Earlier today I got a new phishing scam in my inbox, this one for the IRS. I’d love a tax refund, but I don’t think this is how they normally notify you. The lure email is shown below, and is quite standard in its formatting. It even threatens you with criminal prosecution if you lie.
Date: [...]
So, assume you’re an ISP in Pakistan and, for whatever reason, you receive an order such as this (PDF) from the Pakistan Telecommunication Authority (PTA). The letter is from the Deputy Director of Enforcement with the PTA, and is requiring that you immediately block access to a YouTube URL, or more specifically (actually, less [...]
The popular blogging site Wordpress suffered a DDoS attack a few days ago. Sites like this are often hit, sometimes for inexplicable reasons. Someone gets mad, someone holds a grudge, someone wants retaliation, someone wants to try and hurt the target. I don’t know why Wordpress was hit, there could be any number of [...]
While we saw the Valentine’s day campaign start in January, it’s morphed. This time using the following approaches (some old, some new)
raw IP addresses in the spam lures
the filename is now “valentine.exe”, using a redirect and a clickable link
much more simple HTML websites
subjects include “Blind Love”, “Just You” and other warm fuzzy subjects
rapidly changing MD5 [...]
Enabled by some spam samples Marshal provided, Joe Stewart and the good folks @SecureWorks, with an assist from Team Cymru and my|NetWatchman, have identified the malware and botnet referred to as Mega-D.
It turns out Mega-D is composed of bots from the little-known Ozdok malware family. Joe provides some analysis on scale and distribution of [...]
