I published the following diary on isc.sans.edu: “Another File Extension to Block in your MTA: .jnlp“: When hunting, one thing that I like to learn is how attackers can be imaginative at deploying new techniques. I spotted some emails that had suspicious attachments based on the ‘.jnlp’ extension. I’m pretty sure
I published the following diary on isc.sans.org: “Malicious JavaScript Targeting Mobile Browsers“: A reader reported a suspicious piece of a Javascript code that was found on a website. In the meantime, the compromized website has been cleaned but it was running WordPress (again, I would say![1]). The code was obfuscated,
I published the following diary on isc.sans.org: “A Bunch of Compromized WordPress Sites“: A few days ago, one of our readers contacted reported an incident affecting his website based on WordPress. He performed quick checks by himself and found some pieces of evidence: The main index.php file was modified and some
I published the following diary on isc.sans.org: “Surge in blackmailing?“: What’s happening with blackmails? For those who don’t know the word, it is a piece of mail sent to a victim to ask money in return for not revealing compromising information about him/her. For a few days, we noticed a peak
I published the following diary on isc.sans.org: “Spam Delivered via .ICS Files“. Yesterday, I received a few interesting emails in my honeypot. I set up catch-all email addresses for domains that are well known by spammers. I’m capturing emails and extracting MIME attachments for further analysis. Today, my honeypot received three
A few weeks ago I posted a diary on the ISC SANS website about a script to automate the extraction and analyze of MIME attachments in emails. Being the happy owner of an old domain (15y), this domain is present in all spammer’s mailing lists. I’m receiving a lot of
“E-mail”… What a wonderful online service! When I first connected to the Internet around 1994 (I’m feeling old writing this!), I was so exited to receive my first e-mail! Today, I’m very happy when I received less than 50 e-mails per day! E-mail has been, for years, associated with spam.
Our best worst friend Facebook is full of resources. Not only for attackers but also spammers. The “I like” button became very popular on many personal (blogs) and professional websites. Basically, the purpose is simple and efficient: If you are logged on Facebook and visit a website which proposes an
I received yesterday a mail spam about a commercial SSH solution. The mail presented their product like this: “Find out how SSH can ease the burden of PCI DSS, SOX and other mandates and IT audits with a robust data security solution used by millions worldwide! <deleted name> delivers unparalleled
