Category: Finjan
-
Crimeware server catering to “grab and run†criminals
During our research for the latest Malicious Page of the Month that has just been released, we came across a domain that was being used as a command and control for the Crimeware that was executed on attacked machines. This domain was also used as the “drop site†for private information being harvested by that…
-
On the (dis)merits of privacy
Following up on my last post, after filing a complaint with the abuse department of privacyprotect.org (and blogging about the problem), I have just received an update noting that: –quote– On investigating on your complaint , we have determined that the domain name “SPYWARESAFE.NET ” is in violation of the terms of usage of the…
-
Taking down a malicious site – the good, the bad, and the ugly…
As part of the “closure” on the February Malicious Page of the Month, which involved meoryprof.info (taken down), and spywaresafe.net we have contacted the appropriate parties in order to notify them that these websites contain malicious code. Meoryprof.info was the first to buckle (probably under the press exposure), but spywaresafe.net have managed to stay afloat…
-
Optimizing Cross Site Scripting – and general security practices
We have been working recently on a XSS attack that impacted a huge number of potential victims, as the attack itself has been “optimized†by SEO (Seacrh Engine Optimization) practices that pushed it to Google’s indexes. In itself, this is not a new technique, but the sheer size of it made us take a second…
-
Crimeware server and the international man of mystery
While conducting research for the latest Malicious Page of the Month we have just released, we tried to track down the origins of the crimeware. Obviously, this is a daunting task by itself, and although sometimes security researchers are able to point at specific people as the ones running the criminal activity, it does not…