malicious software | DataProtectionCenter.com

Something evil on 95.163.66.209

03

Nov

2011

There are a bunch of domains being used in injection attacks on 95.163.66.209 (Digital Network JSC, Russia). recently Armorize covered attacks using this particular site. The problem seems to be ongoing, and 95.163.66.209 is a good IP to block. In fact, blocking 95.163.64.0/19 is probably a good idea too as there are a whole load of nasties […]

Category Security Written by Dynamoo's Blog 0 Comments

Following WordPress into a Blackhole

31

Oct

2011

When we looked into the WordPress, our investigation took two separate paths: uncovering the TimThumb vulnerability and the Black Hole Toolkit used to exploit it. Now it is time to talk more in detail about the Blackhole Toolkit. For starters, the Blackhole exploit kit is used to spreading malicious software to users through hacked legitimate […]

Category General Written by Avast! blog 0 Comments

Injection attack: malavasso.com, migraviro.com and montenegrorio.com

14

Sep

2011

Three more domains being used in injection attacks today: malavasso.com migraviro.com montenegrorio.com The payload is the Sinowal trojan. Malicious software is hosted on 95.64.45.43 which is well-known very dark grey hat host Netserv Consult SRL of Romania. Blocking 95.64.0.0/17 (95.64.0.0 – 95.64.127.255) will probably do no harm. The (possibly fake) registrant for these domains is: […]

Category Security Written by Dynamoo's Blog 0 Comments

The Latest in IT Security

Posts Tagged ‘malicious software’

Something evil on 95.163.66.209

Following WordPress into a Blackhole

Injection attack: malavasso.com, migraviro.com and montenegrorio.com

Categories

Featured

Archives

Latest Comments

About Us

Contact Us