SEARCH RESULTS
 
Showing 1-10 of 33 records
 
Expand article

Rogue RBN Software Pushed Through Blackhat SEO

The Article has images
2008-03-05 08:19:46 by HASH0x8b39d2c in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...rogue XP AntiVirus are relying on a much more diverse set of domains loading the IFRAME. One factor remains the same, both campaigns continue pushing the rogue XP AntiVirus. XP AntiVirus's pitch, note the downloads success rate mentioned and how they forgot to change the template used in the campaign by putting the rogue's name XP antivirus...
 
Tags: rbn, huge iframe campaign, iframe campaign, iframe, rbn coverage, single rbn, russian business network, campaign, antivirus
 
 
 
 
Expand article

Windows stalked by rogue packets?

2008-02-28 00:00:00 by Jason Meserve in Network World on Security
 
...rogue" packets and that any 'Net connected PC could be affected. Sounds scary, but I am sure it's just another day in the Redmond Patch Department. One thing that does scare me, given my "Out of office" message is on this week, is a story about how spammers are using such auto-reply messages as means to relay Spam. Hopefully, I am not...
 
Tags: redmond patch department, windows, packets, security team, rogue, sounds scary, relay spam, auto-reply messages, story
 
 
 
 
Expand article

What are the best methods for handling rogue access points?

2008-05-08 13:49:02 by Michael Gregg in WhatIs: Enterprise IT tips and expert advice
 
Our network security expert, Michael Gregg, explains how to enforce network policy and handle rogue access points (APs) in this expert response
 
Tags: handle rogue access, network security expert, enforce network policy, michael gregg, expert response, aps, explains
 
 
 
 
Expand article

More CNET Sites Under IFRAME Attack

The Article has images
2008-03-06 10:50:57 by HASH0x8b1424c in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...rogue XP AntiVirus , the rogue Spyshredderscanner, as well as another fake codec MediaTubeCodec.exe , hosted and distributed under two new domains Which sites are currently targeted ZDNet Asia - currently has 51,900 injected pages TV.com - 49,600 locally hosted IFRAME injected pages News.com - 167 locally hosted pages, injection is ongoing...
 
Tags: iframe, cnet sites, sites, iframe-ed pages, pages, cnet, iframe redirects, iframe campaign, campaign
 
 
 
 
Expand article

Massive IFRAME SEO Poisoning Attack Continuing

The Article has images
2008-03-27 21:12:29 by HASH0x8b4fa7c in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...rogue software and malware, remain the same, and are still active. The very latest high profile sites successfully injected with IFRAMES forwarding to the rogue security software and Zlob malware variants USAToday.com , ABCNews.com , News.com , Target.com , Packard Bell.com , Walmart.com , Rediff.com , MiamiHerald.com , Bloomingdales.com ,...
 
Tags: massive, single massive seo, profile sites, profile sites iframe, attack, seo, malware, malware attack, massive blackhat seo
 
 
 
 
Expand article

Got Your XPShield up and Running?

The Article has images
2008-05-15 14:44:12 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...rogue security application XP Shield is the latest addition to the never ending list, with the following domains participating in the campaign xp-shield.com xpshield.com xpantiviruspro.com xpantivirussecurity.com xponlinescanner.com xpprotectionsoftware.com xpantivirussite.com antivi rus2008x.com securityscannersite.com...
 
Tags: sql, sql injections campaigns, scanners result, massive iframe, rogue security application, zlob malware variants, iframe, fake security software, video codecs
 
 
 
 
Expand article

Malicious Advertising (Malvertising) Increasing

The Article has images
2008-02-20 22:33:33 by HASH0x8b2be50 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...rogue ads attacks 01. quinquecahue.com (190.15.64.190 quinquecahue.com/swf/gnida.swf?campaign=tautonymus quinquecahue.com/swf/gnida.swf?campaign=atliverish quinquecahue.com/statsg.php?campaign=meatrichia quinquecahue.com/swf/gnida.swf?campaign=atticismus 02. akamahi.net (190.15.64.185 akamahi.net/swf/gnida.swf?cam...
 
Tags: swf, comswfgnida, php, newbieadguide, comstatsg, adtraff, active domains, domains, traffalo
 
 
 
 
Expand article

Three Capabilities, Three Companies

The Article has images
2008-02-16 02:57:00 by Richard Bejtlich in TaoSecurity
...rogue processes, and then 1) retrieve those processes in binary form for static and dynamic analysis on a test box and/or 2) attach a debugger to the rogue process to learn more about it in the wild. The first case is helpful to determine how malware could be used and how it is like to communicate with the outside world. The second case could...
 
Tags: hbgary responder product, responder, product, responder product, capabilities, hbgary, response, conduct live response, conduct incident response
 
 
 
 
Expand article

More High Profile Sites IFRAME Injected

The Article has images
2008-03-12 09:49:36 by HASH0x8b74b5c in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...rogue DNS servers. Please change your DNS server to the DNS server provided by your IP or Network Administrator What this means is that known Russian Business Network netblocks are receiving all the re-routed DNS queries from infected hosts, thereby setting up the foundations for a large scale pharming attack by infecting the weakest link,...
 
Tags: info, info txmwxb, info kbsxet, info bhrsaa, info sezejc, info cgjttz, info wmtwes, info cqqxkh, info qwhhxq