Posts archive: 2012
- Dec 30 - What happened if Red Kit Exploit Kit team up with BlackHole EK? = Tripple payload + infection of Khelios!
- Dec 27 - Announce of Multiple Malware Domains Deactivation Progress - The "Operation Tango Down"
- Dec 22 - The Crime Still Goes On: Trojan Fareit Credential Stealer - New Server, Same Group, Same Game (via BHEK/Cridex)
- Dec 16 - Getting more "Personal" & Deeper into Cridex joint with Fareit Credential Stealer Infection
- Dec 15 - "More" Spam to BHEK to Cridex; How they define, grab, handle & send the credentials + more things that we really (don't) need to know...
- Dec 12 - Update: The BHEK Users of Trojan Password Stealer BadActors is Shifting Their Evil Service into Germany VPS at AS25074 (SECURENETZ-DE)
- Dec 12 - JS/RunForrestRun Infector ComeBack! Full Disclosure of Decoding URL, DGA Domain List, Registrar & DNS info.
- Dec 11 - List of Name Server used by Blackhole (BHEK) v2 using Password Stealer Infector Bad Actors
- Dec 10 - Fake Facebook Notification Leads to Cridex/PasswordStealer via BHEK2, The Same BadActors Confirmed!
- Dec 09 - Spam "You have been sent a file" + WordPress Redirector * BHEK2.x(Plugindetect 0.7.9) + New Shellcode Obfuscation = Cridex Password Stealer
- Nov 25 - Full Disclosure: Analysis of Fake Facebook Notification redirect to Obfuscation Blackhole(PluginDetect 0.7.9) and infecting Cridex Malware
- Nov 24 - How, from where, by which IP you got infected w/FakeAV: System Progressive Protection; UPS Fake Spam, Spain's Front End Infector+Support Page, and Taiwan's CnC server
- Nov 18 - PluginDetect 0.7.9 infector "et" Cridex Payloads of BlackHole Exploit Kit v2 (188.8.131.52) used CVE-2012-4681, CVE-2012-5076, CVE-2009-0927++
- Nov 17 - What Serenity Exploit Kit dropped? A Spambot Full Analysis & Samples
- Nov 07 - Full Disclosure: An inside peek of BlackHole v2 Landing Page Infector Server
- Nov 04 - Unknown Exploit Pack with Webshell WSO 2.3 (diversified.usereasy.net./184.108.40.206) Malware Infector, Spam Site Redirector + Webalizer :-)
- Oct 29 - The crusaders' note : When #malware infector goes to Cloud - Part 2 : Amazon-AWS loaded with Trojan Bank Spy/Downloaders
- Oct 29 - The crusaders' note : Suspected JS/RunForrestRun aka PseudoRandom's NEW bad actor scheme is on going..
- Oct 29 - The crusaders' note: Found the CNC of TrojDownloader/Backdoor/Spy in GoDaddy
- Oct 29 - The crusaders' note : New BHEK2 actor spreads Zbot P2P sets
- Oct 22 - (Updated) A tale of mass infection of BHEK2 "border.htm" during ddos storm - Changes in JAR detected - Payload : Cridex - Malware Crusaders Logs
- Oct 15 - Evil App: Russian FruitNinja - #Android Backdoor Analysis
- Oct 07 - [Updated] Fuzzy in Manual Cracking New PseudoRandom (JS/runforestrun?xxx=) Infector
- Oct 01 - How EVIL the PHP/C99Shell can be? From SQL Dumper, Hacktools, to Trojan Distributor Future?
- Sep 30 - Chinese Malvertisement of OnlineGame Trojan/InfoStealer by Expoiting CVE-2012-1889 (MS-XML bugs MS12-043)
- Sep 20 - "Geek" Way in Reversing #CVE-2010-1885 Infection via PluginDetect Script/Blackhole EK (220.127.116.11)
- Sep 18 - Monitoring a BlackHole Exploit Kit Services & Infectors (Target: 18.104.22.168)
- Sep 16 - A peek into "qaqipwel.ru" a Malicious Domain Redirector with Pseudo/Dynamic IP - Infector to RedKit Exploit Kit
- Sep 16 - Slight changes detected in shellcode & dropper works of Blackhole Exploit Kit (landing page: 22.214.171.124 / mothership: 126.96.36.199)
- Sep 13 - Once upon a time with 188.8.131.52's undetected CVE-2012-4681 HTML infector (+full set of JAR payload infection)
- Sep 09 - A discovery of an undetectable ZeuS/Spyware Trojan by following a lead of Blackhole Infection via Spam
- Sep 06 - When #malware infector goes to Cloud: Trojan Banker in Free Cloud Storage - MediaFire
- Sep 06 - Racing with time to get the latest payload of Blackhole Exploit Kit
- Sep 04 - Cracking of Strong Encrypted PHP / IRC Bot (PBOT) with TCP / UDP (DoS) Flooder + Backdoor (bt.php)
- Sep 02 - Important - Blackhole Exploit Kit starts dropping undetectable payloads via OS detect plugin script-dropper
- Sep 01 - Malware Hunting Log - JS/PseudoRandom infected cufon.js in Wordress
- Sep 01 - Hunting Log - PHP/RemoteAdmin
- Sep 01 - Malware Hunting - Write Reports as Hunting PoC
- Sep 01 - Suspicious Movement in ASN40034 (infector to tr2.4voip.biz & fwdservice.com)
- Sep 01 - Understanding Recent Blackhole Exploit Kit's "js.js" Infector Trend for Smart Hunting
- Sep 01 - Pseudo Randoms Infector URL - An idea to grep it (a logical bug to be used)
- Sep 01 - What can Exploit Kit do & drop? Full story of spam to malwares
- Aug 31 - Payloads URI die hard - Blackhole Exploit Kit
- Aug 31 - (Updated) Beware of the BABYLON, Adware that spreads like Exploit Kit
- Aug 30 - Undetected Orange Exploit Kit Infector
- Aug 30 - What Orange Exploit Kit Dropped
- Aug 30 - Fake Flash Updater presented by #blackhole
- Aug 30 - New Blackhole HTML Infector found
- Aug 30 - Interesting Idea: (Pastebin) How to stop Blackhole Exploit Kit by using its vulnerability
- Aug 29 - #MalwareMustDie - Day1 Opening Day Report
- Aug 28 - The raise of "#MalwareMustDie!"