Dynamoo's Blog
Malware, spam, scams and random stuff, by Conrad Longmore.
Tuesday 16 July 2013
Malware sites to block 16/7/13
›
These domains and IPs are associated with this gang . This time there appear to be some diet pill sites in the mix, these may be spammy or...
Half your video missing in Windows Movie Maker? MS13-057 to blame.
›
I couldn't quite figure out why Windows Movie Maker was suddenly chopping off the top half of a video I was making.. I didn't i...
msi.com hacked with kristians1.net
›
The website of msi.com (a major computer manufacturer) has been hacked and is serving up malware, despite MSI being informed of the problem....
Monday 15 July 2013
UPS spam / tvblips.net
›
This fake UPS spam leads to malware on tvblips.net : Date: Mon, 15 Jul 2013 10:20:13 -0500 From: Subject: Your UPS In...
NOST (NOST.QB) / NSU Resources Inc Pump and Dump Spam
›
Over the weekend a pump-and-dump spam run started for NSU Resources Inc trading as NOST.QB . NSU Resources almost definitely have nothin...
Friday 12 July 2013
ygregistry.com.cn domain scam
›
This domain scam has been doing the rounds for years. From: Jim Wang [jim.wang@ygregistry.com.cn] Date: 12 July 2013 15:44 Subj...
5 comments:
"TAX Return Reminder" / cpa.state.tx.us.tax-returns.mattwaltererie.net
›
This fake tax return reminder leads to malware on cpa.state.tx.us.tax-returns.mattwaltererie.net : --- Version 1 -------------------- ...
Thursday 11 July 2013
Malware sites to block 11/7/13
›
I noticed 188.138.89.106 (Intergenia AG, Germany) was the originating IP being used in this spam run using a hijacked 1&1 account, a...
"WTX Media INC" spam / dajizzum.com
›
This fake invoice spam from the nonexistant "WTX Media" leads to a malware landing page on dajizzum.com : From: Rebecca Media...
Wednesday 10 July 2013
Visa spam / estateandpropertty.com and clik-kids.com
›
This fake Visa spam attempts to lead to malware on estateandpropertty.com : Date: Wed, 10 Jul 2013 13:20:38 -0300 [12:20:38 EDT] ...
Something evil on 199.231.93.182
›
199.231.93.182 (Webline Service, US suballocated to "Alex Capersov") is hosting a number of exploits [1] [2] being used in inj...
Tuesday 9 July 2013
"Payment File Successfully Processed" spam / autorize.net.models-and-kits.net
›
This spam leads to malware on autorize.net.models-and-kits.net : Date: Tue, 9 Jul 2013 15:36:42 -0500 From: batchprovider@ef...
Xerox WorkCentre (or is it HP Digital Device?) spam / SCAN_129_07082013_18911.zip
›
This fake printer spam has a malicious attachment: Date: Mon, 8 Jul 2013 12:20:24 -0500 [07/08/13 13:20:24 EDT] From: HP Dig...
Monday 8 July 2013
sendgrid.me / amazonaws.com spam
›
This spam is unusual in that it comes through an apparently genuine commercial email provider ( sendgrid.me ) and leads to malware hosted ...
2 comments:
Amex spam / americanexpress.com.krasalco.com
›
This fake Amex spam leads to malware on americanexpress.com.krasalco.com : From : American Express [mailto:AmericanExpress@emalsr...
Friday 5 July 2013
EBC "Password Reset Confirmation" spam / paynotice07.net
›
This fake password reset spam leads to malware on paynotice07.net : From: EBC_EBC1961Registration@ebank6.secureaps.com Sent: 05 July 2...
Thursday 4 July 2013
Mystery spam leads to Emailmovers Ltd (emailmovers.com / emvrs.co)
›
Some time ago I received a spam sent to a scraped email address promoting email marketing services (i.e. spam) which features fake contac...
4 comments:
Tuesday 2 July 2013
Babylon and the 3954 Trojans, or the Whore of Babylon.com
›
" Babylon and the 3954 Trojans " sounds like a swords and sandals epic, but unfortunately it's just another example of crap...
Adware sites to block 2/7/13
›
Never trust an ad network that uses anonymous WHOIS details. These are hosted on 108.161.189.161 (NetDNA, US) and all hide their details....
Monday 1 July 2013
Pinterest spam / pinterest.com.reports0701.net
›
This fake Pinterest spam leads to malware on pinterest.com.reports0701.net : Date: Mon, 1 Jul 2013 21:04:36 +0530 From: &quo...
Adware sites to block 1/7/13
›
Never trust any sort of ad network that uses anonymous domains and hides all other identifying data. These seem to be doing to rounds at t...
4 comments:
‹
›
Home
View web version