Tag: Attack Vector

  • Botnet communications moving to Web2.0

    Botnets moving to web2.0 communication utilizing twitter (and web services in the future) to communicate.

  • Are you Conficker-proof? Do you really need to be?

    What a great way to sum up my last couple of posts – the Conficker media frenzy, and social aspects of web attacks. You can’t come up with these things anymore… Seems (for now) that the only real thing that came out of the Conficker issue is the fact that INFECTED machines started to look […]

  • Social networking threats – the “hacker” story

    As the social networking threats angle is picking up a lot of traction lately <pat_on_own_back>,  the folks at Netragard have posted a great write-up on using social networks as an attack tool – involving both social engineering as well as technical exploits. The post can be found here, and I just want to quote a couple of […]

  • Fighting an infection vector with new standards – ClickJacking

    If you haven’t heard yet, the newest version of Microsoft’s Internet Explorer 8 (RC1) have been endowed with support for “Anti-Clickjacking” (for more background on clickjacking, check out: http://ha.ckers.org/blog/20080915/clickjacking/). This new feature is basically an implementation for a new header (X-FRAME-OPTIONS) that is returned from a server which defines the scope of “netsing” that is […]

  • Malicious code, exploit vectors or top-programmer job?

    What would you say if you saw one of these code snippets in a website you browse to: dim tass Set tass = CreateObject(“CnsHelper.CH”) If IsObject(tass) then HasCns = true else HasCns = false end if or: function winIE5upPlyrDetect(){ var playerAxObj; var iectlAxObj; try{ iectlAxObj = new ActiveXObject(“Shell.Explorer”); } catch(e){ } try{ or: var fs […]