Dynamoo's Blog

Malware, spam, scams and random stuff, by Conrad Longmore.

Tuesday, 15 February 2011

Scam: "North American Program Planning and Policy Academy (NAPPPA)"

NOTE: You can find out who was operating NAPPPA here Fake seminars are an unusual way of scamming money from people, but this one appears ...

Thursday, 10 February 2011

Evil network: Voejkova Nadezhda / VOEJNA-NET AS51441 (91.217.162.0/24) aka tirexhost.com

Voejkova Nadezhda, aka VOEJNA-NET and also known as tirexhost.com is a netblock allegedly based in the Ukraine, but apparently operated out ...

Monday, 7 February 2011

Evil network: Didjief LLC / DIGIEF-NET AS48709 (91.200.242.0/23)

Didjief LLC - or to give its full (and presumably fake) name "Didjief Internation Kulinari Koncept LLC" - runs a wholly maliciou...

Tuesday, 21 December 2010

uk-resum.com fake job offer

This fake job offer originated from an IP address in Latvia (84.245.203.63) and solicits replies to a domain uk-resum.com registered in Rus...

Monday, 20 December 2010

Gawker related attack from 174.132.178.37

The recent Gawker media hack is probably related to a spate of malicious activity from 174.132.178.37 , trying to log into forums, accordin...

Friday, 3 December 2010

Beware of worid-of-books.com

worid-of-books.com is a fake book download site punting malicious executables. The strange name can be explained if you substitute the lowe...

Evil network: Asociatia Family Network Connections / FAMILY-NETWORK AS49253 (95.64.110.0/23)

Asociatia Family Network Connections / FAMILY-NETWORK is a Romanian network, and their AS49253 netblock seems to have suddenly turned evil. ...

Wednesday, 1 December 2010

Evil network: Informex / INFORMEX-NET AS20564 (193.178.172.0/24)

Informex on AS20564 (193.178.172.0/24) is a Ukranian operation implicated in a lot of bad things including banking trojans. SiteVet.com f...

Friday, 26 November 2010

Dynamoo.com is 10!

Dynamoo.com is 10 years old this week! Registered way back on 24th November 2000.. there wasn't much to see back then. Some would argue ...

Slimeware sites to block

If you work in corporate IT, then you've probably had users come across sites that appear to be things like Acrobat Reader, Google Earth...

Wednesday, 24 November 2010

MarketBay.. yuk!

This post on the Sunbelt blog about apparently bogus anti-virus software rang a bell.. there was something eerily familiar about this whole...

Friday, 19 November 2010

It's 30 for a reason, part 2

This guy claims that he was doing 20mph before he demolished about 15 metres of fencing, two gateposts and one gate before hitting my house....

Monday, 8 November 2010

theciosummits.org / CIO Summits spam

theciosummits.org / CIO Summits is the same outfit as BizSummits who have a particular spamming technique that has been seen before . T...

Massive yourfreeworld.com / downlinegoldmine.com spam run

Sometimes it is difficult to tell if a spam run is a Joe Job , or if the spammer is really a moron. Over the past few hours, a massive spa...

Monday, 1 November 2010

europa-consult.com job offer scam

Another scam email in a long-running series of fake job offers, this time using the domain europa-consult.com (not to be confused with any ...

Friday, 29 October 2010

"Polden Financial" / poldenfs.co.uk spam

This following spam was sent to a complete invalid email address, most likely harvested from the web. Although I suspect that the sender pro...

Rev2Share.com spam

Following one a day from this almost identical MySuperShares.com spam, this email also appears to be trying to game a "get rich quick...

Thursday, 28 October 2010

MySuperShares.com spam

In my view, all MLM schemes are almost always scams.. and MySuperShares.com seems to be just another MLM scheme, this time selling "ad...

Evil network: Alex Gorbunov / GORBY-VPN-NET AS51303 (195.226.197.0/24)

A small but nasty netblock hosting ZeuS C&C servers and Phoenix exploit kit attacks, GORBY-VPN-NET (registered to an Alex Gorbunov) seem...

View web version

Powered by Blogger.