[Full-disclosure] Who's Behind the Koobface Botnet? - An OSINT Analysis

command and control infrastructure, that at a particular moment in time was directly redirecting to the ubiquitous fake Youtube page pushed by the Koobface botnet. http://ddanchev.blogspot.com/2012/01/whos-behind-koobface-botnet-osint.html Regards -- Dancho Danchev Cyber Threats/CyberCrime

[Full-disclosure] Exposing the Market for Stolen Credit Cards Data

hosts as stepping stones Reference: http://ddanchev.blogspot.com/2011/10/exposing-market-for-stolen-credit-cards.html Regards -- Dancho Danchev Cyber Threats/CyberCrime Analyst | Security Blogger, ZDNet at CBS Interactive Personal Blog: http://ddanchev.blogspot.com ZDNet Blog: http://blogs.zdnet.com

[Full-disclosure] Inside India’s CAPTCHA Solvi ng Economy

://blogs.zdnet.com/security/?p=1835 Regards -- Dancho Danchev Cyber Threats Analyst/Blogger http://ddanchev.blogspot.com http://blogs.zdnet.com/security http://windowsecurity.com/Dancho_Danchev ___ Full-Disclosure - We believe in it. Charter: http

[Full-disclosure] Coordinated Russia vs Georgia cyber attack in progress

government's ability to disseminate information on the events taking place inside the country. The attacks are ongoing despite the ceasefire. http://blogs.zdnet.com/security/?p=1670 Regards -- Dancho Danchev Cyber Threats Analyst/Blogger http://ddanchev.blogspot.com http://blogs.zdnet.com/security http

[Full-disclosure] Gmail, Yahoo and Hotmail’s CAPTCHA broken by spammers

capabilities at these services : http://blogs.zdnet.com/security/?p=1418 Regards -- Dancho Danchev Cyber Threats Analyst/Blogger http://ddanchev.blogspot.com http://blogs.zdnet.com/security http://windowsecurity.com/Dancho_Danchev ___ Full-Disclosure - We

[Full-disclosure] ICANN and IANA’s domains hij acked by Turkish hacking group

://blogs.zdnet.com/security/?p=1356 Regards -- Dancho Danchev Cyber Threats Analyst/Blogger http://ddanchev.blogspot.com http://blogs.zdnet.com/security http://windowsecurity.com/Dancho_Danchev ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk

[Full-disclosure] Who's Behind the GPcode Ransomware?

, the currency accounts, as well their most recent IPs used in the communication. http://ddanchev.blogspot.com/2008/06/whos-behind-gpcode-ransomware.html http://blogs.zdnet.com/security/?p=1259 Regards -- Dancho Danchev Cyber Threats Analyst/Blogger http://ddanchev.blogspot.com http://blogs.zdnet.com

[Full-disclosure] Assessing the Flash Zero Day Malware Campaign

of Chinese blackhats, as well as establishing the connection between this incident and several of domains used in the ongoing SQL injection attacks : http://ddanchev.blogspot.com/2008/05/malware-attack-exploiting-flash-zero.html Regards -- Dancho Danchev Cyber Threats Analyst/Blogger http

[Full-disclosure] Redmond Magazine SQL Injected by Chinese Hacktivists

, in this particular case Mal/Badsrc-A. Redmond Developer News and Redmond Channel Partner Online are also affected. An analysis is available at : http://blogs.zdnet.com/security/?p=1118 Regards -- Dancho Danchev Cyber Threats Analyst/Blogger http://ddanchev.blogspot.com http://windowsecurity.com

[Full-disclosure] The DDoS Attacks Against CNN

-hacktivists-waging-peoples.html Regards -- Dancho Danchev Cyber Threats Analyst/Blogger http://ddanchev.blogspot.com http://windowsecurity.com/Dancho_Danchev ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html

[Full-disclosure] Massive IFRAME SEO Poisoning Attack Continuing

-attack.html Regards -- Dancho Danchev Cyber Threats Analyst/Blogger http://ddanchev.blogspot.com http://windowsecurity.com/Dancho_Danchev ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted

[Full-disclosure] More High Profile Sites IFRAME Injected

; gsbapps.stanford.edu; bushtorrent.com; ccie.com; uvm.edu; thehipp.org; mnsu.edu; camajorityreport.com; medicare.gov; usamriid.army.mil http://ddanchev.blogspot.com/2008/03/more-high-profile-sites-iframe-injected.html Regards -- Dancho Danchev Cyber Threats Analyst/Blogger http://ddanchev.blogspot.com

[Full-disclosure] Wired.com and History.com Getting RBN-ed

-getting-rbn-ed.html Regards -- Dancho Danchev Cyber Threats Analyst/Blogger http://ddanchev.blogspot.com http://windowsecurity.com/Dancho_Danchev ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted

[Full-disclosure] More CNET Sites Under IFRAME Attack

of the applications. http://ddanchev.blogspot.com/2008/03/more-cnet-sites-under-iframe-attack.html Regards -- Dancho Danchev Cyber Threats Analyst/Blogger http://ddanchev.blogspot.com http://windowsecurity.com/Dancho_Danchev ___ Full-Disclosure - We

[Full-disclosure] ZDNet Asia and TorrentReactor IFRAME-ed

to known Russian Business Network netblocks and ex-customers in the face of rogue anti-virus and any-spyware applications, as well as fake codecs. http://ddanchev.blogspot.com/2008/03/zdnet-asia-and-torrentreactor-iframe-ed.html Regards -- Dancho Danchev Cyber Threats Analyst/Blogger http

[Full-disclosure] Malicious Advertisements Serving Domains

Hello, These are some of the domains behind the recent malicious advertising campaigns pushing rogue SWF ads. Besides being connected, the majority of ad campaigns point to RBN's customers' base as well. http://ddanchev.blogspot.com/2008/02/malicious-advertising-malvertising.html Here's another

[Full-disclosure] Large Scale MySpace Phishing Attack

In need of a creative phishing campaign of the year? Try this, perhaps the largest phishing attack spoofing MySpace and collecting all the login details at a central location, that's been active for over a month, and continues to be. A Chinese phishing group has come up with legitimate looking

[Full-disclosure] Dissecting The Electronic Jihad v3.0

Screenshots, checksums, detection rates, main campaign URL, and target synchronization URLs -- now offline -- included. Key point : the central update locations at the al-jinan.net domain are down, and so are the several others included, so you have a situation where forums and people start

[Full-disclosure] Google Hacking for MPacks, Zunkers and WebAttackers

The following are IPs and domain names currently or historically used to host MPack, WebAttacker and Zunker control panels as well as live exploit URLs within the packs. Some are down, others are still accessible, the rest are publicly cached. If index.php doesn't exist, admin.php or zu.php act as

[Full-disclosure] Graphs of Storm Worm's Fast Flux Networks

Here are some handy graphs of Storm Worm's use of fast-flux networks generated during the last several hours acting as great examples of how diverse malware CC has become : http://ddanchev.blogspot.com/2007/09/storm-worms-fast-flux-networks.html Regards, Dancho

[Full-disclosure] Popular Malware Kits and Tools

The following are links to some of the currently popular malware kits in action, as well as several misc tools, with assessments of the malicious URLs, detection rates, and related screenshots that were obtained : The Nuclear Malware Kit

[Full-disclosure] Analyses of Cyber Jihadist Forums and Blogs

Where are cyber jihadists linking to, outside their online communities? Which are the most popular file sharing and video hosting services used to spread propaganda, training material and communicate with each other? What are their favorite blogs, and international news sources? How does the