Eset: Support-Scammer Tricks

Having been blogging this topic for quite a while, I figure this might be a good time to highlight some of the snippets of information that people have posted on some of those blogs (anonymized, of course). You might also be interested in a resource page I've started here at AVIEN.One prospective victim instructed to connect via the Run window to www.support.me. This turns out to belong to...

Read More

hpHOSTS - UPDATED November 21st, 2011

The hpHOSTS Hosts file has been updated. There is now a total of 216,044 listed hostsnames.If you are NOT using the installer, please read the included Readme.txt file for installation instructions. Enjoy! :)Latest Updated: 21/11/2011 18:30Last Verified: 21/11/2011 19:00Download hpHosts now!http://hosts-file.net/?s=Downl...

Read More

up-yours.com - Here we go again

I thought I'd made this clear, but apparently not. I got an e-mail earlier, from a RoadRunner IP (residential US ISP), using an @up-yours.com address.There's two problems here however;1. It's an invalid address, so can't reply2. The e-mail houses a childish threat, without actually telling me what I did to deserve it*********************************************************************General**...

Read More

Lavasoft gone dodgy?

According to a post at my favorite news site, it looks like Lavasoft' new owners are the infamous chaps behind the well known "Interactive Brands". Should've seen this coming really, given they de-listed the well known malware player, WhenU, some time ago - I know that was 6 years ago, but it can't just be a coincidence, especially given who the new owners are.Anti-spyware company Lavasoft AB is...

Read More

Internet.bs still not accepting abuse reports

You may remember, in September I blogged about Internet.BS, well known as a bulletproof provider for domain registrations.Sadly, neither Verisign nor ICANN have done anything, and Internet.bs are still refusing reports (I say refusing because whilst the error is a 450, they were notified months ago and it's still producing the same error, preventing reports going through), courtesy of the Gmail...

Read More

Facebook Likes and cold-call scams

Following an article I wrote recently for SC Magazine, Martijn Grooten of Virus Bulletin, who shares my interest in and dislike of support desk scams, contacted me about the web site associated with eFIX, a company claiming to offer online technical support. He and I, along with Steven Burn, who has a great deal of experience of working in this area, have been able to dig out some interesting...

Read More

webhosting.info compromised

Look at the image on the left. See anything that shouldn't be there?I'll give you a hint - it's got a black background.I identified this whilst doing a routine enquiry on an IP housing a plethora of fake meds sites. I dropped a note to the sites owner and registrar, who informed me it most definitely should NOT be there.The content in question, is;

Popular Posts

• dDos: it-mate.co.uk, forum.avantbrowser.com server

  You've probably noticed by now that the server that houses it-mate.co.uk and forum.avantbrowser.com (amongst others), is down and has be...
• 

  Cridex + Fareit Infection Analysis - "dozakialko.ru:8080" A Credential Stealer Case

  [NEW] Fri Jan 18 13:44:56 JST 2013 The New Infector Domain of dfudont.ru:8080 was detected & analyzed--> >[HERE] PS: dfudont.ru:80...
• Blackshades on the move again

  Having been suspended from more hosts than I care to remember, Blackshades are on the move again today, having been suspended from Snelis. T...
• 

  [Updated] How EVIL the PHP/C99Shell can be? From SQL Dumper, Hacktools, to Trojan Distributor Future?

  *) This post is dedicated to MalwareMustDie Malware Crusaders team involved! Maybe some of you read our previous blog ( HERE ) when we crack...
• Monitoring a BlackHole Exploit Kit Services & Infectors (Target: 203.91.113.6)

  Monitoring the activity of one blackhole (in short: BHEK) host means spending time on it for days. I picked one positive BHEK host in 203.91...
• [INFO] Email server issues

  Just a note folks, the incoming mail server started having issues again yesterday (incoming server is controlled by Domain Monster). Spoke t...
• The crusaders' note : Suspected JS/RunForrestRun aka PseudoRandom's NEW bad actor scheme is on going..

  Following the previous blog posts, the cases of PseudoRandom or JS/RunForrestRun infector, in this Crusade we found the new bad actor's ...
• 

  (Peeling + Exposal) Kelihos via Redkit, mass-infection threat following unfortnate US disaster news..

  We all know about what had happened in US recently, it is a very sad & unfortunate situation. People died during the accident and the ma...
• Blackhole exploit: The AT&T and Verizon connection

  Looks like the Blackhole folk are branching out from the usual LinkedIn etc, e-mails leading to the Blackhole exploit. Nothing new as far as...
• 

  The result on 48hours+ in battle with Kelihos < request for FURTHER block/dismantle cooperation & support. #Tango is going down..

  This post is dedicated to many.. so many of wonderful individuals involved with the effort to stand against Kelihos P2P malware infection. T...

Blog Archive

• ►  2013 (83)
  • ►  tháng 9 (1)
  • ►  tháng 8 (4)
  • ►  tháng 7 (12)
  • ►  tháng 6 (9)
  • ►  tháng 5 (9)
  • ►  tháng 4 (10)
  • ►  tháng 3 (6)
  • ►  tháng 2 (14)
  • ►  tháng 1 (18)

• ►  2012 (135)
  • ►  tháng 12 (16)
  • ►  tháng 11 (14)
  • ►  tháng 10 (18)
  • ►  tháng 9 (14)
  • ►  tháng 8 (16)
  • ►  tháng 7 (6)
  • ►  tháng 6 (7)
  • ►  tháng 5 (5)
  • ►  tháng 4 (7)
  • ►  tháng 3 (12)
  • ►  tháng 2 (9)
  • ►  tháng 1 (11)

• ▼  2011 (108)
  • ►  tháng 12 (10)
  • ▼  tháng 11 (7)
    • Eset: Support-Scammer Tricks
    • hpHOSTS - UPDATED November 21st, 2011
    • up-yours.com - Here we go again
    • Lavasoft gone dodgy?
    • Internet.bs still not accepting abuse reports
    • Facebook Likes and cold-call scams
    • webhosting.info compromised
  • ►  tháng 10 (5)
  • ►  tháng 9 (12)
  • ►  tháng 8 (10)
  • ►  tháng 7 (13)
  • ►  tháng 6 (13)
  • ►  tháng 5 (12)
  • ►  tháng 4 (4)
  • ►  tháng 3 (10)
  • ►  tháng 2 (6)
  • ►  tháng 1 (6)

• ►  2010 (178)
  • ►  tháng 12 (5)
  • ►  tháng 11 (4)
  • ►  tháng 10 (12)
  • ►  tháng 9 (13)
  • ►  tháng 8 (15)
  • ►  tháng 7 (13)
  • ►  tháng 6 (23)
  • ►  tháng 5 (17)
  • ►  tháng 4 (14)
  • ►  tháng 3 (18)
  • ►  tháng 2 (17)
  • ►  tháng 1 (27)

• ►  2009 (93)
  • ►  tháng 12 (31)
  • ►  tháng 11 (36)
  • ►  tháng 10 (26)

• ►  2004 (1)
  • ►  tháng 10 (1)