Friday, 24 October 2008

Asprox: 47mode.name, berjke.ru, 81dns.ru

There has been a shift overnight in the domains used in the Asprox SQL injection attack, the ones to look for are: 47mode.name berjke.ru 81d...
3 comments:
Thursday, 23 October 2008

MS08-067

Microsoft Security Bulletin MS08-067 – Critical: Vulnerability in Server Service Could Allow Remote Code Execution (958644) Let's make i...

"WorldPay CARD transaction Confirmation" / "Academic Resources Center Inc." trojan

This is a fake email message pretending to be from WorldPay relating to a payment to "Academic Resources Center Inc". There's ...
7 comments:
Wednesday, 22 October 2008

"Better Business Bureaus Account Support" trojan

We have seen quite a lot of variants of this particular trojan recently, mostly aimed at banks. This one passes itself off as a some sort of...
Tuesday, 21 October 2008

6700.cn browser hijack (bad), SUPERAntiSpyware (good)

I've just spent several days investigating a machine with a particularly nasty rootkit infection. Despite throwing several tools at it a...

"Data request" trojan

Another EXE-in-ZIP-disguised-as-a-DOC trojan, similar to this one . Subject: Data request From: "Billy Roark" Please f...
Monday, 20 October 2008

"Report Jan-Oct." trojan

This fake email contains an EXE in a ZIP designed to look like a Word document (complete with authentic looking icon), in this case "St...
Thursday, 16 October 2008

"LV Electronics Inc." job offer scam

There are plenty of legitimate companies called "LV Electronics", but this job offer is not from one of them. In this case, the or...

Fake job offer: ias-jobs.org

One of a series of fake job offers that are doing the rounds, this time promoting a company called IAG ("Internet Auction Service"...

Asprox: lang42.ru

Another Asprox SQL injection domain to block / check for is lang42.ru . The following domains have been active in the past 24 hours: 53refer...
Wednesday, 15 October 2008

Asprox: new domains

After being stable for some time, the Asprox SQL injection hacks are now redirecting through a new bunch of .ru domains. 30area.ru 4log-in.r...
Tuesday, 14 October 2008

What the heck is Win32/Puloagem.B?

I've had a few CA-Vet alerts for Win32/Puloagem.B recently, with pretty sparse information on what Puloagem actually is. If you're b...

"Habitats Property and Service Inc." fake employement offer

Another bogus employment offer, this time from "Habitats Property and Service Inc", but there appears to be no such firm.. althoug...
Friday, 10 October 2008

FTC: Bank Failures, Mergers and Takeovers: A "Phish-erman's Special"

A timely warning from the FTC on the threat of criminals using the worldwide financial crisis to obtain banking details.. although as seen ...
Thursday, 9 October 2008

securityassurance@microsoft.com - "Security Update for OS Microsoft Windows"

A malicious EXE file is doing the rounds, pretending to be an update from Microsoft and including some social engineering such as a fake PGP...

Citigroup/Wachovia "Security Certificates" trojan

These fake "security certificates" have been around for a while, but it has taken a little time for the Bad Guys to leverage the r...

Fake "VM-Soft" job offer

VM-SOFT ( www.vm-soft.com.ua ) is a wholly legitimate Ukranian software developer, whose corporate identity is being used by a third party...

Dating scams, onlineflh.com and 79.135.167.*

I have covered this particular group of dating scam sites before , but this time there's a slight shift in the way that it works. In thi...
Monday, 6 October 2008

Asprox: deryv.ru still active

The Asprox botnet is still active but has been remarkable stable with no new domains in the past week, and 88% of the traffic going to deryv...
Monday, 29 September 2008

Nokia's first touchscreen phone....?

There are plenty of rumours that Nokia will announce their "first" touchscreen phone sometime this week.. except that it won't...