Thursday, 20 March 2014

Something evil on 66.96.195.32/27

Another bad bunch of IPs hosted by Network Operations Center in Scranton following on from yesterday , this time 66.96.195.32/27 which se...

prospectlist.com / prospectlist.co.uk spam

Never buy email marketing services from spammers.. unless you want your website suspended and reputation trashed. Here's a grubby litt...

Evil network: OVH Canada / r5x.org / Penziatki (updated)

I've covered OVH Canada and their black hat customer r5x.org aka "Penziatki" before. They consistently host exploit kits, ...
Wednesday, 19 March 2014

NatWest "You have received a secure message" spam

This fake NatWest spam has a malicious attachment: Date:      Wed, 19 Mar 2014 15:14:02 +0100 [10:14:02 EDT] From:      NatWest [secure...

Something evil on 64.120.242.160/27

64.120.242.160/27 (Network Operations Center, US) is hosting a number of exploit domains (see this example report at VirusTotal). There...

More OVH Canada hosted exploit kits

I've been a bit tardy with this look at the new OVH Canada ranges exposed by Frank Denis so some of these domains may already been d...
Monday, 17 March 2014

Something evil on 192.95.6.196/30

Another useful tip by Frank Denis on evil in the OVH Canada IP ranges, suballocated to their black hat customer " r5x.org / Penziat...

Salesforce.com "Please respond - overdue payment" spam

This fake Salesforce spam comes with a malicious attachment. Well, actually two malicious attachments.. Date:      Mon, 17 Mar 2014 16...

"Your private photos are there for anyone to see. why??" spam

This spam email has a malicious attachment: Date:      Mon, 17 Mar 2014 13:08:42 +0100 [08:08:42 EDT] Subject:      Your private photos...

Injection attack in progress 17/3/14

A couple of injection attacks seem to be in progress, I haven't quite got to the bottom of them yet.. but you might want to block the ...

Something evil on 198.50.140.64/27

Thanks again to Frank Denis (@jedisct1) for this heads up involving grubby web host OVH Canada and their black hat customer " r5x...
Thursday, 13 March 2014

Malware sites to block 13/3/14

These IPs and domains seem to be involved in injection attacks today. I recommend you block them. 64.120.242.178 188.226.132.70 93.189...

Sky.com "Statement of account" spam

This fake Sky.com email comes with a malicious attachment: Date:      Thu, 13 Mar 2014 12:23:09 +0100 [07:23:09 EDT] From:      "S...

Evil network: OVH Canada / r5x.org / Penziatki

Note: a more up-to-date list can be found here . Hat tip to Frank Denis (@jedisct1) for this report on Nuclear EK's hosted by OVH ...
Wednesday, 12 March 2014

Headlines Today: More evidence against Somnath Bharti unearthed

)
Monday, 10 March 2014

gateway.confirmation@gateway.gov.uk spam

This fake spam from the UK Government Gateway comes with a malicious payload: Date:      Mon, 10 Mar 2014 12:04:21 +0100 [07:04:21 EDT]...
Wednesday, 5 March 2014

mms.Orange.co.uk "IMAGE Id 889195266-PicFFY2C TYPE=MMS" spam

A horribly managed spam turned up in my inbox, claiming to be an MMS message from Orange UK. Well, at least that's what it looked like...
2 comments:
Sunday, 2 March 2014

Malware sites to block 2/3/14

These domains and IPs are all connected with this gang , some of it appears to be involved in malware distribution, fraud or other illegal...

seekcousa.com / seekconz.com fake job offer

This job offer from seekcousa.com or seekconz.com is bogus: Date:      1 Mar 2014 15:53:11 +0700 [03:53:11 EST] Subject:      Offer ...
4 comments:
Friday, 28 February 2014

Companies House "FW: Case - 6569670" spam

This fake Companies House spam leads to malware: From:     Companieshouse.gov.uk [web-filing@companies-house.gov.uk] Date:     28 Febru...