Support

Archive | Phishing

View all postings from the Phishing category in “Security to the Core,” the Arbor Networks Security Engineering and Response Team Blog.

Illuminating The Etumbot APT Backdoor

The Arbor Security Engineering Response Team (ASERT) has released a research paper concerning the Etumbot malware. Etumbot is a backdoor used in targeted attacks since at least March 2011. Indicators suggest that Etumbot is associated with the Numbered Panda group, also known as IXEHSE, DynCalc, and APT12.  Although previous research has covered related malware, little […]

Continue Reading

Economic Crisis: A Phishing and Malcode Opportunity

In the past few weeks as a flurry of global financial institutions have suffered, a lot of names have been bandied about. Some banks have merged, some banks have faltered, and some government programs have been highlighted. It turns out that this is giving some enterprising phishers and malcode authors an opportunity. They’re preying on […]

Continue Reading

Atrivo/Intercage Called Out as US RBN

A report from a trio of known open source security analysts is out and covers the US-based Atrivo, aka Intercage. Dubbed the “US RBN” by some, Atrivo has been, to quote someone in the business: “At almost every Internet security conference, or law enforcement seminar on cyber-crime, a presentation will detail some attack, exploit, phish […]

Continue Reading

Active Storm Worm Domains – Christmas, New Year’s Campaign

Based on a bunch of sources: familypostcards2008.com freshcards2008.com happy2008toyou.com happycards2008.com happysantacards.com hellosanta2008.com hohoho2008.com merrychristmasdude.com newyearcards2008.com newyearwithlove.com parentscards.com postcards-2008.com santapcards.com santawishes2008.com uhavepostcard.com All of these are worth blocking by DNS methods (become the local SOA, NXDOMAIN them) and looking for in your emails (look for a simple URL with those domain names near the end of […]

Continue Reading