Wednesday, 2 April 2014

Something evil on 213.229.69.41

This tweet by Malmouse got me investigating what was happening on 213.229.69.41 .. and the answer is that it appears to be unmitigated ba...
Tuesday, 1 April 2014

rbs.com "RE: Copy" spam

This very terse spam has a malicious attachment: Date:      1 Apr 2014 14:25:39 GMT [10:25:39 EDT] From:      Kathryn Daley [Kathryn.Da...

Something evil on 64.202.116.124

64.202.116.124 (HostForWeb, US) is currently hosting exploit kits ( see this example ). I recommend that you block traffic to this IP or ...
Sunday, 30 March 2014

Naughty, naughty: BizSummits, CFO Summit, CIO Summit, CMO Summit rip off photos from other sites.

[Note, BizSummits replaced all of the unlicensed photographs shortly after I pointed them out on this blog] I've been tracking the sp...
113 comments:
Friday, 28 March 2014

BizSummits "Early closing due to poor weather" / "Early closing due to bad conditions" spam

Here are a pair of odd spam email messages: Message 1 From :     Tim Williams Tim@myteamex.com To :     Tony Blair [tony@victimdomain...
13 comments:

Sky.com "Statement of account" spam leads to Gameover Zeus

This fake Sky spam has a malicious attachment: Date:      Fri, 28 Mar 2014 07:16:43 -0300 [06:16:43 EDT] From:      "Sky.com"...

Something evil on 192.95.44.0/27 (OVH Canada)

192.95.44.0/27 (spotted by Frank Denis ) is another evil OVH Canada netblock which I assume belongs to their black hat customer r5x.org /...
Wednesday, 26 March 2014

Something evil on 173.212.223.249

There's some sort of evil at work here, but I can't quite replicate it.. however I would recommend that you put a block in for 173...
4 comments:
Tuesday, 25 March 2014

"You have received new messages from HMRC" spam

This fake HMRC spam comes with a malicious attachment: Date:      Tue, 25 Mar 2014 12:59:28 +0100 [07:59:28 EDT] From:      "norep...

.js injection leads to Fake Flash update hosted on OneDrive

This kind of attack is nothing new, but there has been a sharp uptick recently in injection attacks that alter .js files on vulnerable sys...

Slartiblartfast "I see dead people" watch spam

I get a lot of watch spam, but I have to say this from Slartibartfast quoting the movie The Sixth Sense just tickled me somewhat.. Dat...
Sunday, 23 March 2014

Malware sites to block 23/3/14 (P2P/Gameover Zeus)

These domains and IPs are associated with the Peer-to-peer / Gameover variant of Zeus as described in this blog post at MalwareMustDie . I...
Friday, 21 March 2014

"CSR EXCELLENCE AWARD 2014" / csrawards.co.uk spam

Rule one of good customer service.. don't spam people like these jokers do: From :     Green Organisation greenorganisation@rkwmai...

"Companies House" spam and 50.116.4.71 (again)

This fake Companies House spam comes with a malicious attachment: Date:      Fri, 21 Mar 2014 11:05:35 +0100 [06:05:35 EDT] From:     ...

Amazon.co.uk spam, something evil on 50.116.4.71

This fake Amazon.co.uk spam comes with a malicious attachment: Date:      Fri, 21 Mar 2014 13:40:05 +0530 [04:10:05 EDT] From:      ...