ALERT: Wonga phish

Strange choice of companies to impersonate in a phishing scam if you ask me, but never the less, this just arrived in my inbox;Customer Satisfaction Survey 2013At Wonga.com, we sincerely value your opinions.As part of our continuous improvement process, we're conducting a survey to benchmark the opinions of our customers.We will use the resulting information to better serve the needs of...

Read More

Microsoft Toolkit: Download Toolkit to Disable Automatic Delivery of Internet Explorer 10

To help our customers become more secure and up-to-date, Microsoft will distribute Windows Internet Explorer 10 as an important update through Automatic Updates for Windows 7 SP1 and higher for x64 and x86 and Windows Server 2008 R2 SP1 and higher for x64.This Blocker Toolkit is made available to those who would like to block automatic delivery of Internet Explorer 10 to machines in environments...

Read More

Misleading marketing: Adf.ly whack-a-mole

Yep, yet another round of misleading marketing, and yep, also via adf.ly (not entirely their fault), with the exception of one, that was via Google.We'll do the Google one first. This was found advertised on cacaweb.com (owned by a friend, will be dropping him an email about it);And where does it lead to? Well, let's take a walk through the redirection path shall we;1. hxxp...

Read More

Peeking at Anon JDB Exploit Kit infector (212.7.192.100/jdb/inf.php?id=xxx) with AV verdicted called "DarkKomet", but actually a NayraBOT/AryaNBot an IRC Backdoor USB Worm

BackgroundThere are good investigations that make you feel good after decoding everything up, and there are also some incompleted ones, like this story. Which is really annoying me in the end, but I decided to release it anyway, for sharing information purpose.Why this wasn't good? Actually is not *that* bad, I got the exploit kit script figured well, but missing the JAR exploit infector file thus...

Read More

Hulk teams up with the Malware Crusaders to smash The CrimeBoss! (infector abrahamspath.org.uk//cb.php)

BackgroundThis post is made 100% by one of our dedicated friend @Hulk_Crusaderas the success story of a collaboration in fighting malware infector CrimeBoss. Thank's for Hulk for the hard work contributing his writing in our blog!Some of the analysis is still under-going so the details will be added regularly.On a cold January night we find The Hulk passing time surfing the internet when he encounters...

Read More

When the PWS Stealer try to improve their way to steal... a story of Cridex/PWS Fareit (via Blackhole EK at eziponoma.ru:8080)

The backgroundIt's been while since we didn't take a look into the Cridex infection. Counting the day of we first noticed this group, until the day I write this post, it should have been almost five months yet the bad actors still do their business as usual. The infection source is spam redirected into some redirector pages to be forwarded to the landing page of the most popular exploit kit, Blackhole,...

Read More