SEARCH RESULTS
 
Showing 1-10 of 12 records
 
Expand article

More High Profile Sites IFRAME Injected

The Article has images
2008-03-12 09:49:36 by HASH0x8b74b5c in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...Zlob is attempting to install though an ActiveX object. These are the high profile sites targeted by the same group within the past 48 hours, with number of locally cached and IFRAME injected pages within their search engines NCSU Libraries - lib.ncsu.edu - 372,000 pages FullDownloads.us - fulldownloads.us - 13,000 pages Central Statistics...
 
Tags: info, info txmwxb, info kbsxet, info bhrsaa, info sezejc, info cgjttz, info wmtwes, info cqqxkh, info qwhhxq
 
 
 
 
Expand article

A Portfolio of Fake Video Codecs

The Article has images
2008-03-19 17:27:56 by HASH0x8b5b564 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...Zlob variant on each and every of the domains, thereby acting as a great example of what malicious economies of scale means? But of course. As I've pointed out in a previous post, on the tactical warfare front the output of a malicious IFRAME campaign is often neglected from the perspective of lacking the two/three layered IFRAME-ing and...
 
Tags: single zlob variant, zlob variant, zlob, zlob malware variant, net, malware, domains, huge domains portfolio, dvdaccess
 
 
 
 
Expand article

Blackhat SEO Redirects to Malware and Rogue Software

The Article has images
2008-06-05 07:59:47 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...Zlob malware variants) and fake security software phoning back to UkrTeleGroup Ltd's network - could it get even more interesting? Of course, as the current state of Zlob malware serving tactics can be seperated in two distinct groups, those abusing the "sort of" zero day Flash exploit , as the currently active SQL injection attacks are all...
 
Tags: sites, profile sites, multimedia sites, codec sites, zlob variants, zlob, zlob malware variants, rogue codec sites, domains
 
 
 
 
Expand article

Malicious Doorways Redirecting to Malware

The Article has images
2008-06-16 03:51:11 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...Zlob variants by delivering fake codecs that all the bogus adult sites require. The doorway is misconfigured in the sense of not recording the IP and checking the cookie set, in comparrision to every average web malware exploitation kit out there, which will not serve anything malicious when accessed for a second time since it's hashing the...
 
Tags: malicious, doorways, malicious doorways, malicious content, single sentence, single, single malicious domain, doorway, malicious doorway
 
 
 
 
Expand article

Fake Porn Sites Serving Malware

The Article has images
2008-06-25 12:16:20 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...Zlob malware variants, we have a decent abuse of a template for a porn site The easy of management of such domain farms and the availability of templates for high trafficked topic segments such as celebrities and pornography, continue contributing to the increasing number of Zlob variants served through fake codecs. Moreover, once set up,...
 
Tags: net, fake porn sites, malware, about-adult, scan-porn, zlob malware variant, name-adult, useporn, porn-the
 
 
 
 
Expand article

Fake Celebrity Video Sites Serving Malware

The Article has images
2008-06-20 06:58:44 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...Zlob malware variants served as fake codecs, it's about time we spill some coffee on several campaigns in order to get a better understanding of the way the campaigns function These campaigns are also starting to get so sophisticated, that analyzing a single one will expose another massive SQL injection, reveal several blackhat SEO domain...
 
Tags: malware, blackhat seo-ers, blackhat seo, net, malware authors, malware authors efficiency, blackhat seo operation, info, blackhat
 
 
 
 
Expand article

Summarizing June's Threatscape

The Article has images
2008-07-01 07:05:01 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...Zlob variants by pitching them as fake codecs that the end user should download if they are to view the non existent adult content at the sites. Where's the OSINT mean? It's in the fact that the codecs and the fake security software phone back to UkrTeleGroup Ltd's network 04. Using Market Forces to Disrupt Botnets - With the current...
 
Tags: site, fake youtube site, web site defacements, malware, malware hosts, web site defacer, sites, vulnerable sites, malicious
 
 
 
 
Expand article

The Template-ization of Malware Serving Sites

The Article has images
2008-07-10 16:59:13 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...Zlob variants And while template-tization means more efficient malware campaigns, it also results in a common pattern for generic detection of such sites. For instance, the folks at Finjan did an experiment by verifying the signature based detection of the common javascript file that was used in the ongoing waves of SQL injection attacks....
 
Tags: malicious domains remain, malicious domains, tonsofporn activex remains, tonsofporn activex, domains, generic detection approaches, generic detection, activex, fake activex
 
 
 
 
Expand article

Monetizing Compromised Web Sites

The Article has images
2008-07-14 03:26:24 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...Zlob variant ( camaraamparo.sp.gov.br/ video.exe ) in between loading an IFRAME to 61.162.230.12/ index.php . As always, upon uploading their redirector, they've build enough confidence into their new hosting provider that the link to the redirector was instantly spammed across the web. The site is so heavily linking to the internal...
 
Tags: sites, rogue sites, web, net, web site defacers, site, fake porn sites, profile site, redirector