SEARCH RESULTS
 
Showing 1-10 of 147 records
 
Expand article

Money Mule Recruiters use ASProx's Fast Fluxing Services

The Article has images
2008-07-18 06:23:49 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...fast-flux infrastructure on behalf of the Asprox botnet, that is also providing hosting services for several hundred domains used on the last wave of SQL injection attacks. Ironically, the money mule recruitment site is sharing IPs with many of them. Who are these money launderers ( cashtransfers.tk ; cashtransfers.eu; type53.eu ; sid57.tk ;...
 
Tags: fast, fast flux networks, money, fast-flux, cashtransfers, fast flux provider, fast flux spam, transfer money, fast-flux infrastructure
 
 
 
 
Expand article

Fast-Fluxing SQL Injection Attacks

The Article has images
2008-05-19 07:28:54 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...fast-fluxing the SQL injected domains . Related URLs for this campaign banner82.com dll64.com aspx88.com bank11.net cookie68.com exportpe.net Read the complete assessment - Fast-Fluxing SQL Injection Attacks Executed from the Asprox Botnet , and go through previous posts related to the botnet as well - Phishing Emails Generating Botnet...
 
Tags: sql injection attacks, botnet, sql, asprox botnet, botnet masters, asprox, malware campaign, campaign, net
 
 
 
 
Expand article

Obfuscating Fast-fluxed SQL Injected Domains

The Article has images
2008-07-17 15:31:06 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...fast-flux in the time of the SQL injection that several Chinese script kiddies were taking advantage of 6b%6b%36%2e%75%73 - kk6.us 73%61%79%38%2E%75%73 - s.see9.us 66%75%63%6B%75%75%2E%75%73 - fuckuu.us 61%2E%6B%61%34%37%2E%75%73 - a.ka47.us 61%31%38%38%2E%77%73 - a188.ws 33%2E%74%72%6F%6A%61%6E%38%2E%63%6F%6D - 3.trojan8.com...
 
Tags: sql, massive sql injections, sql injection campaign, sql injection attacks, popular sql injectors, massive sql injection, site sql, sql injection, campaign
 
 
 
 
Expand article

On-device defenses for mobile malware

2008-08-21 09:27:21 by Lisa Phifer in WhatIs: Enterprise IT tips and expert advice
 
...fast, at precisely the time when mobile users are becoming a bigger, juicier target. When the mobile malware "tipping point" is reached, will your organization be ready? Conventional Win32 malware defenses are commonly deployed on the assets they protect: PCs. Antivirus scanners, host intrusion detection programs, personal firewalls, and...
 
Tags: mobile malware, mobile malware barriers, email spam filters, mobile threats warrant, juicier target, defenses, increasingly dependent, mobile users, antivirus scanners
 
 
 
 
Expand article

Update on the MySpace Phishing Campaign

The Article has images
2007-12-10 21:50:56 by HASH0x899feb4 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...fast-flux can be greatly compared to that of Storm Worm's fast-flux networks in terms of its size. The updated campaign is also taking advantage of the following DNS servers Name Server: ns1.4980603.com Name Server: ns2.4980603.com Name Server: ns3.4980603.com Name Server: ns4.4980603.com Here's more coverage courtesy of the ISC assessing a...
 
Tags: myspace, fast-flux networks, fast-flux, attack vectors include, campaign, server, attack, exploit content results, primary infection vectors
 
 
 
 
Expand article

Asprox Phishing Campaigns Dominated in April

The Article has images
2008-05-27 06:38:48 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...fast-flux and further expose and connection between these IPs and Asprox. For instance, 62.233.145.45 , is known to have been hosting xml52.com ; www5.yahoo.american-greeting.ca.xml52.com ; yahoo.americangreeting.ca.www05.net ; bendigobank.com.au.tampost5.ws ; among the domains used in some of the previous phishing domains. The rest of the...
 
Tags: asprox, botnet, asprox botnet, previous, previous months, historical domains, ips, months, domains
 
 
 
 
Expand article

Summarizing July's Threatscape

The Article has images
2008-08-01 16:08:24 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...fast-fluxed network provided by the ASProx botnet - pretty interesting month indeed 01. Decrypting and Restoring GPcode Encrypted Files The GPcode authors read the news too, and are catching up with the major weaknesses pointed out in their previous release in order to come with a virtually unbreakable algorithm. And since more evidence of...
 
Tags: malware, profitable malware operations, malware authors, malware tools, malware coder, malware kit, malware infection, neosploit malware kit, spam
 
 
 
 
Expand article

More CNET Sites Under IFRAME Attack

The Article has images
2008-03-06 10:50:57 by HASH0x8b1424c in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...fast, appropriate credit is given , but not as fast as the IFRAME campaign targeting several more CNET Networks' web properties besides ZDNet Asia , namely, TV.com , News.com and MySimon.com which I'll assess in this post. In the time of posting this, no other CNET sites are involved in the campaign, including ZDNet's international sites such...
 
Tags: iframe, cnet sites, sites, iframe-ed pages, pages, cnet, iframe redirects, iframe campaign, campaign
 
 
 
 
Expand article

Storm Worm Hosting Pharmaceutical Scams

The Article has images
2008-05-30 14:50:06 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...fast-flux provided by already infected hosts) hosting pharmaceutical scams producemorning.com pressrose.com posestory.com picturewe st.com lowsmell.com catsharp.com printlength.com All of the domain's DNS entries are set to update every 2 minutes, meaning they every 2 minutes another 20 different and infected IPs will be hosting the...
 
Tags: storm worm, storm, storm worm malware, malware, ssl encryption, ssl, lock, key lock, key