Exploits

Microsoft Releases Its MSRC Researcher Recognition Program Award Winners – An Analysis

28 Nov 2021 By Dancho Danchev

Microsoft has recently released its MSRC Researcher Recognition Program Award Winners that basically covers several key areas of vulnerability research categories that are basically targeting a variety of Microsoft-based online platforms products and services where the researchers directly contribute with their knowledge and know-how for the purpose of sharing actionable intelligence and actual PoC (ProofRead More

Spamvertised ‘Confirmed Facebook Friend Request’ Themed Emails Serve Client-Side Exploits

15 Aug 2013 By Dancho Danchev

A currently circulating malicious spam campaign, entices users into thinking that they’ve received a legitimate ‘Friend Confirmation Request‘ on Facebook. In reality thought, the campaign attempts to exploit client-side vulnerabilities, CVE-2010-0188 in particular. Client-side exploits serving URL: hxxp://facebook.com.n.find-friends.lindoliveryct.net:80/news/facebook-onetime.php?dpheelxa=1l:30:1l:1g:1j&pkvby=h&rzuhhh=1h:33:1o:2v:32:1o:2v:1o:1j:1m&ycxlcvr=1f:1d:1f:1d:1f:1d:1f Detection rate for the malicious PDF: MD5: 39326c9a2572078c379eb6494dc326ab – detected by 3 out of 45 antivirus scannersRead More

Spamvertised ‘Confirmed Facebook Friend Request’ Themed Emails Serve Client-Side Exploits

15 Aug 2013 By Dancho Danchev

A currently circulating malicious spam campaign, entices users into thinking that they’ve received a legitimate ‘Friend Confirmation Request‘ on Facebook. In reality thought, the campaign attempts to exploit client-side vulnerabilities, CVE-2010-0188 in particular. Client-side exploits serving URL: hxxp://facebook.com.n.find-friends.lindoliveryct.net:80/news/facebook-onetime.php?dpheelxa=1l:30:1l:1g:1j&pkvby=h&rzuhhh=1h:33:1o:2v:32:1o:2v:1o:1j:1m&ycxlcvr=1f:1d:1f:1d:1f:1d:1f Detection rate for the malicious PDF: MD5: 39326c9a2572078c379eb6494dc326ab – detected by 3 out of 45 antivirus scannersRead More

The Avalanche Botnet and the TROYAK-AS Connection

13 May 2010 By Dancho Danchev

According to the latest APWG Global Phishing Survey: But by mid-2009, phishing was dominated by one player as never before the Avalanche phishing operation. This criminal entity is one of the most sophisticated and damaging on the Internet, and perfected a mass-production system for deploying phishing sites and “crimeware” – malware designed specifically to automateRead More

Dissecting the Mass DreamHost Sites Compromise

11 May 2010 By Dancho Danchev

Yet another mass sites compromise is currently taking place, this time targeting DreamHost customers, courtesy of the same gang behind the U.S Treasury/GoDaddy/NetworkSolutions mass compromise campaigns. What’s particularly interesting about the campaign, is not just the Hilary Kneber connection, but also, the fact that a key command and control domain part of the Koobface botnet,Read More

TorrentReactor.net Serving Crimeware, Client-Side Exploits Through a Malicious Ad

11 May 2010 By Dancho Danchev

Deja vu! Jerome Segura at the Malware Diaries is reporting that TorrentReactor.net, a high-trafficked torrents tracker, is currently serving live-exploits through a malicious ad served by “Fulldls.com  – Your source for daily torrent downloads“. Why deja vu? It’s because the TorrentReactor.net malware campaign takes me back to 2008, among the very first extensive profiling ofRead More

U.S. Treasury Site Compromise Linked to the NetworkSolutions Mass WordPress Blogs Compromise

04 May 2010 By Dancho Danchev

UPDATED: Saturday, May 08, 2010: 5 new domains have been introduced by the same gang, once again parked at 217.23.14.14, AS49981, WorldStream. jumpsearches.com – 217.23.14.14 – Email: alex1978a@bigmir.net ingeniosearch.net – 217.23.14.14 – Email: alex1978a@bigmir.net searchnations.com – 217.23.14.14 – Email: alex1978a@bigmir.net mainssearch.com – 217.23.14.14 – Email: alex1978a@bigmir.net bigsearchinc.com – 217.23.14.14 – Email: alex1978a@bigmir.net Sample exploitation structure:Read More

GoDaddy’s Mass WordPress Blogs Compromise Serving Scareware

27 Apr 2010 By Dancho Danchev

UPDATED: Thursday, May 13, 2010: Go Daddy posted the following update “What’s Up with Go Daddy, WordPress, PHP Exploits and Malware?“. UPDATED: Thursday, May 06, 2010: The following is a brief update of the campaign’s structure, the changed IPs, and the newly introduced scareware samples+phone back locations over the past few days. Sample structure fromRead More

Dissecting the WordPress Blogs Compromise at Network Solutions

18 Apr 2010 By Dancho Danchev

UPDATED: Network Solutions issued an update to the situation. The folks at Sucuri Security have posted an update on the reemergence of  mass site compromises at Network Solutions, following last week’s WordPress attack. What has changed since last week’s campaign? Several new domains were introduced, including new phone back locations, with the majority of newRead More

Money Mule Recruitment Campaign Serving Client-Side Exploits

30 Mar 2010 By Dancho Danchev

Remember Cefin Consulting & Finance, the bogus, money mule recruitment company that ironically tried to recruit me last month? They are back, with a currently ongoing money mule recruitment campaign, this time not just attempting to recruit gullible users, but also, serving client-side exploits (CVE-2009-1492; CVE-2007-5659) through an embedded javascript on each and every pageRead More

Unit-123.org E-shop Owner Information

Who is Dancho Danchev?

Unit-123.org

Focused on delivering daily batches of personally-produced never-ending supply of high-quality and never-published and released before classified and sensitive Intelligence Deliverables.

Latest Products