msgbartop
Unmask Parasites - Check your web pages for hidden links, iframes, malicious scripts, unauthorized redirects and other signs of security problems.
msgbarbottom
Loading site search ...

Tweet Week: October 25-31, 2010

01 Nov 10   Filed in Tweet Week with Comments Off

Selected short messages and links you might have missed if you don’t follow me on Twitter.

New security holes and updates plus things that can help mitigate security issues … »»

Web of Koobface

27 Feb 10   Filed in Website exploits with 5 Comments

This research is provoked by the following blogpost of Joshua Long where he lists domain names used by Koobface. Generally, I focus on website hacks and don’t research malware distributed via email spam and social networks (Koobface is an anagram of Facebook). However that list showed me how legitimate hacked sites were integrated into Koobface scheme and I decided to try to investigate how the whole thing worked.

Joshua’s list was a good starting point. I saw multiple rogue blogspot blogs that followed the same pattern and multiple compromised sites where those blogs redirected to. For some reason, most of the functionality of the malicious pages on the hacked sites is implemented as a client-side JavaScript, so I could easily retrieve and analyze those scripts. They provided me with very interesting details about the internals of the attack: sites it expected as referrers and usage of infected PCs. As a result I came up to the following scheme:
Koobface attack flow and other details »»

Tweet Week: Oct 19-25, 2009

25 Oct 09   Filed in Tweet Week with Comments Off

Selected short messages and links you might have missed if you don’t follow me on Twitter.

Oct 21, 2009

Retweeting @wordpress: WordPress 2.8.5: Hardening Release – Upgrade is highly recommended

Oct 22, 2009

Adobe Reader downloads are now bundled with free McAfee Security Scan. At least if you select a Windows version.

Oct 24, 2009

Best Practices for Verifying and Cleaning up a Compromised Site – from Google security team

Oct 25, 2009

[link:TrenMicro] 8 Things You Probably Didn’t Know About KOOBFACE

If you want more real-time experience, you can follow @unmaskparasites on Twitter.

Similar posts: