Re: [botnets] [phishing] XP update phish/malware
- Original Message - H -- if the collective we thinks 12 hours is a quick response time for this sort of thing, it's no wonder we're losing so badly... The 'sort of thing' in the mentioned case were 'just' redirecting spam.Takedown was _anywhere_ within 12 h, no exact tracking on that content was done. Thus the wording to not state anything false. -- Michael ___ botnets@, the public's dumping ground for maliciousness All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
Re: [botnets] [phishing] XP update phish/malware
Here is another XP/Vista download link: ht tp://img 182.imageshack.us/img182/7145/47024671do7 .swf -- Steve Equal bytes for women. On Wed, 27 Aug 2008, Steve Pirk wrote: Here are some links related to a XP update phish/malware download. Image or payload? ht tp://img 504.imageshack.us/img504/6262/23031231ob0 .swf That was the only link in the email. -- Steve Equal bytes for women. ___ phishing mailing list [EMAIL PROTECTED] http://www.whitestar.linuxbox.org/mailman/listinfo/phishing ___ botnets@, the public's dumping ground for maliciousness All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
Re: [botnets] [phishing] XP update phish/malware
More links (have fun!) EF h x xp://img211.imageshack.us/img211/8804/53564624dd5.swf h x xp://img178.imageshack.us/img178/6055/48360498id9.swf h x xp://img363.imageshack.us/img363/6439/64566488mq7.swf h x xp://img152.imageshack.us/img152/2729/31549698ei0.swf h x xp://img530.imageshack.us/img530/6103/59151102rb3.swf h x xp://img99.imageshack.us/img99/5898/62138555hd9.swf h x xp://img372.imageshack.us/img372/8118/59719747ei9.swf h x xp://img185.imageshack.us/img185/9335/82661840nx8.swf h x xp://img293.imageshack.us/img293/4763/45789394gs7.swf h x xp://img178.imageshack.us/img178/9788/51170946pe4.swf h x xp://img142.imageshack.us/img142/3913/11423897ov7.swf h x xp://img90.imageshack.us/img90/2008/51270457la3.swf h x xp://img74.imageshack.us/img74/8522/45085869sh6.swf h x xp://img382.imageshack.us/img382/5364/96102388qu1.swf h x xp://img187.imageshack.us/img187/1963/29619654uk8.swf h x xp://img177.imageshack.us/img177/6360/69285889nm7.swf h x xp://img254.imageshack.us/img254/880/14642306ow1.swf h x xp://img247.imageshack.us/img247/4233/22200975ts2.swf h x xp://img99.imageshack.us/img99/9440/52828627qx6.swf h x xp://img365.imageshack.us/img365/7972/46847825fo0.swf h x xp://img99.imageshack.us/img99/594/95892453ot5.swf h x xp://img517.imageshack.us/img517/1968/77486504va4.swf h x xp://img230.imageshack.us/img230/5824/78233843jw7.swf h x xp://img187.imageshack.us/img187/3910/59662001uo5.swf h x xp://img144.imageshack.us/img144/7137/98780938dn9.swf h x xp://img120.imageshack.us/img120/5647/50805992bg2.swf h x xp://img90.imageshack.us/img90/2416/31864352xr5.swf h x xp://img379.imageshack.us/img379/203/58002967re9.swf h x xp://img372.imageshack.us/img372/9568/94993121ev8.swf h x xp://img362.imageshack.us/img362/2517/51161898ng9.swf h x xp://img293.imageshack.us/img293/8066/84520137hd2.swf h x xp://img264.imageshack.us/img264/7906/91105594ix6.swf h x xp://img231.imageshack.us/img231/3748/62962335wz2.swf h x xp://img231.imageshack.us/img231/267/84918094iq0.swf h x xp://img168.imageshack.us/img168/2760/17591524kq5.swf h x xp://img120.imageshack.us/img120/3516/33722385xh6.swf h x xp://img74.imageshack.us/img74/6486/39578125au2.swf h x xp://img516.imageshack.us/img516/747/95064813cv0.swf h x xp://img504.imageshack.us/img504/4349/47608063ev6.swf h x xp://img389.imageshack.us/img389/7425/73593614au0.swf h x xp://img369.imageshack.us/img369/7664/50077817mz3.swf h x xp://img362.imageshack.us/img362/442/54511953hg7.swf h x xp://img254.imageshack.us/img254/9613/84951271tu3.swf h x xp://img247.imageshack.us/img247/1466/44962136sl0.swf h x xp://img231.imageshack.us/img231/8544/22043469ng1.swf h x xp://img230.imageshack.us/img230/3984/20963797zd1.swf h x xp://img207.imageshack.us/img207/5/46258302wb8.swf h x xp://img168.imageshack.us/img168/3694/96349984ov9.swf h x xp://img145.imageshack.us/img145/2023/57451664ii1.swf h x xp://img141.imageshack.us/img141/3429/21327698vu3.swf h x xp://img141.imageshack.us/img141/1079/73226305li9.swf h x xp://img139.imageshack.us/img139/409/48948918bo9.swf h x xp://img99.imageshack.us/img99/4700/79917364gl7.swf h x xp://img93.imageshack.us/img93/1807/77305161gm5.swf h x xp://img90.imageshack.us/img90/752/52888755dq0.swf h x xp://img53.imageshack.us/img53/1618/64382852se9.swf h x xp://img396.imageshack.us/img396/6523/19822378ok9.swf h x xp://img390.imageshack.us/img390/6679/61377917aw6.swf h x xp://img388.imageshack.us/img388/6076/33852540ga7.swf h x xp://img388.imageshack.us/img388/2447/99672674yk9.swf h x xp://img388.imageshack.us/img388/1542/88527873om8.swf h x xp://img382.imageshack.us/img382/728/95974554lu8.swf h x xp://img381.imageshack.us/img381/2026/14591827xz8.swf h x xp://img369.imageshack.us/img369/6451/56742648if0.swf h x xp://img364.imageshack.us/img364/7038/40155918hl5.swf h x xp://img293.imageshack.us/img293/3287/10275575zm2.swf h x xp://img293.imageshack.us/img293/2189/41138736he1.swf h x xp://img292.imageshack.us/img292/9097/41669456gq5.swf h x xp://img292.imageshack.us/img292/8228/29106746gl5.swf h x xp://img247.imageshack.us/img247/8301/85097639if4.swf h x xp://img235.imageshack.us/img235/6129/65948768rb1.swf h x xp://img235.imageshack.us/img235/5333/28071066gg2.swf h x xp://img233.imageshack.us/img233/3785/28361241jj6.swf h x xp://img231.imageshack.us/img231/9116/81035442pq6.swf h x xp://img231.imageshack.us/img231/3969/88637755hf5.swf h x xp://img230.imageshack.us/img230/9113/65716097ub3.swf h x xp://img182.imageshack.us/img182/7638/36509153va7.swf h x xp://img169.imageshack.us/img169/8825/19988696ab4.swf h x xp://img169.imageshack.us/img169//93252402cs9.swf h x xp://img168.imageshack.us/img168/8633/45553933tg4.swf h x xp://img168.imageshack.us/img168/6339/96244904ig9.swf h x xp://img168.imageshack.us/img168/5798/13294931br0.swf h x xp://img168.imageshack.us/img168/4349/69444578ay1.swf h x xp://img148.imageshack.us/img148/8564/39132143hu5.swf h x xp://img148.imageshack.us/img148/4813/88179958sp6.swf h x xp://img144.imageshack.us/img144/6180/70912473pl7.swf h x
Re: [botnets] [phishing] XP update phish/malware
It seems Imageshack with malicious or at least abusive Flash files is getting more popular. We saw a similar attack, yet far less malicious, on Facebook last week. User's walls were spammed with a messae about someone having a crush on them with a link to an Imageshack flash file. The file then did a full redirect to a dating website. The bad guys are both simply just using them as a jumping point and in some cases playing off of their [somewhat] trusted name. Steven On Thu, 28 Aug 2008 09:18:12 -0400, Discini, Sonny [EMAIL PROTECTED] wrote: Here is another XP/Vista download link: ht tp://img 182.imageshack.us/img182/7145/47024671do7 .swf -- Steve I had a bunch of that come through in 3 separate waves yesterday. The malware download pointed to: Hxxp://89.187.49.18/install.exe Note that the payload is known to Sophos so I'm assuming that most of the other big players also pick it up. Nothing new. Sonny Sonny Discini, Senior Network Security Engineer Office of the CIO Department of Technology Services Montgomery County Government -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Pirk Sent: Thursday, August 28, 2008 7:13 AM To: [EMAIL PROTECTED] Cc: Botnets Subject: Re: [phishing] XP update phish/malware Equal bytes for women. On Wed, 27 Aug 2008, Steve Pirk wrote: Here are some links related to a XP update phish/malware download. Image or payload? ht tp://img 504.imageshack.us/img504/6262/23031231ob0 .swf That was the only link in the email. -- Steve Equal bytes for women. ___ phishing mailing list [EMAIL PROTECTED] http://www.whitestar.linuxbox.org/mailman/listinfo/phishing ___ phishing mailing list [EMAIL PROTECTED] http://www.whitestar.linuxbox.org/mailman/listinfo/phishing ___ botnets@, the public's dumping ground for maliciousness All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets ___ botnets@, the public's dumping ground for maliciousness All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
Re: [botnets] [phishing] XP update phish/malware
Impressive! A quick check showed that currently 729/802 seem to be alive. Are they reported to imageshack already? They seem to react quite fast, just recently about 600 reported URLs were gone within 12h. Cheers, Michael - Original Message - More links (have fun!) EF h x xp://img211.imageshack.us/img211/8804/53564624dd5.swf truncated h x xp://img120.imageshack.us/img120/2309/45541629db8.swf ___ botnets@, the public's dumping ground for maliciousness All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
Re: [botnets] [phishing] XP update phish/malware
Interesting, Do you or anyone else know more about the account theft that has been going on with FaceBook. I ask because my kid sister was using it for a while and she kept on asking why her password was changed. Shortly there after her friends had the same issue and they had random wall posts going up. Ideas? I'm just curious. Regards, Adriel T. Desautels Chief Technology Officer Netragard, LLC. Office : 617-934-0269 Mobile : 617-633-3821 http://www.linkedin.com/pub/1/118/a45 Join the Netragard, LLC. Linked In Group: http://www.linkedin.com/e/gis/48683/0B98E1705142 --- Netragard, LLC - http://www.netragard.com - We make IT Safe Penetration Testing, Vulnerability Assessments, Website Security Netragard Whitepaper Downloads: --- Choosing the right provider : http://tinyurl.com/2ahk3j Three Things you must know : http://tinyurl.com/26pjsn Steven Adair wrote: It seems Imageshack with malicious or at least abusive Flash files is getting more popular. We saw a similar attack, yet far less malicious, on Facebook last week. User's walls were spammed with a messae about someone having a crush on them with a link to an Imageshack flash file. The file then did a full redirect to a dating website. The bad guys are both simply just using them as a jumping point and in some cases playing off of their [somewhat] trusted name. Steven On Thu, 28 Aug 2008 09:18:12 -0400, Discini, Sonny [EMAIL PROTECTED] wrote: Here is another XP/Vista download link: ht tp://img 182.imageshack.us/img182/7145/47024671do7 .swf -- Steve I had a bunch of that come through in 3 separate waves yesterday. The malware download pointed to: Hxxp://89.187.49.18/install.exe Note that the payload is known to Sophos so I'm assuming that most of the other big players also pick it up. Nothing new. Sonny Sonny Discini, Senior Network Security Engineer Office of the CIO Department of Technology Services Montgomery County Government -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Pirk Sent: Thursday, August 28, 2008 7:13 AM To: [EMAIL PROTECTED] Cc: Botnets Subject: Re: [phishing] XP update phish/malware Equal bytes for women. On Wed, 27 Aug 2008, Steve Pirk wrote: Here are some links related to a XP update phish/malware download. Image or payload? ht tp://img 504.imageshack.us/img504/6262/23031231ob0 .swf That was the only link in the email. -- Steve Equal bytes for women. ___ phishing mailing list [EMAIL PROTECTED] http://www.whitestar.linuxbox.org/mailman/listinfo/phishing ___ phishing mailing list [EMAIL PROTECTED] http://www.whitestar.linuxbox.org/mailman/listinfo/phishing ___ botnets@, the public's dumping ground for maliciousness All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets ___ botnets@, the public's dumping ground for maliciousness All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets begin:vcard fn:Adriel T Desautels n:Desautels;Adriel T org:Netragard, LLC. adr:;;17 Sheldon Road;Mendham ;NJ;;USA email;internet:[EMAIL PROTECTED] title:Chief Technology Officer tel;work:617-934-0269 tel;cell:617-633-3821 x-mozilla-html:FALSE url:http://www.netragard.com version:2.1 end:vcard ___ botnets@, the public's dumping ground for maliciousness All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
Re: [botnets] [phishing] XP update phish/malware
What I have seen this week is the existence of new Koobface variants (20+ now) and it appears that Facebook doesn't block these yet, they managed to block the first wave, see http://linuxbox.org/pipermail/funsec/2008-August/018006.html But they are working on it: http://www.redherring.com/Home/24756 Juha-Matti Adriel Desautels [EMAIL PROTECTED] kirjoitti: Interesting, Do you or anyone else know more about the account theft that has been going on with FaceBook. I ask because my kid sister was using it for a while and she kept on asking why her password was changed. Shortly there after her friends had the same issue and they had random wall posts going up. Ideas? I'm just curious. Regards, Adriel T. Desautels Chief Technology Officer Netragard, LLC. Office : 617-934-0269 Mobile : 617-633-3821 http://www.linkedin.com/pub/1/118/a45 Join the Netragard, LLC. Linked In Group: http://www.linkedin.com/e/gis/48683/0B98E1705142 --- Netragard, LLC - http://www.netragard.com - We make IT Safe Penetration Testing, Vulnerability Assessments, Website Security Netragard Whitepaper Downloads: --- Choosing the right provider : http://tinyurl.com/2ahk3j Three Things you must know : http://tinyurl.com/26pjsn Steven Adair wrote: It seems Imageshack with malicious or at least abusive Flash files is getting more popular. We saw a similar attack, yet far less malicious, on Facebook last week. User's walls were spammed with a messae about someone having a crush on them with a link to an Imageshack flash file. The file then did a full redirect to a dating website. The bad guys are both simply just using them as a jumping point and in some cases playing off of their [somewhat] trusted name. Steven On Thu, 28 Aug 2008 09:18:12 -0400, Discini, Sonny [EMAIL PROTECTED] wrote: Here is another XP/Vista download link: ht tp://img 182.imageshack.us/img182/7145/47024671do7 .swf -- Steve I had a bunch of that come through in 3 separate waves yesterday. The malware download pointed to: Hxxp://89.187.49.18/install.exe Note that the payload is known to Sophos so I'm assuming that most of the other big players also pick it up. Nothing new. Sonny Sonny Discini, Senior Network Security Engineer Office of the CIO Department of Technology Services Montgomery County Government -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Pirk Sent: Thursday, August 28, 2008 7:13 AM To: [EMAIL PROTECTED] Cc: Botnets Subject: Re: [phishing] XP update phish/malware Equal bytes for women. On Wed, 27 Aug 2008, Steve Pirk wrote: Here are some links related to a XP update phish/malware download. Image or payload? ht tp://img 504.imageshack.us/img504/6262/23031231ob0 .swf That was the only link in the email. -- Steve Equal bytes for women. ___ botnets@, the public's dumping ground for maliciousness All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets