SEARCH RESULTS
 
Showing 1-10 of 21 records
 
Expand article

Virus Center: Trojan comes as codec, brings in many malware

2007-12-24 14:49:14 by Editor in Help Net Security - News
 
It may come in an email asking you to check out a movie file. Or it may seek to push its way to your computer from malicious websites. In both cases a codec will be offered in the guise of helping y
 
Tags: codec, movie file, malicious websites, guise, email, push, check, computer, seek
 
 
 
 
Expand article

Fake Porn Sites Serving Malware - Part Two

The Article has images
2008-07-08 03:24:00 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...codecs and even more actionable intelligence into the nature of their practices, and which are the ISPs proving them with hosting services for several consecutive years The main redirector in this campaign popular-adult.com is also responding to basic-adult .com business-adult .com center-adult .com comp-adult .com compadult .com...
 
Tags: net, malware, porn-party, porn-contact, fake porn sites, porn-play, porn-plus, porndrive, pornhelp
 
 
 
 
Expand article

Blackhat SEO Redirects to Malware and Rogue Software

The Article has images
2008-06-05 07:59:47 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...codecs (Zlob malware variants) and fake security software phoning back to UkrTeleGroup Ltd's network - could it get even more interesting? Of course, as the current state of Zlob malware serving tactics can be seperated in two distinct groups, those abusing the "sort of" zero day Flash exploit , as the currently active SQL injection attacks...
 
Tags: sites, profile sites, multimedia sites, codec sites, zlob variants, zlob, zlob malware variants, rogue codec sites, domains
 
 
 
 
Expand article

More High Profile Sites IFRAME Injected

The Article has images
2008-03-12 09:49:36 by HASH0x8b74b5c in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...codec. And the samples redirects upon visiting these as follows seivomerutam.info/Free-Paris-Hilton-Nude-Pics seivomerutam.info/spam all of which ultimately redirect to porn-popular.com (64.28.185.78) where the Zlob variant in the face of a fake codec, is downloaded from democodec.com/download/ democodec1292.exe (64.28.184.168) via an...
 
Tags: info, info txmwxb, info kbsxet, info bhrsaa, info sezejc, info cgjttz, info wmtwes, info cqqxkh, info qwhhxq
 
 
 
 
Expand article

Fake Porn Sites Serving Malware - Part Three

The Article has images
2008-08-26 09:02:26 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...codec's download location handmadeclips .com , where the codec is downloaded from fwlprocedure .com . Behind these domains, we can easily expose many other fake porn sites and pharmaceutical scams, next to a small portfolio of domains specifically used for hosting the binaries. Due to the obvious rotation I've encountered several times so...
 
Tags: fake porn sites, net, info, codec, malware, php, sample codec, locations, fake porn site
 
 
 
 
Expand article

More CNET Sites Under IFRAME Attack

The Article has images
2008-03-06 10:50:57 by HASH0x8b1424c in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...codec MediaTubeCodec.exe , hosted and distributed under two new domains Which sites are currently targeted ZDNet Asia - currently has 51,900 injected pages TV.com - 49,600 locally hosted IFRAME injected pages News.com - 167 locally hosted pages, injection is ongoing MySimon.com - currently 4 pages, the campaign is ongoing Which domains and...
 
Tags: iframe, cnet sites, sites, iframe-ed pages, pages, cnet, iframe redirects, iframe campaign, campaign
 
 
 
 
Expand article

Malicious Doorways Redirecting to Malware

The Article has images
2008-06-16 03:51:11 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...codecs that all the bogus adult sites require. The doorway is misconfigured in the sense of not recording the IP and checking the cookie set, in comparrision to every average web malware exploitation kit out there, which will not serve anything malicious when accessed for a second time since it's hashing the IPs that accessed it already. This...
 
Tags: malicious, doorways, malicious doorways, malicious content, single sentence, single, single malicious domain, doorway, malicious doorway
 
 
 
 
Expand article

ZDNet Asia and TorrentReactor IFRAME-ed

The Article has images
2008-03-04 09:15:20 by HASH0x8b3f7c8 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...codec20.com (195.93.218.43 Once the junkware inventory is empty, all pages redirect to requestedlinks.com (216.255.185.82). Let's take a peek at the codec Scanner results : 11% Scanner (4/36) found malware! File Size : 85008 byte MD5 : 6b325c53987c488c89636670a25d5664 SHA1 : c6aeeafffe10e70973a45e5b6af97304ca20b3bd Fortinet - Suspicious...
 
Tags: iframe, zdnet asia, pages, pages redirect, iframe-ed pages, torrentreactor, iframe-ing tactic remains, seo practices, torrentreactor seo practices
 
 
 
 
Expand article

A Portfolio of Fake Video Codecs

The Article has images
2008-03-19 17:27:56 by HASH0x8b5b564 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...codecs hosting the same Zlob variant on each and every of the domains, thereby acting as a great example of what malicious economies of scale means? But of course. As I've pointed out in a previous post, on the tactical warfare front the output of a malicious IFRAME campaign is often neglected from the perspective of lacking the two/three...
 
Tags: single zlob variant, zlob variant, zlob, zlob malware variant, net, malware, domains, huge domains portfolio, dvdaccess