Posted by
admin on Friday, February 22nd, 2013 |
5,351 views
Seems that spammers prefer WordPress as blogging platform used to advertise pharmaceutical keywords. We noted a lot of websites compromised and used to host custom installations of WordPress, hidden in subfolders, to promote keywords related to pharmaceutical products. We checked approximately 30 spammed URLs and we noted that t...
Continue reading...
Posted by
admin on Sunday, September 16th, 2012 |
11,956 views
When we analyzed few Twitter followers in one of our websites, we noted that there was an user that was following us, see the image: We have analyzed the website (infected): www (dot) wordpress-how-to-videos (dot) com The website wordpress-how-to-videos(dot)com is hosted at BSE Software GmbH and its current IP address is 82.220....
Continue reading...
Posted by
admin on Thursday, August 9th, 2012 |
11,988 views
URLVoid API is a free service (for non commercial use) that allow users to query our database of already analyzed domains and receive, in XML format, detailed details about each submitted domain. The URLVoid API supports multiple domains in one single query, so you can submit 250 domains and receive details of each domains in [....
Continue reading...
Posted by
admin on Wednesday, June 13th, 2012 |
7,062 views
Phishing email against PayPal users: Header details: Received: from mail14j.g14.rapidsite.net (mail14j.g14.rapidsite.net [128.121.64.175]) Received: from ca1-mx26.mlpsca01.us.mxservers.net (128.121.64.172) by mail14j.g14.rapidsite.net Received: from unknown [128.121.143.147] (EHLO mmm1430.rapidsite.net) by ca1-mx26.mlpsca01.us.m...
Continue reading...
Posted by
admin on Saturday, June 9th, 2012 |
60,539 views
We received few emails with subject: Amazon.com Order Confirmation Inside the email message there is a HREF link that redirects users to a malicious web page containing malicious javascript code used to redirect users to the main URL of Blackhole exploit kit: The Blackhole exploit kit URL is: GET /main.php?page=017f3bb5c2be6a41 ...
Continue reading...
Posted by
admin on Friday, June 8th, 2012 |
11,511 views
We have logged few websites infected with a new injected javascript code that seems to target mainly the websites powered with WordPress and Joomla. Below there is a screenshot of the malicious script: As we can see from the image above, the injected code starts with: <!--Injection_head[SessionID=...]--> And it ends with: ...
Continue reading...
Posted by
admin on Thursday, June 7th, 2012 |
7,455 views
Our honeypot has logged few new Blackhole Exploit Kit activity. The Java exploit file Set.jar is downloaded: GET /Set.jar HTTP/1.1 content-type: application/x-java-archive User-Agent: Mozilla/4.0 (Windows XP 5.1) Java/1.6.0_13 Host: 64.111.24.122 HTTP/1.1 200 OK Server: nginx Date: Wed, 06 Jun 2012 22:43:12 GMT Content-Type: app...
Continue reading...
Posted by
admin on Monday, June 4th, 2012 |
5,106 views
New phishing email used to spread HTML files with fake PayPal login forms: Header details: Received: from ns3.komvos.gr (ns3.komvos.gr [88.198.65.153]) Received: by ns3.komvos.gr (Postfix, from userid 48) Subject: Attention ! Votre compte PayPal a été limité ! From: Service Paypal Date: Mon, 4 Jun 2012 13:00:12 +0300 (EEST) C...
Continue reading...
Posted by
admin on Friday, May 25th, 2012 |
30,833 views
Another phishing email against Italian users of Mastercard / Visa: Header details: Received: from mail.oceano.hn (mail.oceano.hn [63.161.65.43]) Received: from User ([62.215.140.237]) by oceano.hn with MailEnable ESMTP; Fri, 25 May 2012 08:04:39 -0600 Subject: Abbiamo limitato l'accesso visa/mastercard account. Si prega di atten...
Continue reading...
