Friday, 29 August 2008

Atrivo / Intercage

Atrivo, Inc (also known as Intercage) and their main customer, Esthost (related to Estdomains) might well be a familiar name to people worki...
Thursday, 28 August 2008

Where a link turns into a lawsuit

I've seen some daft excesses in local politics in my time, but over Sheboygan, Wisconsin, things have taken a new twist... with a lawsui...
Wednesday, 27 August 2008

"Bank of America Installation and Upgrade Warning."

The bad guys are busy today, here's another fake bank "upgrade" leading to malware, following on from this one . Subject: ...

Tilde.exe in C:\Windows\System32 folder

This isn't really about tilde.exe at all, but a file called C:\Windows\System32\~.exe that has a habit of showing up on laptops that h...
6 comments:
Tuesday, 26 August 2008

"Colonial Bank Emergency Alert System"

Emergency alert system? Nope, malware download more likely. Subject: Colonial Bank Emergency Alert System. From: "Colonial ...

Asprox: beyry.ru, iopoe.ru, jetp6.ru, nucop.ru, port04.ru and vj64.ru

There's been a slight shift in the characteristics of the current Asprox attack. The javascript called is now script.js rather than ngg...
Friday, 22 August 2008

Asprox: iopc4.ru, jetp6.ru, loopk.ru, netr2.ru and ueur3.ru

The domains used is the Asprox SQL injection attack have been stable for most of the past week, but over the last 24 hours some ne wdomains ...
Friday, 15 August 2008

Another SQL injection domain: mo98g.cn

I mentioned some days ago that there seems to be a parallel SQL injection attack to Asprox with all the hallmarks of being Chinese. Over the...

Asprox: ujnc.ru

Just a single new Asprox domain to list this morning: ujnc.ru which is still using the js.js redirector, i.e. www.ujnc.ru/js.js . All the d...
Thursday, 14 August 2008

Asprox: 3njx.ru, cb3f.ru, cnld.ru, nbh3.ru and okcd.ru

Some more Asprox domains to block or look for in your logs: 3njx.ru cb3f.ru cnld.ru nbh3.ru okcd.ru

Renewed Asprox activity: bcus2.ru, jkn3.ru, juc8.ru and locm.ru

After a quiet few days, Asprox seems to have flared up again (at about 1000 CET) with a new set of malware domains, still launching from a ...
Tuesday, 12 August 2008

All quiet on the Asprox front?

For the moment the Asprox SQL injection attacks seem to have stopped, although infected sites are still infected and need to be secured as s...
Sunday, 10 August 2008

Spammers are still stupid

Another case where a spammer is too stupid to use the spamming tool they have just bought. Subject: hey From: "hvgoxscw...
Saturday, 9 August 2008

"Hey, take a look!!" / "Yahoo Daily News"

Looks like another variant of the Storm Worm /Zapchast doing the rounds: Subject: Hey, take a look!! From: "Yahoo Daily ...

ISC: "More SQL Injections - very active right now"

The Internet Storm Center has published technical details on the Chinese-based SQL injection attack which may be of interest to SQL adminis...

Asprox: block 91.203.93.4 and js.js

A shift in behaviour from the Asprox botnet - this time all traffic from infected sites is being redirected through a fixed IP at 91.203.93....
Tuesday, 5 August 2008

Asprox domains: 5/8/08

Current Asprox domains to look for in your blogs or block. These have all been active for 3 or 4 days now, which is an unusually long time f...
Saturday, 2 August 2008

Asprox domains: 2/8/07

These are the currently active Asprox domains to check for. They are all very recently registrations. 8hcs.ru 98hs.ru bgsr.ru bywd.ru ibse.r...
Friday, 1 August 2008

Fake "Correspondence manager" job

Money mule scams are now very common - basically some poor fool ends up laundering money or reshipping goods following the instructions of ...
1 comment:

Beware of unsolicited loan offers

Loan scams are a another variant of the advanced fee fraud scam (e.g. fake lotteries, dead dictator's fortunes etc). These seem to be m...