Month: February 2008
Earlier today I got a new phishing scam in my inbox, this one for the IRS. I’d love a tax refund, but I don’t think this is how they normally notify you. The lure email is shown below, and is quite standard in its formatting. […]
Read more
So, assume you’re an ISP in Pakistan and, for whatever reason, you receive an order such as this (PDF) from the Pakistan Telecommunication Authority (PTA). The letter is from the Deputy Director of Enforcement with the PTA, and is requiring that you immediately block access […]
Read more
The popular blogging site WordPress suffered a DDoS attack a few days ago. Sites like this are often hit, sometimes for inexplicable reasons. Someone gets mad, someone holds a grudge, someone wants retaliation, someone wants to try and hurt the target. I don’t know why […]
Read more
While we saw the Valentine’s day campaign start in January, it’s morphed. This time using the following approaches (some old, some new) raw IP addresses in the spam lures the filename is now “valentine.exe”, using a redirect and a clickable link much more simple HTML […]
Read more
Enabled by some spam samples Marshal provided, Joe Stewart and the good folks @SecureWorks, with an assist from Team Cymru and my|NetWatchman, have identified the malware and botnet referred to as Mega-D. It turns out Mega-D is composed of bots from the little-known Ozdok malware […]
Read more
Just to close the loop on this… Phil Hay from the TRACE team at Marshal got back to me yesterday afternoon regarding my query about Mega-D. He provided some clarifications on some of what he referred to as “misleading press reports”. Here’s a quick summary […]
Read more
So, no word back from the TRACE folks, however, a couple of sources suggested that what they’re calling Mega-D is actually a downloader Trojan, akin to Cutwail, and is also affiliated with Prg, NTOS, Wsnpoem and Pandex. As the SecureWorks folks stated in their advisory […]
Read more
I read this slashdot article over the weekend and was a bit surprised that I hadn’t heard of this Mega-D botnet before. So, I reached out to a few colleagues of mine and asked if they’d heard anything of it – beyond the press release […]
Read more