LockerGoga Ransomware Family Used in Targeted Attacks
...first on McAfee Blogs. Read more: LockerGoga Ransomware Family Used in Targeted Attacks Incoming search terms emirate net ae mail Comcast=@comcast net mail @aol com @att net mail Pes 2018... more…Ztorg: money for infecting your smartphone
...(usually supersonicads.com and aptrk.com). After a few redirections from ad service domains (in one case there were 27 redirections) the app goes to global.ymtracking.com or avazutracking.net. These URLs are related... more…Attack on Zygote: a new twist in the evolution of mobile threats
...the host application is com.android.email, com.android.contacts etc.), the Trojan does nothing. If the host application is com.android.phone, Triada registers broadcast receivers for the intents with actions com.ops.sms.core.broadcast.request.status and com.ops.sms.core.broadcast.back.open.gprs.network. It... more…SPAM Hack Targets WordPress Core Install Directories
...by doing some Google searches: http://www.immunomix.com/ITIpress/wp-includes/finance/paydayloan/payday-loans-instant.htmlhttp://microwaveamps.co.uk/wp-includes/js/thickbox/lib/loans/payday-loans-in-london-uk.htmlhttp://www.scifidimensions.com/wp-includes/finance/cashadvance/cash-advance-loan-lenders.htmlhttp://www.beereading.com/wp-includes/finance/cashadvance/cash-advance-loans.htmlhttp://vastema.com/wp-includes/cheap-hermes-lindy-bags-on-sale.htmlhttp://www.antibabypillerezeptfrei.net/wp-includes/js/crop/advancement/helpers/blrmalaysiabank.htmlhttp://todayscliche.com/wp-includes/palco.html http://www.ethosindia.com/wp-includes/mambo.php?p=55http://www.turnerforte.com/blog/wp-includes/finance/cashadvance/cash-advance-credit.htmlhttp://www.ednapletonblog.com/wp-includes/werty/replica-36596.htmlhttp://www.pettycustomhomes.com/wp-includes/cheap-kids-nba-jerseys-3167596.htmlhttp://www.pondproshop.com/reference/wp-includes/catalog/services/vybe/vybe-band-reviews.htmlhttp://firefly-path.net/wp-includes/pomo/qwe/4/Buy-Balenciaga-High-Quality-Replica-Clutches.phphttp://wolfgangcapellari.com/wp-includes/pomo/rolex-imitation.htmlhttp://byphandyman.com.au/wp-includes/people/replica-bvlgari-fake-watches.htmlhttp://rumbaytimbal.com/wp-includes/reviews/http://www.preservinggoodstock.com/wp-includes/louis-vuitton-bags-5641302.htmlhttp://www.domagojkovacic.com/wp-includes/wholesale-jerseys-from-china-7479567.htmlhttp://maciejkot.pl/wp-includes/detect.htmlhttp://allinseopack.com/wp-includes/js/plupload/oscar-leeser-bio-i12.comhttp://www.marinavendrell.com/wp-includes/store/diet/solpria/solpria-cleanse-reviews.htmlhttp://missouriche.org/wp-includes/louisvuitton19.htmlhttp://vastema.com/wp-includes/replica-hermes-birkin-25-cm.htmlhttp://www.conemund.org/eng/wp-includes/replica.phphttp://cri-technologies.com/wp-includes/pomo/mkheaf.php?psdjvwei=uplink%20dwdhttp://www.giser.net/wp-includes/headt.phphttp://chicksdigme.com/wp-includes-old/vanilla-sky-lyrics-owl-city-i0.comhttp://jewelrypictures.org/wp-includes/js/imgareaselect/ghd-machine-i5.comhttp://www.jobshopsf.com/wp/wp-includes/finance/autoloan/car-loan.htmlhttp://www.ebrice.com/wp-includes/shop/health/tagaway/buy-tag-away-discount-price.htmlhttp://amr-nadim.net/wp-includes/fake-hermes-clic-clac-bracelet–5621.htmlhttp://jesicaglot.com.ar/wp-includes/news/replica-watches_14626.htmlhttp://funaki.ens-serve.net/wp-includes/images/news/black-evening-dresses.htmlhttp://linkarbeid.no/wp-includes/replica-celine-tas.htmlhttp://www.iwillstandupforyou.com/wp-includes/nfljerseys-19244-6847676.htmlhttp://www.viparenda.com.ua/wp-includes/pomo/index/shorewatches.htmhttp://www.lelieuunique.com/site/wp-includes/wp-about.php?p=124-chaussure-christian-louboutin-pas-cher.htmlhttp://redtouch.com.mt/wp-includes/news/oris-aquis-depth-gauge-replica-watch-hands-on.htmlhttp://www.stridesforstars.com/wp-includes/rewrite/list.html http://perfectgroup.se/wp-includes/replica/rolexhttp://www.cowalrugby.co.uk/wp-includes.phphttp://janmccraylaw.com/wp-includes/watches/replica-32802.htmlhttp://bekarty.pl/wp-includes/be/cartier-swiss-replica.htmlhttp://conceitorio.com.br/home/wp-includes/indo/rolex-airking.htmlhttp://www.liftstudios.ca/wp-includes/images/arrows/lib/chanel/wallets/Chanel-Wallet-On-a-Chain-Replica.phphttp://mag.amazing-kids.org/wp-includes/js/crop/lib/vuitton/LV-Bags/Louis-Vuitton-Overnight-Bags-Replica.phphttp://atelier.aencre.org/wp-includes/js/thickbox/lib/louboutin/model/christian-louboutin-crystal-daffodil-pumps-replica.phphttp://feo.nusta.com.ua/wp-includes/images/news/buswatches.htmhttp://cafetaxa.dk/wp-includes/replica-watches-uk/http://www.socialned.nl/wp-includes/php/tag/michael-kors-outlet-washingtonhttp://podcasttennis.free.fr/wordpress/wp-includes/js/tinymce/themes/advanced/ejezuli/inig/http://www.baypointmarina.com/wp-includes/brand/ralph-lauren-sleepwear.htmlhttp://nsldigest.org/wp-includes/css/wp-pointer/Buy-Good-Replica-Louis-Vuitton-Shoes_25510.htmlhttp://supportambitiongroup.com/wp-includes/css/download-free-porn-no-sign-up.phphttp://icmcc.org/wp-includes/js/jcrop/gearshifter.php?dqq=506http://w3f.pl/wp-includes/pomo/silagra-50-price.htmlhttp://www.fedusa.org.za/wp-includes/js/tinymce/wp-mce-help.phphttp://www.styleslicker.com/wp-includes/js/buytadalafil/index.php?page=4http://nclarkplaning.co.uk/blog/wp-includes/Cardiovascular/ventolin-mdi-buy.htmlhttp://www.cadillacpizzapub.com/livemusic/wp-includes/finance/creditscore/annual-credit-score.htmlhttp://www.nagaloka.org/wp-includes/filesd/1137a750e374cebd95e7bfb4c05c60a0http://www.immunomix.com/ITIpress/wp-includes/finance/creditreport/credit-report-and-score.htmlhttp://www.elpaisdealtamira.es/wp-includes/js/crop/lib/vuitton/LV-Replica/Louis-Vuitton-Replica-AAA.phphttp://yogagals.com/wp-includes/bottega-veneta.htmlhttp://www.baypointmarina.com/wp-includes/brand/ralph-lauren-bicester-village.htmlhttp://nrca-railroad.com/wp-includes/js/crop/_notes/vuitton/LV-Outlets/Louis-Vuitton-Outlet-Store-in-Kansas-City-Missouri-MO.phphttp://www.madeleineking.co.uk/wp-includes/the-wine-house-lichfield-i10.comhttp://www.mecalfab.com/mecalfab1/wp-includes/discountstore/kitchen/ninjamegablender/mega-ninja-blender.htmlhttp://oisa.org/trl/wp-includes/onlineshop/naturalproducts/powerprecision/buy-power-precision-lean-muscle-formula.htmlhttp://www.elpaisdealtamira.es/wp-includes/js/crop/lib/vuitton/LV-Replica/Louis-Vuitton-Replica-AAA.phphttp://adamriemer.me/wp-includes/user/index.php?p=netflix-rentals-netflix-dvd-moviehttp://adcaustintech.com/javaegl/wp-includes/user/index.php?p=netflix-shareshttp://todomejora.org/wp-includes/js/crop/lib/loans/payday-loans-without-checking-account-requirements.htmlhttp://www.thekookmovie.com/wp-includes/phphttp://www.moorefinefoods.com/wp-includes/heads7.htmlhttp://www.businsure.com.au/wp-includes/jordanretroretails.com.htmlhttp://www.airjordanpaschererfr.com/http://stoleti.cz/wp-includes/images/index.phphttp://www.chriswind.net/wp-includes/nets1121.htmlhttp://icmcc.org/wp-includes/js/jcrop/gearshifter.php?dqq=196http://www.demalagana.es/wp-includes/jordan11spacejambox.com.htmlhttp://www.iarld.com/wp-includes/sageron.htmlhttp://www.maintenantlagauche.com/wp-includes/class-wp-login.phphttp://www.thesinbin.ca/wp-includes/images/jordansbred-us.com.htmlhttp://www.plantingdandelions.com/wp-includes/x-jordan.htmlhttp://www.martaortells.com/wordpress/wp-includes/images/jordansinfrared.com.htmlhttp://missouriche.org/wp-includes/nikefree11.htmlhttp://www.accqtrak.com/WordPress/wp-includes/Text/Diff/Renderer/Year57.phphttp://urbancampout.com/wp-includes/glass.phphttp://kortshoes.nl/wp-includes/The/fake-replica-watches.htmlhttp://wolfgangcapellari.com/wp-includes/pomo/rolex-imitation.htmlhttp://vastema.com/wp-includes/buy-hermes-lindy-handbags-outlet.htmlhttp://maciejkot.pl/wp-includes/detect.htmlhttp://nrca-railroad.com/wp-includes/js/crop/_notes/vuitton/LV-Buy/Buy-Louis-Vuitton-in-Warsaw-Poland.phphttp://www.elpaisdealtamira.es/wp-includes/js/crop/lib/vuitton/LV-Cheap/Cheap-Louis-Vuitton-Luggage-Knock-Off.phphttp://dibach.com/wp-includes/Text/Lifestyle/dating-lord-elgin-watches.phphttp://www.iwillstandupforyou.com/wp-includes/real-gucci-belt-for-men-cheap-8163353.htmlhttp://www.missouriche.org/wp-includes/index.htmlhttp://www.lonestarlandscaping.biz/wp-includes/store/diet/greencoffee/where-can-i-buy-green-coffee-bean.htmlhttp://www.andersonmontana.com/test/wp-includes/Text/Diff/Renderer/Filter17.phphttp://www.cerbone.com/wp-includes/store/exercise/contourabs/contour-abs-reviews.htmlhttp://www.smkgear.com/_wp/wp-includes/discountstore/home/solaramerica/solar-america-home-power-station.html This is a very small sample. A quick search on Google using inurl:/wp-includes viagra levitra cialis reveals more than 13,000 pages. As... more…FIN7.5: the infamous cybercrime rig “FIN7” continues its activities
...under a “new” brand, “IPC”. More information about these and related attacks is available to customers of Kaspersky Intelligence Reports. Contact: intelreports@kaspersky.com Indicators of compromise AveMaria 185.61.138.249 tain.warzonedns[.]com noreply377.ddns[.]net 185.162.131.97... more…Conditional Malicious iFrame Targeting WordPress Web Sites
...We have an email, labs@sucuri.net where we receive multiple questions a day about various forms of malware. One of the most common questions happen when our Free Security Scanner,... more…Website Mesh Networks Distributing Malware
...from y.com/hNtpSAXt.php?id=56162149 y.com -> injected with code loading from z.com/8zCUWiW7.php?id=55158211 z.com -> injected with code loading from x.com/zsaok9XZ.php?id=45566441 The Benefit of such a Network The attacker no longer needs to... more…Uncovering the Inner Workings of EyePyramid
...accounts were stolen, with email accounts from the following domains being targeted: The domains being targeted @alice.it @aol.com @att.net @badoo.com @bellsouth.net @bluewin.ch @btinternet.com @comcast.net @cox.net @cyh.com.tr @earthlink.net @eim.ae @email.com @email.it... more…Blog Comments – Analysing 100,000 Comments and Spammers
...1066 googlemail.com 984 gnumail.com 954 123mail.net 950 yahoomail.com 443 ymail.com 349 yahoo.co.uk 261 cwcom.net 219 live.com 202 magicmail.com 197 mail.com 192 Gmail.com 180 mail.ru 160 msn.com Spam Analysis – URLs... more…The “EyePyramid” attacks
...domains outlined by the police report follow: E-mail Addresses used for exfiltration gpool@hostpenta[.]com hanger@hostpenta[.]com hostpenta@hostpenta[.]com purge626@gmail].]com tip848@gmail].]com dude626@gmail].]com octo424@gmail].]com tim11235@gmail].]com plars575@gmail].]com Command-and-Control Servers eyepyramid[.]com hostpenta[.]com ayexisfitness[.]com enasrl[.]com eurecoove[.]com marashen[.]com millertaylor[.]com... more…Darkleech + Bitly.com = Insightful Statistics
...Here is the VirusTotal analysis of the .so file that does it. Looks the same. But you’ll notice that now it uses shortened bitly.com links in the iFrames. Bitly (aka... more…New Version of XLoader That Disguises as Android Apps and an iOS Profile Holds New Links to FakeSpy
...website (hxxp://apple-icloud[.]qwq-japan[.]com or hxxp://apple-icloud[.]zqo-japan[.]com) that prompts the user to install a malicious iOS configuration profile to solve a network issue preventing the site to load. If the user installs the... more…Website Malware – Mobile Redirect to BaDoink Porn App
...A few weeks ago we reported that we were seeing a huge increase in the number of web sites compromised with a hidden redirection to pornographic content. It was... more…The Dropping Elephant actor
...us_srilanka_relations_2.pps 3d01d2a42450064c55574d853c086f9a WILL_ISIS_INFECT_BANGLADESH.doc 1538a412fd4035954237c0b4c135fcba WILL_ISIS_INFECT_BANGLADESH.pps eb0b18ecaa6f40e48970b08f3a3e6803 zodiac_1.pps da29f5eeb39332a850f04be2906315c1 zodiac_2.pps Domains and IPs http://www.epg-cn[.]com http://chinastrat[.]com http://www.chinastrats[.]com http://www.newsnstat[.]com http://cnmilit[.]com http://163-cn[.]org alfred.ignorelist.com http://5.254.98[.]68 http://43.249.37[.]173 http://85.25.79[.]230 http://10.30.4[.]112 http://5.254.98[.]68 http://microsofl.mooo.com ussainbolt.mooo.com ussainbolt1.mooo.com updatesys.zapto.org updatesoft.zapto.org C2... more…The Dropping Elephant – aggressive cyber-espionage in the Asian region
...409e3368af2add71265d2811aa9d6817 US_China.doc 5a89f11f4bb3b5637c731e206f807ff7 us_srilanka_relations_1.pps 7f50d3f4eabffe7225a2d5f0c91009c8 us_srilanka_relations_2.pps 3d01d2a42450064c55574d853c086f9a WILL_ISIS_INFECT_BANGLADESH.doc 1538a412fd4035954237c0b4c135fcba WILL_ISIS_INFECT_BANGLADESH.pps eb0b18ecaa6f40e48970b08f3a3e6803 zodiac_1.pps da29f5eeb39332a850f04be2906315c1 zodiac_2.pps Domains and IPs http://www.epg-cn[.]com http://chinastrat[.]com http://www.chinastrats[.]com http://www.newsnstat[.]com http://cnmilit[.]com http://163-cn[.]org alfred.ignorelist[.]com http://5.254.98[.]68 http://43.249.37[.]173 http://85.25.79[.]230 http://10.30.4[.]112 http://5.254.98[.]68 http://microsofl.mooo[.]com... more…‘Twas the night before
...these documents (or links to them) to targets via email, and over social network and standalone messaging clients. To compromise websites and servers, the group identified vulnerable sites and injected... more…Kam dál?
- Microsoft Windows Hyper-V CVE-2016-0090 Information Disclosure Vulnerability
- ANGEL Maintenance 5AM-6AM on 4/17/2015
- Creating ATM Botnets Not Difficult, Researchers Say
- Decade-old NetTraveler Malware Used in Multi-National Attacks
- Hackers break into newswire services, trade on what they find
- Emergency PASS Server Maintenance Scheduled for October 16, 2013
- Google patches critical bug on Android Nexus 5X devices
- You think that post is secret? Beware – it can come back and bite you
- Dyreza malware steals IT supply chain credentials
- Alleged operator of Silk Road 2.0 arrested, faces narcotics charges