Skip navigation.
Home

kreepz86's blog

Not detected yet!?

While checking my email yesterday at Hotmail I got an email from a nicole smith. The email was an attachment of what appeared to be a valid jpg file: "nicole256.jpg". When I put my mouse on the image I noticed the link on the status bar was not to the "nicole256.jpg" file but instead to another site "hxxp://201.241.111.30/pics/nicole256.php". needless to say, it was a spoofed link to an "exe" file. I downloaded the file and scanned it with avp kav 7.0 with the very latest definitions and it found nothing. Nope, not even as suspicious. I have included 3 screenshots: what appeared as a suspicious string of the source code of the hotmail page and 2 screen captures of the scan from virus total, several scanners did register it as malware and a couple as suspicious. Is this a new technique/method of infecting? For a long time now, hotmail had always restricted almost all attachments but this one seemed to get by with no problem.

MySpace Phish and Drive-by attack vector propagating Fast Flux network growth

Some MySpace profiles hit with a Web attack
Posted by Robert Vamosi

At some point within the last week, some MySpace user pages were seeded with malicious computer code. The malicious code seeks to exploit Microsoft Windows and Internet Explorer using recently patched security holes. The hope is that you haven't patched your computer yet. If you're a MySpace visitor and you visit one of the infected pages, you'll be redirected to a fake MySpace log-in page aiming to steal the visitor's MySpace user name and password. The attack employs phishing and drive-by download techniques.

SANS' Internet Storm Center offers a detailed breakdown of the attack.

Jitko a tool to turn any Javascript enabled browser into a component of a botnet

It seems that the Javascript botnet code that was announced at Shmoocon last month has been leaked.

The code known as Jitko was designed to turn any Javascript enabled browser into a component of a botnet. Written by Billy Hoffman from Spy Dynamics the code was presented at Shmoocon, the code was placed unprotected on a publicly visible web server where eagle-eyed conference goers where able to copy the URL and download a copy of the code for themselves.

Syndicate content