Twitter and MSN: Driving Malcode Distribution
We recently came across a bot that merged MSN Messenger link spam with Twitter to get users to download malcode. Twitter malcode is nothing new, but this one adds a twist to those that monitor IM link...
View ArticleInternet Banking NOT Infalliable –‘Je ne comprends pas’?
I had a bit of a chuckle this evening when reading an article about Nicolas Sarkozy, President of France and former Minister of several things, including Finances. I didn’t find it funny because...
View ArticleWeb Spam Failures
HTTP logs are a great place to sample all sorts of badness. Earlier I went looking for some suspicious lines in a web server log and found a pattern from all over the net: web spam injection failures....
View ArticleMorris Worm to MS08-067 – 20 Years of Evolution
Sunday, November 2, 2008 marks 20 years since the Morris Worm, oft referred to as The Great Worm, was released by Robert Tappan Morris (RTM). Estimates suggested the worm, exploiting buffer overflow...
View ArticleYour DNS is an Asset (Twitter DNS Woes…)
Given all the hoopla surrounding yesterday’s Twitter outage, and the apparent source of the outage being the result of nothing more than some maliciously modified DNS resource records enabled by a...
View ArticleA Double Dose of eBay Fraud
Back in November 2005, Bruce Schneier wrote about a Western Union-related fraud. This week, I was exposed to some of the techniques used by eBay sub-geniuses and their use of Western Union. I deal...
View ArticlePHP/WebGuard (and ASP/WebGuard) Attacks
Last week I got three separate emails about an attack that people were seeing, blending phishing, a Trojan, a backdoor, and a website hack all in one. The whole thing relies on the target user falling...
View ArticleBotconomics: The Monetization of YOUR Digital Assets
A decade ago IF your PC was compromised it was usually just taken for a joy ride. Today, with the monetization of bots, ease of compromise, prevalence of malware, and increasing connectedness of...
View ArticleThe NFL: Fostering Social Engineering?
So, yesterday I wrote this blog entry talking about some social engineering tactics enabled by an American fascination with the NFL. While looking at the email spam received from a Storm malware...
View ArticleInformation Security and NFL Espionage
In late January 2007 several NFL-related web sites were hacked, to include www.dolphinsstadium.com and www.miamidolphins.com. Considering the Miami Dolphins stadium was about to host the NFL’s biggest...
View ArticleTwitter and MSN: Driving Malcode Distribution
We recently came across a bot that merged MSN Messenger link spam with Twitter to get users to download malcode. Twitter malcode is nothing new, but this one adds a twist to those that monitor IM link...
View ArticleInternet Banking NOT Infalliable –‘Je ne comprends pas’?
I had a bit of a chuckle this evening when reading an article about Nicolas Sarkozy, President of France and former Minister of several things, including Finances. I didn’t find it funny because...
View ArticleWeb Spam Failures
HTTP logs are a great place to sample all sorts of badness. Earlier I went looking for some suspicious lines in a web server log and found a pattern from all over the net: web spam injection failures....
View ArticleMorris Worm to MS08-067 – 20 Years of Evolution
Sunday, November 2, 2008 marks 20 years since the Morris Worm, oft referred to as The Great Worm, was released by Robert Tappan Morris (RTM). Estimates suggested the worm, exploiting buffer overflow...
View ArticleYour DNS is an Asset (Twitter DNS Woes…)
Given all the hoopla surrounding yesterday’s Twitter outage, and the apparent source of the outage being the result of nothing more than some maliciously modified DNS resource records enabled by a...
View Article
More Pages to Explore .....