20 Jul Malicious URLs in .lc zone Dmitry Bestuzhev
20 May Hack in The Box Security Conference 2011 Amsterdam / NL Stefan
23 Sep Google, Mozilla and now Opera… Who’s next? Dmitry Bestuzhev
07 May Spot the imposter: pretending to be the original Dmitry Bestuzhev
22 Jan Malware Miscellany, December 2008 Yury
19 Dec Malware Miscellany, November 2008 Yury
Join our blog
You can contribute to our blog if you have +100 points. Comment on articles and blogposts, and other users will rate your comments. You receive points for positive ratings.
Cybercriminals from different places of the world are actively using this domain, including cybercriminals from Brazil abusing free Web hosting available in that country.
How many legitimate domains at .lc zone have you ever had to visit in your life? If the answer is zero, so maybe itís time to start filtering access to this domain, especially on the corporate Firewall / Proxy layer.
Since yesterday I've been attending the annual Hack-in-the-Box Quad-Track Security Conference in Amsterdam/NL. There's a very nice and open atmosphere here at the conference, besides the beautiful city of Amsterdam.
First, Joe Sullivan (CSO at facebook), held a very interesting keynote about the development of security innovations at facebook. For him innovation is „these hacking culture, we think about each day at facebook“. After explaining some of the newer security innovations (https-only, login notifications, login approvals [if e.g. geo-location of a user is suspicious], recognized devices, recent activity) he talked about the recent fb-scams with malicious scripts. „No one would do that, copying and pasting a script into the browser! - Yes, they do...“, he said.
Also a remarkable talk I attended was about binary planting, given by Mitja Kolsek (CTO at ACROS Security). In "Binary Planting: First Overlooked, Then Downplayed, Now Ignored" Mitja also showed a new method he called "advanced binary planting", which uses a feature from Windows' special folders (like control panel, printers, etc.) and clickjacking to make it possible to own the users' computer.
In the winter garden of the conference hotel there's a technology showcase area. Hackerspaces from all over Europe and the Netherlands are showcasing their projects here. There also is a capture-the-flag competition happening, a lock-picking and (sponsor) companies-showcase.
For more informations please see the conference website.
It’s a PHP based IRC botnet. Analyzing the code I found some evidences that it comes from Brazil.
We can see that criminals appreciate and actively use any and all available free web space. Based on the statistics from one of our proactive web crawlers, I took a look at which free web hosts are most popular among criminals for uploading and spreading malware. The following graph shows the top 10 free web hosts used by criminals during the last 8 months:
Fileave is a really well known server for hosting tons of different kinds of malware. I noticed that some secure DNS providers block access to the domains listed above and show an alert message stating that these sites are known sources of phishing and malware. So, what does that tell us? The usual - when you browse the internet always check links before clicking, and if the domain is suspicious, don't. Just don't click. And if you’re owner of a web site, make sure to secure your server properly to prevent the criminals from compromising it easily.