Posts Tagged ‘asn’

Hackers steal site content, infect people

Jun

2011

I was about to contact the owners of ‘water for people’ but something stopped me in my tracks: The site I was looking at (c0re.us) was spoofing content from www.waterforpeople.org With the one difference that hackers included a drive-by download: Among other things, this code snippet triggers a Java drive-by (coldhardcash4us.com/images/modules/helpers/JavaSignedApplet.jar): The ultimate payload comes […]

Category Security Written by Malware Diaries 0 Comments

New data on malwareblacklist.com

Jun

2011

Several people have requested to have ASN and Country added to the ParetoLogic URL Clearing house (malwareblacklist.com). Well, there you have it While the country information is pretty self-explanatory, ASN is a very valuable piece of information for security researchers. This helps us in particular to track down ISPs, hosting companies etc… at the source […]

Category Security Written by Malware Diaries 0 Comments

Zeus Bot likes Canada

May

2011

Being in Canada, I thought I should take a look at a particular infection derived from two sites hosted in this country. First, an infected page from: haroldwest.ca/invoice_download.html (IP: 65.39.242.99, location: Canada) The page triggers exploits from the following URLs: orjbhasqs.co.be/forum.php?tp=371e07c7063d940f orjbhasqs.co.be/games/java_trust.php?f=30 orjbhasqs.co.be/games/2fdp.php?f=30 orjbhasqs.co.be/games/mario.jar orjbhasqs.co.be/games/hcp_vbs.php?f=30 193.218.156.83/patcher.php orjbhasqs.co.be/k.php?f=30&e=0 orjbhasqs.co.be/k.php?e=7&f=30 orjbhasqs.co.be (IP: 193.218.156.83, location: Kiev, Ukraine) There’s […]

Category Security Written by Malware Diaries 0 Comments

The Latest in IT Security

Posts Tagged ‘asn’

Hackers steal site content, infect people

New data on malwareblacklist.com

Zeus Bot likes Canada

Categories

Featured

Archives

Latest Comments

About Us

Contact Us