Dynamoo's Blog

Something evil seems to be lurking on 62.212.130.115 (Xenosite, Netherlands) - a collection of sites connected with the Blackhole exploit...

This fake USPS spam contains malware in an attachment called USPS delivery failure report.zip . Date:      Wed, 20 Feb 2013 06:40:39 +0...

Crime-friendly host Cyberbunker strikes again, this time hosting more fake pharma sites on 84.22.104.123 , being promoted through this su...

Spotted by the good folks at GFI Labs here , here and here are several Canadian domains on the same server, 74.208.148.35 (1&1, US): ...

The spammers sending this stuff out always confuse UPS with USPS, this one is not exception although on balance it is more UPS than USPS.....

67.208.74.71 (Inforelay, US) is a parking IP with several thousand IPs hosted on it. However, it also includes a large number of maliciou...

This fake wire transfer spam leads to malware on 202.72.245.146 : Date:      Fri, 15 Feb 2013 07:24:40 -0500 From:      Tasha Rosentha...

This fake IRS spam (from an office on "Cum Avenue"!) actually leads to malware on azsocseclawyer.net : Date:      Fri, 15 Feb...

A set of malware sites.. or I think two sets of malware sites that you might want to block. The .ru domains are connected with this botne...

This fake Intuit spam leads to malware on epionkalom.ru : Date:      Thu, 14 Feb 2013 09:05:48 -0500 From:      "Classmates . com...

This fake printer spam leads to malware on 202.72.245.146 : Date:      Thu, 14 Feb 2013 10:10:56 +0000 From:      AntonioShapard@hotma...

This spam leads to malware on ewinhdutik.ru : Date:      Thu, 14 Feb 2013 07:16:28 -0500 From:      "Korbin BERG" [ConnorAlme...

This fake printer spam leads to malware on eipuonam.ru : Date:      Thu, 14 Feb 2013 -02:00:50 -0800 From:      "Xanga" [nor...

Looks like a nasty infestion of Blackhole is lurking on 92.63.105.23 (TheFirst-RU, Russia) - see an example of the nastiness here (this l...

It looks a bit like a phish, but this "First Foundation Bank Secure Email Notification" spam has a ZIP file that leads to malwar...

More fake NACHA spam, this time leading to malware on eminakotpr.ru : Date:      Wed, 13 Feb 2013 05:24:26 +0530 From:      "ACH...

These malicious sites appear to be part of a Waledac botnet. I haven't had much time to analyse what exactly what it going on, but her...

This fake NACHA spam leads to malware on thedigidares.net : Date:      Wed, 13 Feb 2013 12:10:27 +0000 From:      " NACHA" ...

It looks like there's a nasty case of the Blackhole Exploit kit on 192.81.129.219 ( see example ). The IP is controlled by Linode in...

This changelog spam leads to malware on emaianem.ru : Date:      Tue, 12 Feb 2013 09:11:11 +0200 From:      LinkedIn Password [passwor...