Archive for April, 2007

Nirbot’s Latest Move: MS DNS Exploits

April 17, 2007 by Jose Nazario

The latest turn in the Nirbot saga is that they’ve gone and incorporated the MS Windows DNS RPC interface exploit into their bot. We started seeing this in ATLAS starting Sunday evening GMT and it appears that this flood of MS DNS RPC exploits was seeded into an existing botnet. It appears that one of [...]


Posted in Arbor Networks - DDoS Experts, Botnets, Exploit Code, Vulnerabilities, Worms
Read More

Storm Worm, GIFs, Passwords, Zips and Alerts

April 12, 2007 by Jose Nazario

I spent a good portion of my day watching the Storm worm mutate from EXEs being spammed through to ZIP files in password protected bodies. This is a change in tactics for the Storm Worm team and has proven to be effective at evading AV. The Storm Worm is malware designed to install spammer toolkits. [...]


Posted in Arbor Networks - DDoS Experts, Malware, Rootkits, Trojan Horses
Read More

Peeling The Covers Off of Rock

April 6, 2007 by Jose Nazario

For the past couple of years, at least, we have been watching a sophisticated, disciplined phishing scheme targeting dozens of banks around the world. By some estimates, “Rock” is responsible for about half of all phishing in the world. Rock phishes have a pretty simple set of characteristics to them: They are advertised in image [...]


Posted in Interesting Research, Phishing
Read More
« Previous Entries
Next Entries »