Category: malware

  • Build a botnet – without infecting end-users

    The idea is not new: get a lot of users to view a given webpage, to DDoS the webserver / backend (depending where the bottlenecks are). If I recall correctly, some student asked the visitors of his website to continuously refresh the page of his university and got charged for it. As many have remarked…

  • It’s all in the eye of the beholder

    One key aspect of the of the rogue AV/AS/AM products is the fact that they are using scare tactics to sell their "products". However even legitimate products have tendencies to go in this direction, as the two examples below illustrate. The first example is from a Secunia PSI install. Just to clarify my stance on…

  • How does the Panda USB vaccination work?

    I stumbled on the Panda USB and AutoRun Vaccine on the Panda Research blog and it peaked my interest because autorun-based malware is very wide-spread these days and also because I’ve written extensively about the topic. An other reason is that I don’t like black boxes and it is my opinion that all knowledge should…

  • Malicious sites by country

    In an earlier post I’ve said that the number of malicious sites in a country has a close relation to the level of connectivity in the given country. Here is a chart to show this visually: (The data collection method is the same as for the other data: malicious domains from DNS-BH and clean domains…

  • Brave new world

    What do you call a world where tens of thousands of people have the ability to take out considerable part of an important infrastructure item. This the world we live in. Tens of thousands of people can create botnets and use them to attack other sites. Most recently the Metasploit site was attacked together with…

  • ASPROX presentation video

    Via Greg Martin’s blog: a presentation about ASPROX delivered at Toorcon by Dennis Brown from Verisign:

  • Google broke the Internet!

    Short summary: Google maintains a list of “malicious URL’s”. This list is used both to offer warnings on the search results and to warn users in third-party applications (like Firefox 3) via the Google Safe Browsing API. The format of the blacklist is such that arbitrary subelements of the URL can be used. This is…

  • “Official” DDoS tools

    There are quite a few people who perform computer attacks while claiming political reasons. The Arbor Network blog discusses a recent example: a group of people asking you to download and run their tool it “help israel” (this could maybe be called “political-engineering”, and is quite curious, because people are being told that the downloaded…

  • 000webhost.com trying to install malware

    I needed a quick, free webhost. Incidentally (it is funny how things come together sometimes) I remembered Andreas Gohr mentioning 000webhost.com, so I decided to give it a try. Now, I knew that nothing is free, so I expected to need to insert some banner ads in the pages, however it seems that this hosting…

  • What is a perimeter weakening malware?

    I’ve seen this idea floating around the Internet for some time and I thought I document it for future reference: A perimeter weakening malware is a program (script, macro, etc) which “lowers the defenses” of a computer (stops AV software, disables the firewall, creates an Administrator account with a certain password, etc) after which it…