SEARCH RESULTS
 
Showing 1-10 of 21 records
 
Expand article

209.1 Host Locked

The Article has images
2007-12-18 17:56:28 by HASH0x8713b3c in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
I've been playing a cat and mouse game with the folks behind several different phishing campaigns using the Rock Phish kit for a while now, in between tracking down the New Media Malware Gang and several other related malware campaigns. The Rock Phishers seem to keep track of this, and periodically change the default error message returned on a...
 
Tags: rock phish kit, rock phish, aspx, malware campaigns, malware, rock phish domain, banker malware, campaigns, host
 
 
 
 
Expand article

Stolen laptops affect 337,000 Davidson County voters

The Article has images
2007-12-29 11:30:26 by Evan Francen in The Breach Blog
Technorati Tag: Security Breach Date Reported 12/28/07 Organization Davidson County Election Commission Davidson County, Tennessee has an estimated population of 607,413. The county seat is Nashville Contractor/Consultant/Branch None Victims Registered Davidson County voters Number Affected 337,000 Types of Data Names, Social Security...
 
Tags: voters, davidson county voters, davidson county, tennessee voters, information technology department, information, voters monitor, sensitive personal information, confidential information
 
 
 
 
Expand article

66.1 Host Locked

The Article has images
2007-11-28 16:13:28 by HASH0x89e99bc in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
Having found a static pattern for identifying a Rock Phish domain a couple of months ago in the form of the bogus " 209 Host Locked " message, the Rock Phishers seems to have picked up the finding and changed the default domain message to "66.1 Host Locked" as of recently. Here are the very latest Rock Phish domains using this ...
 
Tags: email, email service provider, email service, provider, responsibility, brand, internet service provider, default domain message, senders isp
 
 
 
 
Expand article

Crimeware in the Middle - Zeus

The Article has images
2008-04-24 04:37:46 by HASH0x8ae4648 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
Virtual greed, or response rate optimization? The idea of converging phishing emails with embedded exploits and banking malware is nothing new, in fact phishers realizing that combining attack approaches can increase the chance of achieving their objective which in this case is either logging the authentication process or hijacking it, often...
 
Tags: zeus, file, remote file, zeus trojan, binary file, file system32 drivers, kit, metaphisher kit, configuration file
 
 
 
 
Expand article

How effective is the wisdom of crowds as a security mechanism?

2007-12-21 15:26:10 by Tyler Moore in Light Blue Touchpaper
 
Over the past year, Richard Clayton and I have been tracking phishing websites . For this work, we are indebted to PhishTank , a website where dedicated volunteers submit URLs from suspected phishing websites and vote on whether the submissions are valid. The idea behind PhishTank is to bring together the expertise and enthusiasm of people...
 
Tags: phishtank, phishtank compare, leaves phishtank, users, phishtanks users, vote maliciously, vote, active users, urls
 
 
 
 
Expand article

Cached Malware Embedded Sites

The Article has images
2007-12-16 18:18:26 by HASH0x8a09e44 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
Google, with its almost real-time crawling capabilities, has rarely proved useful while researching malware embedded sites who were cleaned before they could be analyzed, mainly popular sites who get crawled several times daily. However, Yahoo's and MSN's search engines, with MSN providing Archive.org type of historical crawling content, have...
 
Tags: sites, sites wrongly, web sites, malware, malicious site, site, single site offers, sites notification services, popular sites
 
 
 
 
Expand article

A Diverse Portfolio of Fake Security Software

The Article has images
2007-12-07 15:16:07 by HASH0x89688e0 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
The recently exposed RBN's fake security software was literally just the tip of the iceberg in this ongoing practice of distributing spyware and malware under the shadow of software that's positioned as anti-spyware and anti-malware one . The domain farm of fake security software which I'll assess in this post is worth discussing due to the size...
 
Tags: domains portfolio, domains, portfolio, sample domains portfolio, fake security software, software, onerateld, content, exe
 
 
 
 
Expand article

Rogue RBN Software Pushed Through Blackhat SEO

The Article has images
2008-03-05 08:19:46 by HASH0x8b39d2c in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
On numerous occasions in the past, I emphasized on the malicious attacker Keep it Simple Stupid (KISS) approach for anything starting from Rock Phishing, to maintaining a huge live exploits domains portfolio hosted on a single IP. This is yet another example of the KISS strategy uncovering another huge IFRAME campaign, again taking advantage of...
 
Tags: rbn, huge iframe campaign, iframe campaign, iframe, rbn coverage, single rbn, russian business network, campaign, antivirus
 
 
 
 
Expand article

PR Storm - Mass iFRAME Injectable Attacks

The Article has images
2008-03-17 17:54:21 by HASH0x8b5dc70 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
Here's some recent media coverage regarding the SEO poisoning attack through exploiting the ABC of web application security , namely input validation, a good example of tactical warfare combing two different attack tactics, blackhat SEO for traffic acquisition and abusing input validation for injecting iFRAMES, and abusing the sites' search...
 
Tags: massive iframe attack, iframe attack, attack, attack vector, attack tactics, domains, malicious domains, malicious, sites