Tuesday, 1 April 2014

Something evil on 64.202.116.124

64.202.116.124 (HostForWeb, US) is currently hosting exploit kits ( see this example ). I recommend that you block traffic to this IP or ...
Friday, 28 March 2014

Sky.com "Statement of account" spam leads to Gameover Zeus

This fake Sky spam has a malicious attachment: Date:      Fri, 28 Mar 2014 07:16:43 -0300 [06:16:43 EDT] From:      "Sky.com"...

Something evil on 192.95.44.0/27 (OVH Canada)

192.95.44.0/27 (spotted by Frank Denis ) is another evil OVH Canada netblock which I assume belongs to their black hat customer r5x.org /...
Wednesday, 26 March 2014

Something evil on 173.212.223.249

There's some sort of evil at work here, but I can't quite replicate it.. however I would recommend that you put a block in for 173...
4 comments:
Tuesday, 25 March 2014

"You have received new messages from HMRC" spam

This fake HMRC spam comes with a malicious attachment: Date:      Tue, 25 Mar 2014 12:59:28 +0100 [07:59:28 EDT] From:      "norep...

.js injection leads to Fake Flash update hosted on OneDrive

This kind of attack is nothing new, but there has been a sharp uptick recently in injection attacks that alter .js files on vulnerable sys...

Slartiblartfast "I see dead people" watch spam

I get a lot of watch spam, but I have to say this from Slartibartfast quoting the movie The Sixth Sense just tickled me somewhat.. Dat...
Sunday, 23 March 2014

Malware sites to block 23/3/14 (P2P/Gameover Zeus)

These domains and IPs are associated with the Peer-to-peer / Gameover variant of Zeus as described in this blog post at MalwareMustDie . I...
Friday, 21 March 2014

"CSR EXCELLENCE AWARD 2014" / csrawards.co.uk spam

Rule one of good customer service.. don't spam people like these jokers do: From :     Green Organisation greenorganisation@rkwmai...

"Companies House" spam and 50.116.4.71 (again)

This fake Companies House spam comes with a malicious attachment: Date:      Fri, 21 Mar 2014 11:05:35 +0100 [06:05:35 EDT] From:     ...

Amazon.co.uk spam, something evil on 50.116.4.71

This fake Amazon.co.uk spam comes with a malicious attachment: Date:      Fri, 21 Mar 2014 13:40:05 +0530 [04:10:05 EDT] From:      ...

Porn site beeg.com hacked, aadserver.com and malware sites to block

This summary is not available. Please click here to view the post.
1 comment:
Thursday, 20 March 2014

Something evil on 66.96.195.32/27

Another bad bunch of IPs hosted by Network Operations Center in Scranton following on from yesterday , this time 66.96.195.32/27 which se...

prospectlist.com / prospectlist.co.uk spam

Never buy email marketing services from spammers.. unless you want your website suspended and reputation trashed. Here's a grubby litt...

Evil network: OVH Canada / r5x.org / Penziatki (updated)

I've covered OVH Canada and their black hat customer r5x.org aka "Penziatki" before. They consistently host exploit kits, ...
Wednesday, 19 March 2014

NatWest "You have received a secure message" spam

This fake NatWest spam has a malicious attachment: Date:      Wed, 19 Mar 2014 15:14:02 +0100 [10:14:02 EDT] From:      NatWest [secure...

Something evil on 64.120.242.160/27

64.120.242.160/27 (Network Operations Center, US) is hosting a number of exploit domains (see this example report at VirusTotal). There...

More OVH Canada hosted exploit kits

I've been a bit tardy with this look at the new OVH Canada ranges exposed by Frank Denis so some of these domains may already been d...
Monday, 17 March 2014

Something evil on 192.95.6.196/30

Another useful tip by Frank Denis on evil in the OVH Canada IP ranges, suballocated to their black hat customer " r5x.org / Penziat...

Salesforce.com "Please respond - overdue payment" spam

This fake Salesforce spam comes with a malicious attachment. Well, actually two malicious attachments.. Date:      Mon, 17 Mar 2014 16...