A month ago, we advised people to consider blocking the .PW top level domain (TLD). There is still a lot of spam happening there, but there have been some changes recently. In particular, there are more "normal" TLDs mixed in with the .PW ones. However, even though the TLD may be normal — like .com […]
A large number of scam emails disguised as newsletters sent by the CNN television channel have been detected again. Sensational headlines are used in the messages to grab the attention of recipients (e.g., falling stock indexes, the election of a new Pope etc.). Users are asked to click on the links provided in the messages […]
Since the publication of our report, our colleagues from Seculert have discovered and posted a blog about the usage of another delivery vector in the Red October attacks. In addition to Office documents (CVE-2009-3129, CVE-2010-3333, CVE-2012-0158), it appears that the attackers also infiltrated victim network(s) via Java exploitation (MD5: 35f1572eb7759cb7a66ca459c093e8a1 – ‘NewsFinder.jar’), known as the […]
Latest Comments