command and control infrastructure, that at a
particular moment in time was directly redirecting to the ubiquitous
fake Youtube page pushed by the Koobface botnet.
http://ddanchev.blogspot.com/2012/01/whos-behind-koobface-botnet-osint.html
Regards
--
Dancho Danchev
Cyber Threats/CyberCrime
hosts as stepping stones
Reference:
http://ddanchev.blogspot.com/2011/10/exposing-market-for-stolen-credit-cards.html
Regards
--
Dancho Danchev
Cyber Threats/CyberCrime Analyst | Security Blogger, ZDNet at CBS Interactive
Personal Blog: http://ddanchev.blogspot.com
ZDNet Blog: http://blogs.zdnet.com
://blogs.zdnet.com/security/?p=1835
Regards
--
Dancho Danchev
Cyber Threats Analyst/Blogger
http://ddanchev.blogspot.com
http://blogs.zdnet.com/security
http://windowsecurity.com/Dancho_Danchev
___
Full-Disclosure - We believe in it.
Charter: http
government's ability to disseminate information on
the events taking place inside the country. The attacks are ongoing
despite the ceasefire.
http://blogs.zdnet.com/security/?p=1670
Regards
--
Dancho Danchev
Cyber Threats Analyst/Blogger
http://ddanchev.blogspot.com
http://blogs.zdnet.com/security
http
capabilities at these services
:
http://blogs.zdnet.com/security/?p=1418
Regards
--
Dancho Danchev
Cyber Threats Analyst/Blogger
http://ddanchev.blogspot.com
http://blogs.zdnet.com/security
http://windowsecurity.com/Dancho_Danchev
___
Full-Disclosure - We
://blogs.zdnet.com/security/?p=1356
Regards
--
Dancho Danchev
Cyber Threats Analyst/Blogger
http://ddanchev.blogspot.com
http://blogs.zdnet.com/security
http://windowsecurity.com/Dancho_Danchev
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk
, the currency accounts, as well their most recent IPs used in the
communication.
http://ddanchev.blogspot.com/2008/06/whos-behind-gpcode-ransomware.html
http://blogs.zdnet.com/security/?p=1259
Regards
--
Dancho Danchev
Cyber Threats Analyst/Blogger
http://ddanchev.blogspot.com
http://blogs.zdnet.com
of Chinese blackhats, as well as
establishing the connection between this incident and several of
domains used in the ongoing SQL injection attacks :
http://ddanchev.blogspot.com/2008/05/malware-attack-exploiting-flash-zero.html
Regards
--
Dancho Danchev
Cyber Threats Analyst/Blogger
http
, in this particular case Mal/Badsrc-A. Redmond Developer News and
Redmond Channel Partner Online are also affected.
An analysis is available at :
http://blogs.zdnet.com/security/?p=1118
Regards
--
Dancho Danchev
Cyber Threats Analyst/Blogger
http://ddanchev.blogspot.com
http://windowsecurity.com
-hacktivists-waging-peoples.html
Regards
--
Dancho Danchev
Cyber Threats Analyst/Blogger
http://ddanchev.blogspot.com
http://windowsecurity.com/Dancho_Danchev
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
-attack.html
Regards
--
Dancho Danchev
Cyber Threats Analyst/Blogger
http://ddanchev.blogspot.com
http://windowsecurity.com/Dancho_Danchev
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted
;
gsbapps.stanford.edu; bushtorrent.com; ccie.com; uvm.edu; thehipp.org;
mnsu.edu; camajorityreport.com; medicare.gov; usamriid.army.mil
http://ddanchev.blogspot.com/2008/03/more-high-profile-sites-iframe-injected.html
Regards
--
Dancho Danchev
Cyber Threats Analyst/Blogger
http://ddanchev.blogspot.com
-getting-rbn-ed.html
Regards
--
Dancho Danchev
Cyber Threats Analyst/Blogger
http://ddanchev.blogspot.com
http://windowsecurity.com/Dancho_Danchev
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted
of the
applications.
http://ddanchev.blogspot.com/2008/03/more-cnet-sites-under-iframe-attack.html
Regards
--
Dancho Danchev
Cyber Threats Analyst/Blogger
http://ddanchev.blogspot.com
http://windowsecurity.com/Dancho_Danchev
___
Full-Disclosure - We
to known Russian
Business Network netblocks and ex-customers in the face of rogue
anti-virus and any-spyware applications, as well as fake codecs.
http://ddanchev.blogspot.com/2008/03/zdnet-asia-and-torrentreactor-iframe-ed.html
Regards
--
Dancho Danchev
Cyber Threats Analyst/Blogger
http
Hello,
These are some of the domains behind the recent malicious advertising
campaigns pushing rogue SWF ads. Besides being connected, the majority
of ad campaigns point to RBN's customers' base as well.
http://ddanchev.blogspot.com/2008/02/malicious-advertising-malvertising.html
Here's another
In need of a creative phishing campaign of the year? Try this,
perhaps the largest phishing attack spoofing MySpace and collecting
all the login details at a central location, that's been active for
over a month, and continues to be. A Chinese phishing group has come
up with legitimate looking
Screenshots, checksums, detection rates, main campaign URL, and target
synchronization URLs -- now offline -- included. Key point : the
central update locations at the al-jinan.net domain are down, and so
are the several others included, so you have a situation where forums
and people start
The following are IPs and domain names currently or historically used
to host MPack, WebAttacker and Zunker control panels as well as live
exploit URLs within the packs. Some are down, others are still
accessible, the rest are publicly cached. If index.php doesn't exist,
admin.php or zu.php act as
Here are some handy graphs of Storm Worm's use of fast-flux networks
generated during the last several hours acting as great examples of
how diverse malware CC has become :
http://ddanchev.blogspot.com/2007/09/storm-worms-fast-flux-networks.html
Regards,
Dancho
The following are links to some of the currently popular malware kits
in action, as well as several misc tools, with assessments of the
malicious URLs, detection rates, and related screenshots that were
obtained :
The Nuclear Malware Kit
Where are cyber jihadists linking to, outside their online
communities? Which are the most popular file sharing and video hosting
services used to spread propaganda, training material and communicate
with each other? What are their favorite blogs, and international news
sources? How does the
22 matches
Mail list logo