SEARCH RESULTS
 
Showing 1-10 of 12 records
 
Expand article

Monetizing Compromised Web Sites

The Article has images
2008-07-14 03:26:24 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...redirector, they've build enough confidence into their new hosting provider that the link to the redirector was instantly spammed across the web. The site is so heavily linking to the internal redirector itself, that upon clicking on the majority of links the user will inevitably come across it Speaking of fake porn sites redirecting to Zlob...
 
Tags: sites, rogue sites, web, net, web site defacers, site, fake porn sites, profile site, redirector
 
 
 
 
Expand article

Update on the MySpace Phishing Campaign

The Article has images
2007-12-10 21:50:56 by HASH0x899feb4 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...redirector from 319303.cn/login.php to z8atr.cn/login.php , and the attached z8atr.cn's fast-flux can be greatly compared to that of Storm Worm's fast-flux networks in terms of its size. The updated campaign is also taking advantage of the following DNS servers Name Server: ns1.4980603.com Name Server: ns2.4980603.com Name Server:...
 
Tags: myspace, fast-flux networks, fast-flux, attack vectors include, campaign, server, attack, exploit content results, primary infection vectors
 
 
 
 
Expand article

The Dutch Embassy in Moscow Serving Malware

The Article has images
2008-01-28 16:07:58 by HASH0x8af6a58 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...redirector script in a traffic management script that can load several different URLs, to both, generate fake visits to certain sites that are paying for this, and a live exploit URL as it happens in between Historical preservation of actionable intelligence on who's what and what's when is a necessity. Here are for instance two far more...
 
Tags: malware, attack, malware attack, media malware gang, redirector script, script, alive iframes, royal netherlands embassy, alive
 
 
 
 
Expand article

Phishing Holes

2008-04-03 21:39:00 by sdl in The Security Development Lifecycle
 
...redirector, and were going to be proposing a requirement for the next version of the SDL that will help prevent these vulnerabilities. At the heart of this requirement is a new library weve adapted from the Windows Live Spaces team called SafeRedirect SafeRedirect is an alternative to the ASP.NET method System.Web.HttpResponse.Redirect (hence...
 
Tags: somebank, domain somebank, somebank rewrites, aspx, aspx redirects, redirect, saferedirect library, comwelcome, library
 
 
 
 
Expand article

Response Rate for an IM Malware Attack

The Article has images
2008-04-29 22:01:52 by HASH0x8ae6b08 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...redirector, for instance google.com/pagead/iclk?sa=l&ai=dhobOez&num=57486&adurl=http:// mpharm.hr/video 233.php google.com/pagead/iclk?sa=l&ai=YQdWjxe&num=81899&adurl=http:// www.1-pltnicka.sk/lib vid.ph p google.com/pagead/iclk?sa=l&ai=MKRCVFW&adurl=// bestsslscripts.com/goog/online-casino-gambling.html...
 
Tags: google, google ads, malware, response, compageadiclk, live exploit urls, binary locations, simple stupid, directly spam
 
 
 
 
Expand article

Blackhat SEO Campaign at The Millennium Challenge Corporation

The Article has images
2008-05-07 03:57:19 by HASH0x8ae4918 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...redirector is forwarding to canadiandiscountsmeds.com, and these are some of the remotely loading images ttv-bit.nl/rr/s.JPG ; ttv-bit.nl/rr/l.JPG ; ttv-bit.nl/rr/c.JPG ; ttv-bit.nl/rr/v.JPG Moreover, as in the recent massive SEO poisoning attacks, the referrer is checked, and given that the campaign URL is dedicated to mcc.gov only, only...
 
Tags: images, images ttv-bit, sites, page rank-ed sites, ttv-bit, spam pages, spam, campaign, pages
 
 
 
 
Expand article

Malicious Doorways Redirecting to Malware

The Article has images
2008-06-16 03:51:11 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...redirector - 87.118.116.11 carsfoto.ru cheapest-pharmacy.com coolsexmovies.net free-movie-xxx.net gold-collection.biz p-o-r-n-0.com p-o-r-n-0.info sexakaporn.com stred.biz stred.in tosserhost.com west-video-xxx.info wowtofree.info Shall we also expose the entire scammy ecosystem of Zlob variants, as always, sharing the same netblocks in...
 
Tags: malicious, doorways, malicious doorways, malicious content, single sentence, single, single malicious domain, doorway, malicious doorway
 
 
 
 
Expand article

Fake Celebrity Video Sites Serving Malware

The Article has images
2008-06-20 06:58:44 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...redirectors stillnaked.net funkytube.net starvid.info yetmorefun.net hotnudity.net alreadynude.com celebvids.info sexystar.name hotserved.net thestars2008.com nudde.net gottabigfuick.com moviecity.se gossip-starz.com tmz-video.com js0.info superfakamyvideo.com hdavidz.com blog-x.in tmz-video.com newhotpeople.com dirty-gossips.com...
 
Tags: malware, blackhat seo-ers, blackhat seo, net, malware authors, malware authors efficiency, blackhat seo operation, info, blackhat
 
 
 
 
Expand article

Fake Porn Sites Serving Malware

The Article has images
2008-06-25 12:16:20 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...redirector that appears to have been operating since 2006 , according to this forum posting What follows on-the-fly, are all the fake porn sites whose legitimately looking videos attempt to download a Zlob malware variant from a single location - vipcodec.net . Here are all the fake porn sites, and the associated campaigns in this...
 
Tags: net, fake porn sites, malware, about-adult, scan-porn, zlob malware variant, name-adult, useporn, porn-the