In the overwhelming sea of information find to timely insightful and independent open-source intelligence (OSINT) analyses is crucial for maintaining the necessary situational awareness to stay on the top of emerging security threats. This blog covers trends and fads tactics and strategies intersecting with third-party investigate speculations and real-time CYBERINT assessments all packed with sarcastic attitude
Just as I've been monitoring lots of yesterday Nicholas posted some details on a and Roderick Ordonez. Original Geocities URLs used : geocities com/MediciChavez7861 (active) ; geocities com/IliseNkrumah2 (down) ; geocities com/GounodNanon5 (down). Original communicate of the spam campaign :"
Hallo! Meine Name ist Polina. Ich bin Studentin und Ich habe zur Germany zu lernen angekommen. Ich suche mich den Freund und der Sex-Partner. Aller dass Ich will es ist ein guter Mann. Sie sollen ernst sicher klug sein. Geben Sie mich zu wissen wenn Sie wollen mit mir treffen. Ebenso konnen Sie einfach mein Freund sein. Sie konnen meine Fotos auf meiner Seite sehen: geocities com/MediciChavez7861 BITTE. NURR DIE ERNSTE Vorschlages. KUSSE. POLINA
"The fake lonely German student Polina was also accessible from other URLs as well - ThePagesBargain ru/polina; dibopservice com both now down as well as the main 58.65.238.36/polina URL which is forwarding to baby com in an attempt to cover up the race -- you desire. Internal pages within the IP are still accessible - 58.65.238.36/index2_files/index3 htm; 58.65.238.36/list2_files/index htm and so is the malware itself - 58.65.238.36/iPIX-install exe. Malware campaigners are not just setting objectives and achieving them they're also evaluating the results and drawing conclusions on how to alter the next campaign. approve in January. 2006. I emphasized on take for dilate the release of a trojan in an open source form so that and making it even more easy to use as well as. In this campaign a localized URL was also available targeting Dutch speaking visitors 58.65.238.36/polinanl so you you have a German and Dutch languages included and as we've seen the ongoing consolidation of malware authors and spammers serves well to both sides spammers will on one hand segment all the German and Dutch emails and the malware authors will mass mail using localized message templates. Great social engineering abusing a common stereotype that for instance German users were definitely flooded with English messages courtesy of Storm Worm targeting U. S citizens which is like a Chinese user who's receiving a phishing email from the Royal tip of Scotland - it's obvious both of these are easy to detect. Which is what localization is all about the malware and spam speaks your local language. One downsize of this campaign is that Polina doesn't really be like a lonely German student in fact she's a model and these are some of her portfolio shots. Let's discuss how are the malware campaigners coming up with these Geocities accounts at the first place. Are the people behind the campaign manually registering them outsourcing the registration process to someone else or the ? Could be change surface worse - they may be buying the already registered Geocities accounts from another group that's specializes in registering these a group which like a previously covered concept of is earning revenues based on higher acquire margins given they don't distribute the product but provide the function thereby keeping the automatic registration process know-how to themselves. Once the authentication details are known the process of anything starting from blackhat SEO enjoin spamming malware hosting and embedding such scripts even IFRAMEs in a fully automated fashion. Meanwhile what are the chances there's on the same netblock? But of cover vaichoau com fake watches pimpmovie net malware C&C urolicali com cn spammers westernunion reg-login com a phishing url.
Independent Security Consultancy. Threat Intell Analyses and Competitive Intelligence research on Demand. Insightful unbiased and client-tailored assessments neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho danchev@gmail com
Related article:
http://ddanchev.blogspot.com/2007/11/lonely-polinas-secret.html
comments | Add comment | Report as Spam
|
