SEARCH RESULTS
 
Showing 1-10 of 11 records
 
Expand article

Phishing Emails Generating Botnet Scaling

The Article has images
2008-04-18 14:57:30 by HASH0x8aef3f0 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...ns2.ns3.id759.com ns3.ns1.id759.com ns1.ns2.ns1.ns4.ns2.ns3.id759.com ns1.ns2.ns3.id759.com ns1.ns2.ns4.id759.com ns1.ns4.ns4.ns2.ns3.id759.com ns2.id759.com ns2.ns1.ns2.ns3.id759.com ns2.ns1.ns2.ns4.id759.com ns3.ns2.ns1.ns2.ns3.id759.com ns4.ns1.ns1.ns2.ns3.id759.com Yet another internal nameservers ecosystem within the botnet ...
 
Tags: bank, bank digital, ns1, bank bankline, ns2, bank internet, malware, malware variants signal, botnet
 
 
 
 
Expand article

Storm Worm's Lazy Summer Campaigns

The Article has images
2008-07-31 06:39:35 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...NS2.BRPRBGOK6 .COM NS3.BRPRBGOK6 .COM NS4.BRPRBGOK6 .COM NS5.BRPRBGOK6 .COM NS6.BRPRBGOK6 .COM Strangely, the domain has been registered using an email hosted on a known Storm fast-flux node used in the recent 4th of July campaign and the U.S's invasion of Iran Administrative Contact Lee Chung lee@likethisone1.com 13205897845 fax 1743, 34...
 
Tags: storm, campaign, storm worm campaign, storm nameservers, storm worm sample, storm fast-flux node, brprbgok6, usual social, lee chung leelikethisone1
 
 
 
 
Expand article

A Diverse Portfolio of Fake Security Software

The Article has images
2007-12-07 15:16:07 by HASH0x89688e0 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...ns2.bestsellerantivirus.com ns3.bestsellerantivirus.com ns4.bestsellerantivirus.com ns1.onerateld.com ns2.onerateld.com Main portfolio domain farm IPs 87.117.252.11 85.12.60.22 85.12.60.11 85.12.60.30 Laziness on behalf of the malicious parties in this campaign, leads to better detection rate, thus, they didn't hedge the risks of having...
 
Tags: domains portfolio, domains, portfolio, sample domains portfolio, fake security software, software, onerateld, content, exe
 
 
 
 
Expand article

All You Need is Storm Worm's Love

The Article has images
2008-05-20 07:46:40 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...ns2.orthelike.com ns3.orthelike.com ns4.orthelike.com ns.likenewvideos.com ns2.likenewvideos.com ns3.likenewvideos.com ns4.likenewvideos.com Storm Worm related domains which are now down centerprop.cn apartment-mall.cn stateandfed.cn phillipsdminc.cn apartment-mall.cn biggetonething.cn gasperoblue.cn giftapplys.cn gribontruck.cn...
 
Tags: storm worm, storm worm malware, malware, likenewvideos, campaign, valentine campaign, orthelike, domains, sql injection
 
 
 
 
Expand article

Spreading Malware Around the Christmas Tree

The Article has images
2007-12-24 18:33:57 by HASH0x896b164 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...NS2.MERRYCHRISTMASDUDE.COM Name Server: NS5.MERRYCHRISTMASDUDE.COM Name Server: NS7.MERRYCHRISTMASDUDE.COM Name Server: NS8.MERRYCHRISTMASDUDE.COM Name Server: NS12.MERRYCHRISTMASDUDE.COM The domain also has an embedded IFRAME pointing to merrychristmasdude.com/cgi-bin/in.cgi?p=100 where two javascipt obfuscations, courtesy of the Neosploit...
 
Tags: contact, contact postal code, technical contact, server, contact organization, contact city, contact country, contact street1, contact phone
 
 
 
 
Expand article

Update on the MySpace Phishing Campaign

The Article has images
2007-12-10 21:50:56 by HASH0x899feb4 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...ns2.4980603.com Name Server: ns3.4980603.com Name Server: ns4.4980603.com Here's more coverage courtesy of the ISC assessing a previous state of the campaign in the form of different domain names used Two primary infection vectors have been observed providing us with unique insight into the life cycle involved in propagating a fast flux...
 
Tags: myspace, fast-flux networks, fast-flux, attack vectors include, campaign, server, attack, exploit content results, primary infection vectors
 
 
 
 
Expand article

The Continuing .Gov Blackhat SEO Campaign - Part Two

The Article has images
2008-02-25 08:42:20 by HASH0x8b54014 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...ns2.viagrabestprice.info officialmedicines.us pharm-shop.net thecanadianpharmacymeds.com viagrabestprice.info viagraforlove.com xdrugpill.com This is perhaps the perfect moment to clarify that the appropriate people responsible for auditing and securing these hosts, are already doing their forensics job and are coming up with more data, on...
 
Tags: seo content, invisible seo content, pages, seo pages, content, military affairs, homecare, gov, national homecare council
 
 
 
 
Expand article

Massive IFRAME SEO Poisoning Attack Continuing

The Article has images
2008-03-27 21:12:29 by HASH0x8b4fa7c in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...NS2.LAYEREDTECH.COM Comment: abuse@layeredtech.com 195.225.178.21 route: 195.225.176.0/22 descr: NETCATHOST (full block mnt-routes: WZNET-MNT mnt-routes: NETCATHOST-MNT origin: AS31159 notify: vs@netcathost.com remarks: Abuse contacts: abuse@netcathost.com 89.149.243.201 inetnum: 89.149.241.0 - 89.149.244.255 netname: NETDIRECT-NET...
 
Tags: massive, single massive seo, profile sites, profile sites iframe, attack, seo, malware, malware attack, massive blackhat seo
 
 
 
 
Expand article

Money Mule Recruiters use ASProx's Fast Fluxing Services

The Article has images
2008-07-18 06:23:49 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...ns2.cashtransfers.tk ns13.cashtransfers.tk ns3.cashtransfers.tk ns14.cashtransfers.tk ns4.cashtransfers.tk ns15.cashtransfers.tk ns5.cashtransfers.tk ns16.cashtransfers.tk ns6.cashtransfers.tk ns17.cashtransfers.tk ns7.cashtransfers.tk ns8.cashtransfers.tk With the distributed and dynamic hosting infrastructure courtesy of the malware...
 
Tags: fast, fast flux networks, money, fast-flux, cashtransfers, fast flux provider, fast flux spam, transfer money, fast-flux infrastructure