During our research for the latest Malicious Page of the Month that has just been released, we came across a domain that was being used as a command and control for the Crimeware that was executed on attacked machines. This domain was also used as the “drop site” for private information being harvested by that [...]
Posts under ‘Finjan’
On the (dis)merits of privacy
Following up on my last post, after filing a complaint with the abuse department of privacyprotect.org (and blogging about the problem), I have just received an update noting that:
–quote–
On investigating on your complaint , we have determined that the domain name “SPYWARESAFE.NET ” is in violation of the terms of usage of the Privacy Protect [...]
Taking down a malicious site – the good, the bad, and the ugly…
As part of the “closure” on the February Malicious Page of the Month, which involved meoryprof.info (taken down), and spywaresafe.net we have contacted the appropriate parties in order to notify them that these websites contain malicious code.
Meoryprof.info was the first to buckle (probably under the press exposure), but spywaresafe.net have managed to stay afloat for [...]
Optimizing Cross Site Scripting – and general security practices
We have been working recently on a XSS attack that impacted a huge number of potential victims, as the attack itself has been “optimized” by SEO (Seacrh Engine Optimization) practices that pushed it to Google’s indexes.
In itself, this is not a new technique, but the sheer size of it made us take a second look [...]
Crimeware server and the international man of mystery
While conducting research for the latest Malicious Page of the Month we have just released, we tried to track down the origins of the crimeware.
Obviously, this is a daunting task by itself, and although sometimes security researchers are able to point at specific people as the ones running the criminal activity, it does not always [...]
The impact of just 5 random letters…
We have been watching in amazement the impact our latest Malicious Page of the Month had on the industry and media.
From coverage at Fox Business News, and the Washington Post, all the way to the more “traditional” security outlets such as SecurityFocus, SC Magazine and bloggers such as Dancho Danchev.
The scary thing is the non-media related [...]
And the winner for “top virus” of 2007 is…
Not a virus. Not even a malware. Neither is the runner up… It’s the method of how malware is populated.
According to a report, the most common malware attack in 2007 is the notorious IFRAME.
On our monthly and quarterly reports we provided more in-depth analysis of such top-ranking IFRAME and obfuscated code.
In Finjan’s terminology, the top-ranked [...]
New Orkut worm takes us back in the wayback machine
I just love it how old news are recycled with a bit of a flare when they become relevant again. The latest Orkut worm reports talk about the technique that the worm writer has used to distribute its code. Quoting from the original article above: “It then downloads and executes a heavily obfuscated JavaScript”… looking [...]
IFRAME is a security risk???
Ok, I have just read the latest in “IFRAME Security” articles and had to write something about it. While going through my usual RSS feeds, I stumbled onto this article, which tries to summarize why “iframes are a security risk”. Not to pick on the specific article, but this is not the first time that [...]
Playing with obfuscators – teaching an old dog new tricks…
So our Malicious Page of the Month for September is out now. Going over the details of the document, I wanted to re-visit an old habit I had back in the days of putting code to the test – especially when the code in subject is simple, and has been signature to hell by every [...]