Dynamoo's Blog

This fake LinkedIn spam leads to malware on applockrapidfire.biz : From: David O'Connor - LinkedIn [mailto:kissp@gartenplandesign.d...

Much of the part of the UK I live in is currently either a) foggy or b) very foggy. Freezing rain has turned the roads to ice and visibili...

 This fake ADP spam leads to malware on the jollily-named picturesofdeath.net : From: ADP Chesapeake Package Delivery Confirmation [mai...

These seem to be the currently active IPs and domains being used by the RU:8080 gang. Of these the domain gilaogbaos.ru seems to be very ...

Seriously.. when does it stop being a phone? This Galaxy S4 thing has a 5" HD display, a processor with up to eight cores , and it e...

It looks like Brian Krebs got a visit from a SWAT team today, after having his site DDOSed and served with a fake takedown notice, poss...

This fake LinkedIn spam leads to malware on teenlocal.net : From: messages-noreply@bounce.linkedin.com [mailto:messages-noreply@bounce....

This eFax-themed spam leads to malware on gimiinfinfal.ru : Date:      Thu, 14 Mar 2013 07:39:23 +0300 From:      SarahPoncio@mail.com ...

This spam leads to malware on giimiiifo.ru : Date:      Wed, 13 Mar 2013 06:49:25 +0100 From:      LinkedIn Email Confirmation [emailco...

A fairly bizarre spam leading to malware on giminaaaao.ru: From: IESHA WILLEY [mailto:AtticusRambo@tui-infotec.com] Sent: 13 March 2013...

These domains and IPs seem to be active as Zbot C&C servers. The obsolete .su (Soviet Union) domain is usually a tell-tale sign of.. ...

This spam leads to malware on giminkfjol.ru: From: user@victimdomain.com Sent: 12 March 2013 04:19 Subject: Re: End of Aug. Stat. Requi...

Another wire transfer spam, this time leading to malware on giminanvok.ru : Date:      Mon, 11 Mar 2013 02:46:19 -0300 [01:46:19 EDT] ...

This fake wire transfer spam leads to malware on gimikalno.ru: Date:      Mon, 11 Mar 2013 04:00:22 +0000 [00:00:22 EDT] From:      Xa...

I have now come across several incidents of malware hosted in an OVH IP address range suballocated to Sidharth Shah . The blocks that I ca...

176.31.140.64/28 is an OVH block suballocated to Sidharth Shah (mentioned in this earlier post ). It contains a a small number of malicio...

37.59.214.0/28 is an OVH IP range suballocated to a person called Sidharth Shah in Maryland (more of whom later). At the moment it is hos...

For about the past year I have seen two very persistent spam runs leading to malware, typically themed along the lines of fake emails from...

This fake AT&T spam leads to malware on.. well, in this case nothing at all. Date :      Fri, 8 Mar 2013 10:37:24 -0500 [10:37:24 E...

This fake LinkedIn spam leads to malware on giminalso.ru: From: messages-noreply@bounce.linkedin.com [mailto:messages-noreply@bounce.li...