Data443 Blog - Insights on Data Security & Threat Intelligence

UPS malware now sent via DHL!

March 31, 2011

For the 3rd day running we are seeing vast quantities of email-attached malware. Today the spoofed sender was DHL with subjects like “DHL Express Service”. The emails included standard test such as: Dear customer. The parcel was sent your home address. And it will arrive within 3 business day. More

Update: Huge amounts of UPS and Facebook malware attachments

March 30, 2011

Virus distributors have steadily decreased their usage of email as a means of malware distribution. The more popular methods nowadays include the use of drive-by downloads as well as “voluntary” downloads of “shockwave updaters” and “movie codec files”. But the last day or so has seen very high levels of

iPad 2 affiliate marketing scams and incompetent spammers

March 29, 2011

It’s so hard to find good help these days. Even in the world of spam you just have to do everything yourself or else take a risk that some inattentive subordinate is going to mess up. Like this Apple iPad 2 marketing scam campaign which should have the recipient name

T-online.de used as part of Fake Antivirus scam

March 24, 2011

T-Online.de provides free hosting for any website… …Like this redirect to a very convincing Fake Antivirus page

Updated: Has the reported disruption of Rustock affected spam levels?

March 17, 2011

Numerous reports have been circulating about the sudden demise of the Rustock botnet. The question is whether this has had an effect on global spam levels. Some observations: There are clear “humps” on Saturday, Monday and Tuesday – but less activity on Friday, Sunday and today. These patterns and levels

An un-epiphany – (based on: how to use a GPU to speed up ClamAV)

March 17, 2011

I have always been amused at people talking about the death of the antivirus industry. It has supposedly been dying for decades and it is still around and growing. What amuses me even more is how people can sound so knowledgeable about how antivirus works and why it is doomed

Loads of phony twitter emails

March 16, 2011

Commtouch Labs has detected large volumes of phony “unread twitter message” emails. All links route via intermediate sites to the same pharmacy site. Most of the links are being flagged in browsers as malware or (incorrectly) phishing. Our advice – mouse over any email links if you aren’t sure about

Visit “oceanic tsunami alerts” for more data about …. Apple iPad sales??

March 14, 2011

Spammers are an enterprising lot – registering domains that will be useful if there is ever a natural disaster such an earthquake or tsunami. Consider the domain “oceanictsunamialerts.info” registered on the 13th of December 2010. Following the Japanese earthquake and tsunami on Friday, the domain is now being used in

How to scale phishing by using the cloud

March 11, 2011

Consider for a moment the stages involved in a traditional phishing attack: Create the phishing page – either buried within a legitimate site or hosted on some temporary server Send out carefully socially engineered phishing emails requiring login for some reason – including the link to the phishing page Collect