SEARCH RESULTS
 
Showing 1-10 of 18 records
 
Expand article

More CNET Sites Under IFRAME Attack

The Article has images
2008-03-06 10:50:57 by HASH0x8b1424c in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...DOWNLOADER.GEN Quick Heal - Suspicious - DNAScan Tries to connect to websoftcodecdriver.com ; websoftcodecdriver2.com and 77.91.227.179 , in between listening on local port 1034. The downloader tries to drop Adware.Agent.BN - " Adware.Agent.BN is an adware program that displays pop-up advertisements and adds a runkey to run at startup, and...
 
Tags: iframe, cnet sites, sites, iframe-ed pages, pages, cnet, iframe redirects, iframe campaign, campaign
 
 
 
 
Expand article

Blackhat SEO Redirects to Malware and Rogue Software

The Article has images
2008-06-05 07:59:47 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...Downloader.Win32.FraudLoad.axa; Trojan.Dldr.FraudLoad.axa File size: 60416 bytes MD5...: 14938bfe35128687e05f7f8ccbd29c7d SHA1..: cf651e959fff945c9659321e79ba2788062b721d Scanners Result: 14/32 (43.75%) Trojan-Downloader.Win32.Zlob.lps; TrojanDownloader:Win32/Zlob.IB File size: 18432 bytes MD5...: 9b3bbcd4549970a92eb1b11c46a451bb ...
 
Tags: sites, profile sites, multimedia sites, codec sites, zlob variants, zlob, zlob malware variants, rogue codec sites, domains
 
 
 
 
Expand article

'Diehard' virus variants flexing muscle

2008-01-02 00:00:00 by Ellen Messmer in Network World on Security
 
New Windows-based "downloader" malware known as Trojan-Downloader.Win32.Diehard has surged to the top of Kaspersky Lab's "Virus Top Twenty" list for December because of its "explosive propagation," the security firm said Wednesday
 
Tags: virus top twenty, top, security firm, explosive propagation, kaspersky lab, diehard, downloader, malware, win32
 
 
 
 
Expand article

Rogue RBN Software Pushed Through Blackhat SEO

The Article has images
2008-03-05 08:19:46 by HASH0x8b39d2c in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...downloader's detection rate Scanner results : 17% Scanner(6/36) found malware Time : 2008/03/05 13:57:48 (EET File Size : 47104 byte MD5 : 2102cb53606f535ca8132c3324953596 SHA1 : 0756f530e782c3d2e85a8186e052b722b017f1ea AntiVir - TR/Crypt.ULPM.Gen Fortinet - Suspicious Microsoft - Trojan:Win32/Vxidl.gen!B(Suspicious Panda - Suspicious file...
 
Tags: rbn, huge iframe campaign, iframe campaign, iframe, rbn coverage, single rbn, russian business network, campaign, antivirus
 
 
 
 
Expand article

More High Profile Sites IFRAME Injected

The Article has images
2008-03-12 09:49:36 by HASH0x8b74b5c in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...Downloader.Zlob.ZV; Trojan-Downloader.Win32.Zlob.eie; TrojanDownloader.Zlob.epx It gets even more interesting as according to Computer Associates This fake codec is actually a hijacker that will change your DNS settings whether you are aquire your IP settings through DHCP or set your IP information manually. This hijacker will attempt to...
 
Tags: info, info txmwxb, info kbsxet, info bhrsaa, info sezejc, info cgjttz, info wmtwes, info cqqxkh, info qwhhxq
 
 
 
 
Expand article

A Portfolio of Fake Video Codecs

The Article has images
2008-03-19 17:27:56 by HASH0x8b5b564 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...downloader, infrastructure courtesy of the RBN's used ATRIVO (64.28.176.0/20). Currently active domains hosting the" DVDAccess codec", namely a Zlob malware variant pornqaz.com uinsex.com qazsex.com sexwhite.net lightporn.net xeroporn.com brakeporn.net sexclean.net delfiporn.net pornfire.net redcodec.net democodec.com delficodec.com...
 
Tags: single zlob variant, zlob variant, zlob, zlob malware variant, net, malware, domains, huge domains portfolio, dvdaccess
 
 
 
 
Expand article

Compromised Web Servers Serving Fake Flash Players

The Article has images
2008-08-05 14:50:04 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...Downloader.Win32.Exchanger.hk; Troj/Cbeplay-A File size : 78848 bytes MD5 ...: c81b29a3662b6083e3590939b6793bb8 SHA1 ..: d513275c276840cb528ce11dd228eae46a74b4b4 The downloader then "phones back home" at 72.9.98.234 port 443 which is responding to the rogue security software AntiSpy Spider ( antispyspider.net AntiSpy Spider is a...
 
Tags: file, html file, html, comtopnews, detopnews, windows media player, player, web, real player exploit
 
 
 
 
Expand article

Update on the MySpace Phishing Campaign

The Article has images
2007-12-10 21:50:56 by HASH0x899feb4 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...downloader stub executable (session.exe) that is then responsible for attempting to download additional malicious components necessary for integration of new compromised hosts into a fast flux service network The fast-flux, the javascript obfuscation, and the process of serving malware still remain the same, so they're basically doing what...
 
Tags: myspace, fast-flux networks, fast-flux, attack vectors include, campaign, server, attack, exploit content results, primary infection vectors
 
 
 
 
Expand article

Massive RealPlayer Exploit Embedded Attack

The Article has images
2008-01-07 18:58:52 by HASH0x89c7e1c in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...Downloader.JS.Agent.amj File size: 2880 bytes MD5: d363ffca061ebf564340c4ac899e3573 SHA1: 1226d3d9fcc5052a623b481b48443aeb246ab5db A lot of university, and international government sites continue to be embedded with the script, and so is Computer Associates site according to this article Part of security software vendor CA's Web site...
 
Tags: exploit, realplayer exploit, uc8010 domain, domain, uc8010, exact exploit, attack uc8010, malware, malware exploitation kits