Certainly took them long enough, but having been the latest service to be bombarded and misused by criminals, it seems at least one of the many heavily abused providers has seen sense and cancelled the option to create a free "domain" through them.
If you've been taking note, you'll have noticed the sheer volume of hostnames created on *.co.tv that have been involved in fake meds and exploits.
Chủ Nhật, 28 tháng 8, 2011
Thứ Bảy, 27 tháng 8, 2011
ALERT: clickme**.fileave.com Part 2
And courtesy of my friend Anthony at MalwareURL (and I'm shamefully admitting to not thinking of checking this myself), here comes another 328 of them;
http://clickmeaa.fileave.com/
http://clickmeab.fileave.com/
http://clickmeac.fileave.com/
http://clickmead.fileave.com/
http://clickmeae.fileave.com/
http://clickmeaf.fileave.com/
http://clickmeag.fileave.com/
http://clickmeah.fileave.com/
http:/
http://clickmeaa.fileave.com/
http://clickmeab.fileave.com/
http://clickmeac.fileave.com/
http://clickmead.fileave.com/
http://clickmeae.fileave.com/
http://clickmeaf.fileave.com/
http://clickmeag.fileave.com/
http://clickmeah.fileave.com/
http:/
ALERT: clickme**.fileave.com
Yet another mass compromise going on recently folks (yep, surprise surprise). This time, the malicious code leads to a URL in the format;
clickme**.fileave.com
Where ** are letters based on the date/time. Yesterday (27th), these were clickmen[a-z].fileave.com, and today these are rather predictably, clickmeo[a-z].fileave.com.
Yesterdays were reported to both Network Solutions, and to FileAve (
clickme**.fileave.com
Where ** are letters based on the date/time. Yesterday (27th), these were clickmen[a-z].fileave.com, and today these are rather predictably, clickmeo[a-z].fileave.com.
Yesterdays were reported to both Network Solutions, and to FileAve (
hpHosts: Updated August 27th 2011
I know it's late folks, and my apologies (better late than never?). Sadly the connection has been rubbish lately (I had a second phone and broadband line installed with another provider Wednesday gone and the current line is being re-provisioned, so should hopefully see the issues vanish).
The hpHOSTS Hosts file has been updated. There is now a total of 189,155 listed hostsnames.
If you are NOT
The hpHOSTS Hosts file has been updated. There is now a total of 189,155 listed hostsnames.
If you are NOT
Thứ Năm, 25 tháng 8, 2011
ALERT: Windows Live Phish
There's another phish doing the rounds lately it seems, this time targetting Windows Live users.
If you've received an e-mail similar to the following, click "Mark As" > "Phishing Scam" and delete it - DO NOT CLICK THE LINK!
Windows-Live - Account ALERT! - *Re-activate your account* (24-Aug)?
Dear (email address),
We are sending you this e-mail because Microsoft SmartScreen Technology has
If you've received an e-mail similar to the following, click "Mark As" > "Phishing Scam" and delete it - DO NOT CLICK THE LINK!
Windows-Live - Account ALERT! - *Re-activate your account* (24-Aug)?
Dear (email address),
We are sending you this e-mail because Microsoft SmartScreen Technology has
Thứ Năm, 11 tháng 8, 2011
Alert: Inferno.name criminality and malware - again
Something evil on 95.168.177.144: reddingtaxcm.com and inferno.name
reddingtaxcm.com is a legitimate domain that is registered at GoDaddy and has been hijacked to serve up malware, hosted on 95.168.177.144 (NetDirekt, Germany but more below..).
The malware appears to be a variant of Vundo / Virtumundo, the infection mechanism looks to be some sort of injection attack on third party sites.
reddingtaxcm.com is a legitimate domain that is registered at GoDaddy and has been hijacked to serve up malware, hosted on 95.168.177.144 (NetDirekt, Germany but more below..).
The malware appears to be a variant of Vundo / Virtumundo, the infection mechanism looks to be some sort of injection attack on third party sites.
Thứ Tư, 10 tháng 8, 2011
Using LinkedIn? Seen this yet?
Few people asked me to join LinkedIn recently, a site I've avoided like all other social networks for as long as I can remember, and I decided "at least it's not Facebook" (who themselves have now decided to get even worse), so popped over. I already know that social networks can't be trusted, they've proven that time and time again, and now it seems LinkedIn are proving it themselves;
hpObserver, hpHosts, BotScout
A few updates today folks. Firstly, I've published a new hpObserver release. Nothing special, just a couple of bug fixes.
The hpHosts release has also been delayed due to a worse than rubbish connection, drastically slowing down the validation process (almost 24 hours just to run a DNS validation on 3600 domains (only seems to be DNS affected by the slowdown so far)).
I also noted yesterday
The hpHosts release has also been delayed due to a worse than rubbish connection, drastically slowing down the validation process (almost 24 hours just to run a DNS validation on 3600 domains (only seems to be DNS affected by the slowdown so far)).
I also noted yesterday
Chủ Nhật, 7 tháng 8, 2011
hpObserver v0.6.4
Version: 0.6.4Added: List ASN associated with IP. Fixed: IP formatting when saving to text and there's more than one IP Downloadhttp://support.it-mate.co.uk/?mode=Products&act=DL&p=hpobserver
Thứ Tư, 3 tháng 8, 2011
ALERT: mstdpro.com and botnets
Just a warning folks, there's a replacement for the now suspended rulesbreacker.com/wsumg.com botnet, and it's mstdpro.com. Resolving to residential IPs and serving exploits and a trojan through URLs such as;mstdpro.com/mydata/forms/apisrv.phpmstdpro.com/appserver/mstdpro.com/efs/servlet/military/login.jspmstdpro.com/app/bps/main/mstdpro.com/arc/files/mstdpro.com/arc/files/archivo.exemstdpro.com/