Some Changes in Continuing .PW Spam
A month ago, we advised people to consider blocking the .PW top level domain (TLD). There is still a lot of spam happening there, but there have been some changes recently. In particular, there are...
View ArticleA Shady “Recruitment” Network
Here are a couple of interesting sites: and (There are also some variants on the "TJL" initials — mixing their order — but these all resolve to the tjlrecruitment.org site. No variants for the...
View ArticleBogus “Shocking Video” Content at Scribd Exposes Malware Monetization Scheme...
Bogus content populating Scribd, centralized malicious/typosquatted/parked domains/fraudulent infrastructure, combined with dozens of malware samples phoning back to this very same infrastructure to...
View ArticleFake ‘Rihanna & Chris Brown S3X Video’ Spam Campaign Spreading Across...
A currently ongoing, click-jacking driven spam campaign is circulating across Facebook, with the affected users further spreading the adf.ly links on the Walls of their friends, in between tagging...
View ArticleFox News-themed Malicious Email Campaign
WebsenseR Security LabsT researchers, using our Websense ThreatSeekerR Intelligence Cloud, discovered an interesting malicious email campaign using spoofed email addresses from Fox News domains in an...
View ArticleUbisoft Breached: Passwords Taken
Video game development company Ubisoft posted an article earlier today on their support site that one of their systems were compromised and gamers usernames, email addresses and encrypted passwords...
View ArticleAV engine detection techniques vs the evolution of malware: cat-and-mouse game
Get rid of cliches: “Most of anti-virus software products detect malware pieces only through simple checksums. This is often the case for the anti-virus engines which are integrated into network...
View ArticleI am ‘Datarmined’ to secure my Facebook posts
I recently tried an amazing browser extension named Datarmine whose goal is to secure social network posts. It works for Facebook, Twitter etc. The idea is that your posts get encrypted, and only...
View ArticleTracking a botnet infection
Recently we found several malicious executables with similar characteristics. These files were found on the following six domains: janashfordplumbing.com kalliskallis.com lowes-pianos-and-organs.com...
View ArticleDigging Into Certificate Revocation Lists
In this blog we shall reveal the uses for certificates, uncover how to combat abused certificates and dig deep into an example of how malicious software can be digitally signed to pass certification...
View ArticleA Day in the Life of a Mobile Ransomware
Last month, Symantec blogged about an Android malware named Android.Fakedefender that is the first example of a Ransomware that we have seen on the Android platform.Fortinet detects this malware as...
View ArticleFlimKit coughs up more Malvertising
FlimKit is a known exploit kit which takes advantage of Java Vulnerabilities in order to drop malicious content on the victim’s PC. Previous iterations of this Exploit Kit were known to be distributed...
View Article6.25 DNS DDOS Attack In Korea
Shortly after 10:00am Jun 25th 2013, many government websites from South Korea were not accessible. It was actually caused by the malware performing ddos attack on 2 major DNS servers (ns.gcc.go.kr and...
View ArticleDon’t Send Your SMS Scam to an AntiVirus Analyst ;)
Recently I received this SMS on my mobile phone. Basically, it tells me I have to call back 018377xxxx to collect a parcel. As this phone number is not premium and I was indeed waiting for a parcel, I...
View ArticleDissecting Latest Kelihos Peer Exchange Communication
StoryAround the end of June, I found a new Kelihos binary that was being pushed to all the proxy peers from Kelihos’ job servers. At that time, I assumed the binary was just a typical bug fix build....
View ArticleCustom Attachment Names and Passwords for Trojans
Websense® Security Labs™ researchers, using our Websense ThreatSeeker® Intelligence Cloud, recently noticed an increased use of custom-generated attachment file names, and some use of...
View Article“You requested a new Facebook password” spam / nphscards.com
This fake Facebook spam leads to malware on nphscards.com: Date: Wed, 24 Jul 2013 11:22:46 -0300 [10:22:46 EDT]From: Facebook [update+hiehdzge@facebookmail.com]Subject: You requested a...
View ArticleRoyal Baby: Third in Line to the Throne, First in Line as a Threat Lure!
Following yesterday's news, the Duke and Duchess of Cambridge are now the proud parents of a baby boy and future heir to the British throne. While they revel in the joy of being a family,...
View ArticlePhishing for Ad Scams
Today we have a perfect storm of basic attack vectors which inevitably lead victims to a variety of advertising scams including adware executables, parked domains, pay-per-click scams or phishing...
View ArticleFacebook spam / happykido.com
This fake Facebook spam leads to malware onDate: Mon, 29 Jul 2013 09:33:38 -0600 [11:33:38 EDT]From: Facebook [update+zj4o40c2_aay@facebookmail.com]Subject: Betsy Wells wants to be...
View Article