Two Tweet Weeks: October 4 – October 17, 2010
Selected short messages and links you might have missed if you don’t follow me on Twitter.
Tweet Week: September 27 – October 3, 2010
Selected short messages and links you might have missed if you don’t follow me on Twitter.
New WP hosting, ASP.Net patch, Safe Browsing for network admins, what’s riskier than porn … »»
Tweet Week: April 5-11, 2010
Selected short messages and links you might have missed if you don’t follow me on Twitter.
mass WP hack on Network Solutions, virtualization, Google Webmaster Tools, etc … »»
Tweet Week: March 29 – April 4, 2010
Selected short messages and links you might have missed if you don’t follow me on Twitter.
security patches, SpyEye vs. Zeus, Black-hat SEO, Google vs phishing … »»
Web of Koobface
This research is provoked by the following blogpost of Joshua Long where he lists domain names used by Koobface. Generally, I focus on website hacks and don’t research malware distributed via email spam and social networks (Koobface is an anagram of Facebook). However that list showed me how legitimate hacked sites were integrated into Koobface scheme and I decided to try to investigate how the whole thing worked.
Joshua’s list was a good starting point. I saw multiple rogue blogspot blogs that followed the same pattern and multiple compromised sites where those blogs redirected to. For some reason, most of the functionality of the malicious pages on the hacked sites is implemented as a client-side JavaScript, so I could easily retrieve and analyze those scripts. They provided me with very interesting details about the internals of the attack: sites it expected as referrers and usage of infected PCs. As a result I came up to the following scheme:
Koobface attack flow and other details »»
Google Analytics is an Intermediary in Malware Distribution
Just checked one site that Google lists as suspicious. And here is what I discovered on the Safe Browsing diagnostic page
New Version of Unmask Parasites Released
Happy Chinese New Year!
I’ve got a new version of Unmask Parasites. It’s a free online tool that helps site owners reveal hidden security problems. Hope you will like it.
Safe Browsing Integration.
The major new feature is the integration with Google’s Safe Browsing project. Now examined links and all referenced domains are checked against Google’s blacklist. It’s the same list that Firefox 3, Safari and Google Chrome use.
The results will clearly indicate whether a page links to suspicious sites (bad neighborhoods) or generates security warnings in Google’s search results and in popular modern web browsers. Continue »»
About this blog
Occasional posts from the developer of
Unmask Parasites about things that hackers already know and site owners should know (if they don't want to be victims).
Exploit reviews, security tips, and all that jazz.
