SEARCH RESULTS
 
Showing 1-10 of 28 records
 
Expand article

DNS redirection hits home

2008-06-18 08:00:56 by Editor in Adventures in Security
 
DNS cache poisoning and redirection problems have been around for some time. However, most, if not all, ISPs and other DNS server providers have followed best practices to harden their domain name to IP address translation services. So, looking for a softer, more productive target (less cost when compared to return), cybercriminals are turning...
 
Tags: redirection, soho dns redirection, dns server providers, address translation services, dns cache, productive target, cost, softer, isps
 
 
 
 
Expand article

Blackhat SEO Redirects to Malware and Rogue Software

The Article has images
2008-06-05 07:59:47 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...redirection to a multitude of sites serving rogue codecs (Zlob malware variants) and fake security software phoning back to UkrTeleGroup Ltd's network - could it get even more interesting? Of course, as the current state of Zlob malware serving tactics can be seperated in two distinct groups, those abusing the "sort of" zero day Flash exploit...
 
Tags: sites, profile sites, multimedia sites, codec sites, zlob variants, zlob, zlob malware variants, rogue codec sites, domains
 
 
 
 
Expand article

Twisty little passages, all alike

2008-05-18 19:29:56 by Richard Clayton in Light Blue Touchpaper
 
...redirections (a scan of my notes is here ), but having thought about this for a while, I asked for it to be explained to me again later on, and it turned out that I had previously been misled, and that there were in fact three redirections ( heres my notes of this part of the meeting It now turns out, following my further emails with Phorm,...
 
Tags: cookie, phorm identifier cookie, identifier, phorm identifier, phorm, phorm fools, phorm unique identifier, phorm system redirects, phorm system breaks
 
 
 
 
Expand article

More High Profile Sites IFRAME Injected

The Article has images
2008-03-12 09:49:36 by HASH0x8b74b5c in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...redirection points to the campaigns hardcoded within the secondary redirection point, in this case radt.info where a new malware variant of Zlob is attempting to install though an ActiveX object. These are the high profile sites targeted by the same group within the past 48 hours, with number of locally cached and IFRAME injected pages within...
 
Tags: info, info txmwxb, info kbsxet, info bhrsaa, info sezejc, info cgjttz, info wmtwes, info cqqxkh, info qwhhxq
 
 
 
 
Expand article

PR Storm - Mass iFRAME Injectable Attacks

The Article has images
2008-03-17 17:54:21 by HASH0x8b5dc70 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...redirection, and obtained a sampled result of where are the domains actually leading to, should have had the effect it's supposed to - raise awareness and put responsible pressure on the people involved in taking care of making sure no one can submit executable commands that will later on get cached, and load, such as iFRAMES in this case....
 
Tags: massive iframe attack, iframe attack, attack, attack vector, attack tactics, domains, malicious domains, malicious, sites
 
 
 
 
Expand article

Massive IFRAME SEO Poisoning Attack Continuing

The Article has images
2008-03-27 21:12:29 by HASH0x8b4fa7c in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...redirection points to the newly introduced rogue software and malware, remain the same, and are still active. The very latest high profile sites successfully injected with IFRAMES forwarding to the rogue security software and Zlob malware variants USAToday.com , ABCNews.com , News.com , Target.com , Packard Bell.com , Walmart.com ,...
 
Tags: massive, single massive seo, profile sites, profile sites iframe, attack, seo, malware, malware attack, massive blackhat seo
 
 
 
 
Expand article

Malicious Doorways Redirecting to Malware

The Article has images
2008-06-16 03:51:11 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...redirection script isn't hashing my IP like the majority of well configured ones requiring the use of multiple IPs if we're to expose all the campaigns, it makes the investigation easier tubeuniverses.com/teen/index.php?id=1883 - (78.108.177.99 new-content-s2008.com/freemovie/938/0/ - (72.21.53.218 teens.0bucksforpornmovie.com/?id=4199 -...
 
Tags: malicious, doorways, malicious doorways, malicious content, single sentence, single, single malicious domain, doorway, malicious doorway
 
 
 
 
Expand article

Fake Celebrity Video Sites Serving Malware

The Article has images
2008-06-20 06:58:44 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...redirections put in place to make it harder to get to the bottom of it What's important to keep in mind when assessing and shutting down such comprehensive campaigns is that on the majority of occassions the front end domains as well as the secondary ones are all attempting to download the codecs from hardcoded locations. Consequently, you...
 
Tags: malware, blackhat seo-ers, blackhat seo, net, malware authors, malware authors efficiency, blackhat seo operation, info, blackhat
 
 
 
 
Expand article

Monetizing Compromised Web Sites

The Article has images
2008-07-14 03:26:24 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...redirection to a fake porn sites, Camara Municipal de Amparo ( camaraamparo.sp.gov.br/r.html ). Basically, it's homepage is heavily linking to the Zlob variant ( camaraamparo.sp.gov.br/ video.exe ) in between loading an IFRAME to 61.162.230.12/ index.php . As always, upon uploading their redirector, they've build enough confidence into their...
 
Tags: sites, rogue sites, web, net, web site defacers, site, fake porn sites, profile site, redirector