Posted by nart on August 24th, 2010.
Tags: Malware, PPC, RogueAV, SEO.
Search Engine Optimization (SEO) is a term that refers to efforts to increase the rankings of a website so that it appears in the top results when searching for particular key words in a search engine. Black Hat SEO refers to “unscrupulous” SEO techniques often used to promote Rogue/Fake security software and pay-per-click (PPC) advertisement […]
Posted by nart on August 10th, 2010.
Tags: Malware, PPC, TDS.
Traffic Direction Systems (TDS) are used as landing pages that direct traffic to malicious content based on a variety of criteria such as operating system, browser version and geographic location. There are a variety of TDS systems available including Sutra TDS (www.kytoon.com/sutra-tds.html). Finjan posted an interesting analysis of one campaign (it no longer appears to […]
Posted by nart on August 4th, 2010.
Tags: Ambler, Botnet, Malware.
[UPDATED to include makeithappen2ce.info and zhogdiana.info] In the past, the operators of large botnets sought to expand the size of their operations and cared little for the details of any individual compromised computer — one bot was as good, for the most part, as any other. Any one of the thousands of computers under their […]
Posted by nart on July 29th, 2010.
Tags: China, Human Rights, Malware, Social Engineering.
Human Rights and Malware Attacks by Nart Villeneuve On March 18, 2010, unknown attackers sent a spear phishing email that appeared to be from Sharon Hom, the Executive Director of Human Rights in China (HRIC), to a variety of organizations and individuals. Leveraging the trust and recognition of HRIC, the attackers’ email encouraged recipients to […]
Posted by nart on June 9th, 2010.
Tags: BlackEnergy, Cybercrime, DDOS, Malware, ZeuS.
The forum at darkcc.com is a location where buyers and sellers of stolen credit card information conduct exchanges. There are many forums like this that are part of the thriving market that sustain the “botnet ecosystem.” The servers that host these types of forums are typically involved in a variety of nefarious activities. This one […]
Posted by nart on June 3rd, 2010.
Tags: Malware.
I checked inbox today and found an interesting email:
Posted by nart on April 10th, 2010.
Tags: Cybercrime, DDOS, Internet Censorship, Malware.
An emerging area of inquiry in security research is the blurring boundaries between cybercrime and other, more targeted forms of attack, and more specifically attacks that appear to be politically motivated. These attacks often take the form of targeted malware attacks that act as a form of surveillance in which sensitive documents and communications are […]
Posted by nart on April 5th, 2010.
Tags: Botnet, Malware, Social Engineering.
Last year, at just about this time, the InfoWar Monitor (IWM) released the “Tracking GhostNet” report which detailed our investigation into a cyber-espionage network that has compromised 1200+ computer systems spread across 103 countries, including ministries of foreign affairs, embassies, international organizations, news organizations, and even a computer located at NATO headquarters. I remember when […]
Posted by nart on April 5th, 2010.
Tags: Aurora, Malware.
[UPDATE: See “Vecebot Trojan Analysis” by SecureWorks.] A while back I wrote a post about “Aurora Mess” in which I tried, unsuccessfully, to make sense of the different assessments of the attacks on Google and at least 20 other companies within the security community. I was trying to grapple with the way in which Google […]
Posted by nart on March 25th, 2010.
Tags: China, DNS, Free Expression, Malware.
The domain registrar GoDaddy testified before the U.S. Congressional-Executive Commission on China and stated that they would “discontinue offering new .CN domain names” citing concerns over an “increase in China’s surveillance and monitoring of the Internet activities of its citizens” and the “chilling effect” that the retroactive application of new requirements on .CN domain names […]
Posted by nart on March 24th, 2010.
Tags: RogueAV, Spear Phishing, ZeuS.
Brian Krebs just posted a great article about avprofit.com, an affiliate program for malware distributors, who get $1 per install. But they don’t just spread rogue (fake) anti-virus software, they also spread ZeuS: Distributors or “affiliates” who sign up with avprofit.com, for example, are given access to an installer program that downloads not only rogue […]
Posted by nart on March 23rd, 2010.
Tags: Censorship, China, Google, Search Engines.
Yesterday Google began redirecting requests for google.cn to google.com.hk effectively ending its years of self-censorship in China. To be clear, Google has not ended censorship in China — Google has ended its own self-censorship. While searches within the .hk google are not censored by Google, they will still be affected by China’s keyword filtering. This […]
Posted by nart on March 16th, 2010.
Tags: China, Google, Search Monitor.
Today MSNBC reported that Google “appears” to have stopped censoring its search engine in China, google.cn. This is not true. In Search Monitor Project: Toward a Measure of Transparency I tried to carefully document the different censorship practices among Google, Yahoo, Microsoft and Baidu. (Here are some more posts on this issue.) In short, it […]
Posted by nart on March 7th, 2010.
Tags: China, Greendam, Malware.
A while back I posted an analysis of attacks on Solid Oak (the makers of CyberSitter) after a dispute with a Chinese firm that produced GreenDam over stolen code. Rob Lemos covered the story and also revealed that the law firm representing Solid Oak subsequently came under a similar targeted malware attack. The story has […]
Posted by nart on March 4th, 2010.
Tags: Aurora, China, Google, Malware.
The data about Aurora has always felt just a little off for me. Maybe its that everyone writing about it just has their own piece of the puzzle to analyse, without the detail required to accurately link the pieces together. When it comes to the command and control infrastructure, maybe it’s that some obfuscated the […]