The WordPress Brute Force Attack Timeline
Authored by Daniel Cid and Tony Perez.We have been blogging about the massive brute force attacks against WordPress websites over the past few days, today we want to provide better context of the scale...
View Article“Boston Marathon” spam / askmeaboutcctv.com
This pretty shameful Boston marathon themed spam leads to malware on askmeaboutcctv.com:Sample 1:From: Graham Jarvis [mailto:alejandro.alfonzo-larrain@tctwest.net] Sent: 17 April 2013 09:49Subject:...
View ArticleW32/Kryptik.AX!tr – A Masterful FTP Trojan
A few days ago I received an interesting email message:Just your typical phishing email. Normally, I would just dump it into our signature automation processors and move on to the next piece of...
View ArticleCNN.com Boston Marathon spam / thesecondincomee.com
This Boston Marathon themed spam leads to malware on thesecondincomee.com:Example 1:Date: Wed, 17 Apr 2013 10:32:18 -0600 [12:32:18 EDT]From: CNN Breaking News...
View ArticleFake SourceForge site distributes malware
We spotted malware hosted on hxxp://sourceforgechile.net/ a couple of days ago. The website is not currently responding, but appears to been set up as a fake and malicious version of the popular...
View ArticleShameless malware distribution abuses Texas explosion and Boston Marathon Attack
Malware distributors are turning to recent events to get recipients to follow links to infected websites. The recent “Pope-themed” malware attack is one such example. The attacks at the Boston Marathon...
View ArticleTragic Spam
Whenever something awful happens in the world, both the good and the bad come to the surface: bad guys doing bad things like we saw in Boston last week, and good guys rushing to random people’s aid in...
View Article“CareerBuilder Notification” spam / CB_Offer_04232013_8817391.zip
This fake CareerBuilder email has a malicious attachment containing malware.Date: Tue, 23 Apr 2013 11:13:54 -0700 [14:13:54 EDT]From: CareerBuilder...
View ArticleApache Binary Backdoors on Cpanel-based servers
For the last few months we have been tracking server level compromises that have been utilizing malicious Apache modules (Darkleech) to inject malware into websites. Some of our previous coverage is...
View ArticleApache Web Server Attacks Continue to Evolve
For the past few months we have seen a gradual increase in server-level compromises. In fact, every week it seems we’re handling half a dozen or so and it continues to increase. It’s one of the reasons...
View Article“Requested Reset of Yoyr PayPal Password” spam / frustrationpostcards.biz
This fake PayPal spam leads to malware on frustrationpostcards.biz: Date: Mon, 29 Apr 2013 13:22:03 -0500From: ”service@paypalmail.com” [chichisaq0@emlreq.paypalmail.com]Subject:...
View Article“Your Wire Transfer 82932922 canceled” spam / Payment reeceipt.exe /...
This fake wire transfer spam comes with a malicious attachment:Date: Tue, 30 Apr 2013 15:27:44 -0500 [16:27:44 EDT]From: Federal Reserve [alerts@federalreserve.gov]Subject: Your Wire...
View ArticleMore Fake SourceForge Websites Show Up
Two weeks ago we reported on a fake SourceForge website, sourceforgechile.net, which was used to distribute malware. We have since seen more of these fake sites this past week: sourceforgeestonia.net,...
View ArticleLinkedIn spam / guessworkcontentprotect.biz
This fake LinkedIn email leads to malware on guessworkcontentprotect.biz:From: LinkedIn Invitations [giuseppeah5@mail.paypal.com]Date: 2 May 2013 16:49Subject: LinkedIn inviation...
View ArticleWebShells WebShells on the Web Server
This blog describes briefly what WebShells are, and how attackers can use WebShells to gain powerful shell level/system level access to a server. WebShells have been used in attacks for quite a long...
View ArticleW3 Total Cache and WP Super Cache Vulnerability Being Targeted in the Wild
As if on queue, almost 7 days since we released the post about the latest W3TC and WP Super Cache remote command execution vulnerability, we have started to see attacks spring up across our network. In...
View ArticleFake Flash player on DropBox
Fake Flash updates are leveraged as a very popular trick amongst attackers to fool users into downloading and installing malware. This week we found a three websites distributing Win32.Sanity.N malware...
View ArticleInternet Explorer Zero-day Vulnerability (CVE-2013-1347)
A new vulnerability found in Microsoft Internet Explorer affects Internet Explorer version 8. The vulnerability allows attackers to execute code on a machine by just having the user visit a malicious...
View ArticleAmazon.com spam / ehrap.net
This fake Amazon spam leads to malware on ehrap.net:Date: Tue, 7 May 2013 22:54:26 +0100 [05/07/13 17:54:26 EDT]From: “Amazon.com” [drudgingb50@m.amazonmail.com]Subject: Your Amazon.com...
View ArticlePopular Media Sites Involved in Mass Compromise
Today, Zscaler identified yet another mass website compromise, this one impacting a number of popular media sites, including two radio stations in Washington, DC – Federal News Radio and WTOP. It’s not...
View Article