What happened if Red Kit Exploit Kit team up with BlackHole EK? = Tripple payload + infection of Khelios!

It is the last crusade of the year 2012, crusade was started by the lead of RedKit. We heard that RedKit is going into a heavy customization, so it is good for the new year's adventure as the "different"challenge than BHEK. Sadly, I am in hospital writing this, on duty of waiting for my Dad to be transferred to other place, so I just depend on my Note PC to do analyze this, please bear these initial...

Read More

hpObserver: v0.6.10

Updated hpObserver again today. Nothing spectacular, just changes to the DNS functions to bring them in line with the RFC ammendments (this also means, those no longer classed as NRIP, will no longer show as NRIP and thus offline, in hpObserver).Download:http://support.it-mate.co.uk/?mode=Products&p=hpobser...

Read More

Announce of Multiple Malware Domains Deactivation Progress - The "Operation Tango Down"

To all friends in Malware fighting area and all of the supporter and readers to our MalwareMustDie blog. We have a good news. Our fight against malwares leaps into a next brighter stage. Since all of posted malware cases in MalwareMustDie was not only analyzed, decoded, exposed its infectors layers to its CnC, but through the persistent dedication of our members, we also reported our cases to the authority accordingly and gain a good collaboration with them to receive a cooperation for deactivating...

Read More

hpHosts: Updated 27-12-2012

The hpHOSTS Hosts file has been updated. There is now a total of 189,914 listed hostsnames.If you are NOT using the installer, please read the included Readme.txt file for installation instructions. Enjoy! :)Latest Updated: 27/12/2012 03:00Last Verified: 25/12/2012 09:00Download hpHosts now!http://hosts-file.net/?s=Downl...

Read More

Need telephone answering services part 2: Don't ask eComm Angels

If you've been reading this blog for a few years, you may remember back in 2009, a post regarding Frontline. Since then, there's been one other company constantly attempting to spam the blog - eComm Angels.The latest of these being just a few hours ago, containing;thats a good kind of information i agree with you and i realy like your post thanks for sharing.eCommAngelsWith "eCommAngels"...

Read More

Happy Christmas!

Just a little note to say happy christmas ladies and gents.Whilst things have been going rather hayward of late (blueray/DVD player died around 30 mins ago - bleedin typical), there have been some rather fantastic things of note - first of which, the hpHosts historical records, expected to hit 8 million records by the end of the year, actually past 8 million late last night (24th), very...

Read More

The Crime Still Goes On: Trojan Fareit Credential Stealer - New Server, Same Group, Same Game (via BHEK/Cridex)

As per posted A WEEK AGO here -->>[Prev.Post] that Crime Group STILL infects victims.The infector concepts and binary works is exactly the same as previous,Infection Source Summary & Trojan Communication InfoSpam infector:URL: h00p://www.irwra.com/wp-content/themes/mantra/uploads/cpa_inform.htmServer: Apache, WordPress IP: 50.116.98.44Blackhole:Landing: h00p://latticesoft.net/detects/continues-little.phpServer:...

Read More

ALERT: Emails purporting to be from mail/postal service

Received 13 emails between 16:36 on the 18th and 01:37 this morning, purporting to be from various postal/mail services. Already knew they were bogus and malicious, and as usual, checked the URLs. Only one of them is a 404, the rest, are still live and lead to a Bredolab variant.Subjects thus far:Tracking Detail (K)XC02 352 185 3167 5388Tracking Number (M)EDQ71 831 499 0086 9924Tracking...

Read More

Getting more "Personal" & Deeper into Cridex joint with Fareit Credential Stealer Infection

I was posting this findings scattered in twitters, VirusTotal, KernelMode (thank's -to @Xylit0l for the invitation), so is time to make it together..And I'm advising you to make documentation is 1,000 times more important,it sucks, time consuming, yet a perfect strategy to fight these moronz.Started from a spam lead to redirector page, lead usto Blackhole(v2.01) landing page,below is the sites://Redirector:...

Read More