Posted by
admin on Friday, December 21st, 2012 |
16,675 views
We have received an email that states we have an unread message and someone has sent us a private message. But it does not state if the unread message is from a social network, it only says it comes from SecureMessage.System, as you can see from this image: The body of the email is this: […]
Continue reading...
Posted by
admin on Thursday, December 20th, 2012 |
23,833 views
We started to receive emails that state our Facebook account has been blocked due to suspicious activity and to activate it we should click on a URL. Clearly this is a scam, the email seems to be sent by an email account from China, see the image below: This is an image of the body […]
Continue reading...
Posted by
admin on Tuesday, November 27th, 2012 |
15,889 views
We just logged a new C&C bot named KBOT: Content of the /js/ folder: Content of the /images/ folder: Content of the /css/ folder: Malware activity (cb119a6b42da7bba1b6151f2e0bd6f1e): File Created - %SAMPLE% - %Temp%\epbUex.UxO - A7A21220689BD796F6B74E5D983D810E - 2560 bytes - attr: [] - PE Connection Established - C:\WINDOW...
Continue reading...
Posted by
admin on Thursday, February 23rd, 2012 |
18,755 views
We received another suspicious email that spreads a phishing URL: The A HREF link redirects to the phishing URL: hxxp:// restore.account.sysadmin-center .com/paypal/restore/webscrcmd=_login-run/webscrcmd=_account-run/confirm-paypal/restore=_paypal-account/updates-paypal/ Email header details: Received: from main.pensativo.nl (ma...
Continue reading...
Posted by
admin on Thursday, February 16th, 2012 |
16,968 views
New phishing email used to steal Skype login details: The A HREF link: Please click here to verify your identity Redirects users to the malicious URL: hxxp://login.skype.com.kad-s .com/
Continue reading...
Posted by
admin on Tuesday, February 14th, 2012 |
26,461 views
We have noted recently various messages posted by Facebook users that promote few methods to find out who visits your Facebook profile. At the end of the message there is a link to a Bit.ly shortened URL, as you can see from this image: The shortened URL redirects the users to a malicious URL: HTTP/1.1 […]
Continue reading...
Posted by
admin on Sunday, February 12th, 2012 |
16,064 views
We have received a suspicious email: Received: from unknown (HELO userb) (***@globaltires.es@177.0.120.119) Subject: Cotacao solicitada. MIME-Version: 1.0 Date: Sat, 11 Feb 2012 17:56:37 -0300 Email message is in HTML and the page source looks like: As you can see, from this code: <A href="hxxp://groupnetvect .co.de"...
Continue reading...
Posted by
admin on Saturday, February 4th, 2012 |
16,216 views
Honeypots have reported another case of malicious iframe code that is generally added after the end of the HTML tag, at the end of the website page, as you can see from the image below: We have also noted another website that redirects users to a fake porn video streaming website with the main objective […]
Continue reading...
Posted by
admin on Wednesday, February 1st, 2012 |
13,362 views
We noted few websites infected with the following code (Gumblar-style?): Extracted malicious URL: hxxp://vohfakai .co.cc/1584179.jpg URLVoid report: http://www.urlvoid.com/scan/vohfakai.co.cc Unfortunately (fortunately) the malicious URL is not online, but I am sure it was used to spread malicious javascript code or iframe code,...
Continue reading...
Posted by
admin on Tuesday, January 31st, 2012 |
18,991 views
Another hidden and malicious iframe is spreading by infecting websites: The iframe code is added before the BODY tag of the HTML page and is obfuscated: The extracted malicious link is: hxxp://alias .jjbworks .com/analytics.php Details about the malicious domain: Website: alias .jjbworks .com Domain Hash: 2f8f518cb5d452fca78b8c1...
Continue reading...
