Where Intelligence Analysts and Intelligence Community Clients Meet Their Needs on a Daily Basis!
UPDATED Moday, May 24, 2010: The scareware domains/redirectors pushed by the Koobface botnet, have been included at the bottom of this post, including detection rates and phone back URLs. On May 13th, 2010, the Koobface gang responded to my “10 things you didn’t know about the Koobface gang” post published in February, 2010, by includingRead More
Yet another mass sites compromise is currently taking place, this time targeting DreamHost customers, courtesy of the same gang behind the U.S Treasury/GoDaddy/NetworkSolutions mass compromise campaigns. What’s particularly interesting about the campaign, is not just the Hilary Kneber connection, but also, the fact that a key command and control domain part of the Koobface botnet,Read More
Following last month’s “Dissecting Koobface Gang’s Latest Facebook Spreading Campaign” Koobface gang coverage, it’s time to summarize some of their botnet spreading activities, from the last couple of days. Immediately after the suspension of their automatically registered Blogspot accounts, the gang once again proved that it has contingency plans in place, and started pushing linksRead More
UPDATED: Thursday, April 29, 2010: Google is aware of these Blogspot accounts, and is currently suspending them. During the weekend, our “dear friends” from the Koobface gang — folks, you’re so not forgotten, with the scale of diversification for your activities to be publicly summarized within the next few days — launched another spreading attemptRead More
With scareware/rogueware/fake security software continuing to be the cash-cow choice for the Koobface gang, keeping them on a short leash in order to become the biggest opportunity cost for the gang’s business model is crucial. The following are currently active blackhat SEO redirectors/Koobface-infected hosts redirectors and actual scareware domains courtesy of the gang. Blackhat SEORead More
Mac users appear to have a special place in the heart of the Koobface gang, since they’ve recently started experimenting with a monetization strategy especially for them – by compromising legitimate sites for the sole purpose of embedding them with the popular PHP backdoor shell C99 (Synsta mod), in an attempt to redirect all theRead More
Oops, they did it again – the Koobface gang, which is now officially self-describing itself as Ali Baba and the 40 Thieves LLC, has not only included a Koobface-themed — notice the worm in the name — background on Koobface-infected hosts, but it has also included a “Wish Koobface Happy Holidays” script — last timeRead More
Last week, Josh Kirkwood, Network Engineer at Blue Square Data Group Services Limited, with whom I’ve been keeping in touch regarding the blackhat SEO activity courtesy of the Koobface gang, and actual Koobface botnet activity that’s been taking place there for months, pinged me with an interesting email – “Riccom are now gone” (AS29550). HeRead More
UPDATED, Wednesday, December 02, 2009: The systematic rotation of new redirectors and scareware domains remains ongoing, with no signs of resuming the use of client-side exploits. Some of the latest ones include inviteerverwhere .cn – Email: box@cethcuples.com -> scanner-infoa .com – Email: inout@celestia.com, scareware detection rate; 1economyguide .cn – Email: contact@berussa.de -> superdefenceaj .com –Read More
Ali Baba and the 40 thieves LLC are once again multi-tasking, this time compromising hundreds of thousands of web sites, and redirecting Google visitors — through the standard http referrer check — to scareware serving domains. What’s so special about the domains mentioned in Cyveillance’s post, as well as the ones currently active on thisRead More
![InAttack.ru Forum Official Offline Copy – [RAR] – Direct Download](https://malvertising.net/wp-content/uploads/2025/04/InAttack_Cybercrime_Forum_01-300x300.jpg)
InAttack.ru Forum Official Offline Copy – [RAR] – Direct Download
Original price was: $250.00.$200.00Current price is: $200.00.
![Hackersoft.ru Forum Official Offline Copy – [RAR] – Direct Download](https://malvertising.net/wp-content/uploads/2025/04/Forum_Hackersoft_Cybercrime_Forum_01-300x300.jpg)
Hackersoft.ru Forum Official Offline Copy – [RAR] – Direct Download
Original price was: $250.00.$200.00Current price is: $200.00.
![Milw0rm.com Forum Official Offline Copy – [RAR] – Direct Download](https://malvertising.net/wp-content/uploads/2025/04/Milw0rm_Cybercrime_Forum_01-300x300.jpg)
Milw0rm.com Forum Official Offline Copy – [RAR] – Direct Download
Original price was: $250.00.$200.00Current price is: $200.00.
![Damagelab.org Forum Official Offline Copy – [RAR] – Direct Download](https://malvertising.net/wp-content/uploads/2025/04/Damagelab_org_Cybercrime_Forum_01-300x300.jpg)
Damagelab.org Forum Official Offline Copy – [RAR] – Direct Download
Original price was: $250.00.$200.00Current price is: $200.00.
![Mazafaka.ru Forum Official Offline Copy – [RAR] – Direct Download](https://malvertising.net/wp-content/uploads/2025/04/Mazafaka_Ru_Cybercrime_Forum_01-300x300.jpg)
Mazafaka.ru Forum Official Offline Copy – [RAR] – Direct Download
Original price was: $250.00.$200.00Current price is: $200.00.
