Happy New Year!

I know it's not 2012 everywhere yet, but it is here, so happy new year everyone!.2011 has been an exceptionally strange, and sometimes downright frustrating year, and I doubt 2012 will be any different as I don't forsee some of the hosting companies/registrars attitudes changing, nor do I see ICANN or Ripe/Arin et al, getting off their backside and doing their damn job for a change.However, 2011

Read More

hpHOSTS - UPDATED 29th December 2011

The hpHOSTS Hosts file has been updated. There is now a total of 230,392 listed hostsnames.If you are NOT using the installer, please read the included Readme.txt file for installation instructions. Enjoy! :)Latest Updated: 29/12/2011 00:15Last Verified: 28/12/2011 22:33Download hpHosts now!http://hosts-file.net/?s=Download

Read More

hpHosts server issues

Due to technical problems, the hpHosts server including the site and forums, will be down for a few hours.My apologies for any inconvenience.

Read More

Ransomware impersonating law enforcement

Ransomware, the practice of providing fake notifications that “you’re infected” and then selling a fake solution that removes the fake malware they just installed, has been a boon for scammers. Now, they’re taking it a step farther, and throwing in a law enforcement scare.This time, an official-looking banner pops up, purporting to be from various law enforcement agencies, localized by region,

Read More

Dear HostNOC - your servers are attacking a friend!

I am assisting a friend at present, with an issue involving IPs constantly attacking his servers, and noted during one of his recent updates, that alot of them were HostNOC - turns out, there's quite the list of them (ignoring the others from known criminal networks). All are RFI etc, and all are already being blocked by ZBBlock (a script written by my friend Zaphod).The problem here, is HostNOCs

Read More

Blackhole exploit: For those wondering, Part 4 - Now its Amazons turn

This one came in whilst I was asleep, no JS MITMs this time, just the link in the e-mail that uses a meta refresh to redirect you to the domain housing the Blackhole exploit itself;Hello,Shipping ConfirmationOrder # 651-5411744-0155168 Your estimated delivery date is:Tuesday, December 13, 2011Track your package

Read More

Blackhole exploit: For those wondering, Part 3 - Fake Facebook e-mail

This one came in an e-mail claiming to be from Facebook, with the usual social engineering rubbish;facebook Hi,You haven't been back to Facebook recently.You have received notifications while you were gone. 1 message

Read More

Fake Firefox e-mail leading to SpyEye trojan

This little chap arrived in my spam box today, and almost got over-looked (I was checking the newest e-mails leading to the Blackhole exploit (one of which, couldn't decide if it was from LinkedIn or the FDIC)), and not surprisingly, is fake.The Payload, all 593KB of it, infects the unwitting victim with the SpyEye trojan. VT detection is utterly rubbish of course - only 2 vendors detecting

Read More

Blackhole exploit: For those wondering, Part 2

I received a comment to the 2009 blog. This one houses a variation of the MO used that I outlined in part 1 (was not going to be a part 2, but it's got a few changes that warranted it).The MO in this case, is;1. Site A2. ExploitThere's no MITMs this time. There's also a slight change in the code used on the exploit page itself, though curiously, it's even easier to decode than the last one (only

Read More

Blackhole exploit: For those wondering

For those wondering and not yet aware. The latest incarnations coming via e-mail have changed MO - the link to the exploit itself, isn't directly in the e-mail anymore. Instead, it goes via;1. Site A2. 4 x MITMs5. Exploit siteIn this case;cadcamengineers.com/6ebc21/index.html-> napaul.com/statcounters.js-> proplastics.rs/statcounters.js-> rodns.eu/statcounters.js-> sashandbow.com.au/

Read More