SEARCH RESULTS
 
Showing 1-10 of 18 records
 
Expand article

Riders on the Storm Worm

The Article has images
2007-12-28 11:35:58 by HASH0x89eeda4 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...descriptive domains. It seems they've also changed the layout as well, and despite that the exploit IFRAME is now gone, automatically registered Blogspot accounts are also disseminating links to the domains. Some of these have been registered as of recently, others have been around in a blackhat SEO operation for a while and are getting used...
 
Tags: storm worm, storm worm campaign, storm, campaign, technical contact, contact, highly descriptive domains, sample blogspot urls, descriptive domains
 
 
 
 
Expand article

Pushdo - Web Based Malware as Usual

The Article has images
2007-12-19 18:01:44 by HASH0x89b80bc in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...descriptive use of POST variables to a malware's C&C server have been around for the last couple of years. What has logically changed is the added layer of obfuscation and complexity to make it hard to assess what does such a URL actually mean The malware to be downloaded by Pushdo depends on the value following the "s-underscore" part of...
 
Tags: malware, web based malware, pushdo, botnet masters circa, botnet masters, nuclear malware kit, botnet, pushdo author, botnet communication platforms
 
 
 
 
Expand article

The Dutch Embassy in Moscow Serving Malware

The Article has images
2008-01-28 16:07:58 by HASH0x8af6a58 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...descriptive. The only IP that was included in the IFRAME was 68.178.194.64/tab.php which was then forwarding to 68.178.194.64/w/wtsin.cgi?s=z . ip-68-178-194-64.ip.secureserver.net (also responding to lmifsp.com and foxbayrental.com ) has been down as of 22 Jan 2008 18:56:38 GMT, but apparantly it was also used in several other malware...
 
Tags: malware, attack, malware attack, media malware gang, redirector script, script, alive iframes, royal netherlands embassy, alive
 
 
 
 
Expand article

Inside a Botnet's Phishing Activities

The Article has images
2008-02-25 09:34:49 by HASH0x8b44f48 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...descriptive nature, just like the ones I've discussed before, is to be used in phishing attacks in order to visually social engineer the receipts. And as you can see in the attached graphs, the IPs resolving to the domains are the typical home based infected end users, who would from a theoretical perspective be sending phishing emails to...
 
Tags: net, botnet, bkdr agent, agent, microsoft, hosts phone, domains, hosts, ecosystem
 
 
 
 
Expand article

Logs: Parsing, Tokenizing or Extracting?

2008-03-11 01:54:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
...descriptive header, sequential names and values [yuck!], XML, etc) to obtain a semblance of structured data (not just a flow of text logs) from logs without any human involvement But is that an endgame, that "holy grail" of log analysis or yet another step towards it? First, bad logs break it (e.g. with space in names or values with spaces...
 
Tags: logs, log analyst, log, convert logs, log management, diverse log sources, text logs, log analysis, bad logs
 
 
 
 
Expand article

Loads.cc's DDoS for Hire Service

The Article has images
2008-03-11 21:35:53 by HASH0x8b581c0 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...descriptive one, which basically says " given up on ddos-ing ", and a featured ad in between loads.cc's old interface is pitching the new service - contextual advertising consultations, as you can see in the attached screenshot. Apparently, a little more in-depth research acts as public pressure, especially when they're lazy enough to have a...
 
Tags: ddos, service, malware, services, hire services, web based malware, undercover ddos, loads, country
 
 
 
 
Expand article

Embedded Malware at Bloggies Awards Site

The Article has images
2008-03-12 18:36:48 by HASH0x8b6b2fc in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...descriptive IcePack host, the IP also responds to the following domains bigsavingpharmacy.com infosecurestatus.com pharmacysuperdiscount.com rspectrum.name sicil.info sicil256.info superdiscountpills.com mydnsweb.net thegogosearch.com So what? Historical CYBERINT untimately improves your situational awareness. Sicil.info was the main domain...
 
Tags: malware, timely malware, event based malware, site, malware screenshot, icepack, descriptive icepack host, info, bloggies
 
 
 
 
Expand article

Malware and Exploits Serving Girls

The Article has images
2008-04-15 08:14:56 by HASH0x8b3471c in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
Descriptive domains such as beautiful-and-lonely-girl dot com, amateur homepage looking sites, a modest photo archive of different girls, apparently amateur malware spreaders think that spamming these links to as many people as possible would entice them into visting the sites, thus infecting themselves with malware It all started with Lonely...
 
Tags: malware, lonely, lonely polina, girls, natural rbn connection, polina, voena, popular photo, php
 
 
 
 
Expand article

China's CERT Annual Security Report - 2007

The Article has images
2008-04-21 02:34:07 by HASH0x8b2001c in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...descriptive enough to point to TibetIsAPartOFChina.com CommonDocuments%My MusicMy PlaylistsWWW.cgjSFGrz TibetIsAPartOFChina.COM CommonDocuments%My MusicWWW.bimStzno TibetIsAPartOFChina.COM CommonDocuments%My VideosWWW.kUJs TibetIsAPartOFChina.COM CommonPrograms%AccessoriesAccessibilityWWW.RSulr TibetIsAPartOFChina.COM ...
 
Tags: china, internet infrastructure, chinese internet infrastructure, chinese, zombie network flow, zombie network, interestingly chinese, infrastructure, chinese underground economy