Author: tetiana.vashchenko@data443.com

Google’s App Engine proxies HSBC site

Update April 17, 2011: Based on some feedback received offline, I would like to clarify: inetbrowse is a proxy, available on the Google App Engine. In other words, anything can be proxied through it. I did not mean to imply that Google was knowingly hosting a phishing site. The intention

New Adobe Flash Vulnerability (Yes, Another One)

Malicious Adobe Flash files are making the rounds of some lucky individuals that have been targeted for spearphishing, according to news reports. Adobe has confirmed that the vulnerability exists in its Flash program, and that the infected files have been distributed (so far) embedded in a Microsoft Word document sent

Complex – PDF hides Malware inside XFA which is inside PNG – not an image

We recently received an email supposedly from Puremobile – a supplier of unlocked cellphones. Similar emails were also received with “order info” from Bobijou (a costume jewelry designer). The “order confirmation” included a PDF file as shown below.  Our initial analysis of the file found no Javascript. No JavaScript? This

“Advice” after the Epsilon breach

Should I feel left out? I didn’t receive an apology letter from my bank, broker or grocery store this week. In case you are wondering what they should be apologizing about – besides the weak dollar or the price of tomatoes — the online marketer Epsilon was breached this week

UPS malware now sent via DHL!

For the 3rd day running we are seeing vast quantities of email-attached malware. Today the spoofed sender was DHL with subjects like “DHL Express Service”. The emails included standard test such as:  Dear customer. The parcel was sent your home address. And it will arrive within 3 business day. More

Update: Huge amounts of UPS and Facebook malware attachments

Virus distributors have steadily decreased their usage of email as a means of malware distribution. The more popular methods nowadays include the use of drive-by downloads as well as “voluntary” downloads of “shockwave updaters” and “movie codec files”. But the last day or so has seen very high levels of

iPad 2 affiliate marketing scams and incompetent spammers

It’s so hard to find good help these days. Even in the world of spam you just have to do everything yourself or else take a risk that some inattentive subordinate is going to mess up. Like this Apple iPad 2 marketing scam campaign which should have the recipient name

Updated: Has the reported disruption of Rustock affected spam levels?

Numerous reports have been circulating about the sudden demise of the Rustock botnet. The question is whether this has had an effect on global spam levels.  Some observations: There are clear “humps” on Saturday, Monday and Tuesday – but less activity on Friday, Sunday and today. These patterns and levels

An un-epiphany – (based on: how to use a GPU to speed up ClamAV)

I have always been amused at people talking about the death of the antivirus industry. It has supposedly been dying for decades and it is still around and growing. What amuses me even more is how people can sound so knowledgeable about how antivirus works and why it is doomed