample .js and witness the filename change on the next request combined with complete disappearance of any .js on the third visit. Here's some press coverage - " Over 10,000...
 
Tags: random, malware, random attack approach, cgi, local malware locations, cgi-bincert, cgi-binss, cgi-binoptions, cgi-binpstore
 
 
 
 
Expand article

Serving Malware Through Advertising Networks

The Article has images
2008-02-18 10:58:53 by HASH0x8bfe2fc in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
In need of fresh binaries and malware serving domains? Start feeding your honeyfarm, or professional interests by participating in an affiliate network -- just like pharmaceutical scammers do -- that's literally serving live exploit URLs and dropping malware in real-time Upon registering at xbanners.biz, you're enticed to IFRAME your web...
 
Tags: malware, php attempt, php, neosploit malware kit, xtraff, exploit, live exploit urls, urls, htm
 
 
 
 
Expand article

Yet Another Massive Embedded Malware Attack

The Article has images
2008-02-27 11:42:39 by HASH0x8b05fe8 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
The following central redirection point in a portfolio of exploits and malware serving domains - buytraffic.cn/in.cgi?11 is currently embedded at couple of hundred sites and forums across the web. And just like the many previous such examples, the process is automated to the very last stage. Repeated requests expose the entire domains portfolio,...
 
Tags: attack, malware attack, malware, free malware cocktails, anti-malware vendor, media malware gang, massive, entire domains portfolio, domains
 
 
 
 
Expand article

Phishing Tactics Evolving

The Article has images
2008-04-21 11:18:17 by HASH0x85bed5c in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
Malware authors, phishers and spammers have been actively consolidating for the past couple of years, and until they figure out to to vertically integrate and limit the participation of other pa rties in their activities, this development will continue to remain so. Malware infected hosts are not getting used as stepping stones these days, for...
 
Tags: halifax-online, halifax, mem binformslogin, user, user-142o3ds, web application vulnerabilities, mem binhalifax loginformslogin, vulnerable sites, turkish defacement
 
 
 
 
Expand article

Underground Multitasking in Action

The Article has images
2008-06-23 09:20:41 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
How many ways in which a malicious party can abuse its unauthorized access to a host, can you think of? In this example of remotely file included web backdoor (web shell) , we have a malicious party that's hosting a web spammer, planning to launch a phishing attack impersonating Halifax, locally hosting blackhat SEO junk pages redirecting to...
 
Tags: malicious, malicious domains, party, malicious party, php, multiple javascript obfuscations, javascript obfuscations, malicious activities, casino adware
 
 
 
 
Expand article

Have Your Malware In a Timely Fashion

The Article has images
2007-12-15 08:35:11 by HASH0x89f6724 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
Keep your allies close, the human right violators closer. French officials have been receiving lots of criticism by human rights groups regarding Moammar Gadhafi's visit in France, in fact Human Rights Watch issued a press release entitled Al-Qadhafi in France . Despite the logical response in the form of criticism, it's lacking the long-term...
 
Tags: malware, attack, malware attack, malware downloaders, media malware gang, loads, web site, site, php
 
 
 
 
Expand article

Spreading Malware Around the Christmas Tree

The Article has images
2007-12-24 18:33:57 by HASH0x896b164 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
Stormy Wormy is back in the game on the top of Xmas eve, enticing the end users with a special Xmas strip show for those who dare to download the binary. The domain merrychristmasdude.com is logically in a fast-flux, here are some more details Administrative, Technical Contact Contact Name: John A Cortas Contact Organization: John A Cortas...
 
Tags: contact, contact postal code, technical contact, server, contact organization, contact city, contact country, contact street1, contact phone
 
 
 
 
Expand article

Malware Serving Online Casinos

The Article has images
2007-11-29 16:37:13 by HASH0x8968208 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
Don't play poker on an infected table part two. The following three online casinos are currently serving embedded malware in the form of IFRAMES and the average javascript obfuscation The first one is poker.gagnantscasino.com (213.186.33.4) with current obfuscation loading statistics-gdf.cn/ad/index.php (116.0.103.133) where another obfuscation...
 
Tags: obfuscation, current obfuscation, obfuscation loads, play poker, poker, internal url statistics-gdf, statistics-gdf, average javascript obfuscation, php
 
 
 
 
Expand article

Links for 2008-01-04 [del.icio.us]

2008-01-05 00:00:00 by Editor in Anton Chuvakin Blog -
 
Looking in the crystal ball: 2007 in retrospect - heise Security http://www.networkworld.com/cgi-bin/mailto/x.cgi?pagetosend=/export/home/httpd/htdocs/news/2007/120607-can-mid-market-merchants-comply-with.html Security predictions for 2008 | InfoWorld | Column | 2008-01-04 | By Roger A. Grimes Database Logging: Option Number 3 | securosis.com
 
Tags: crystal ball, security predictions, heise security, cgi, infoworld, database, grimes, html, roger