Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: Diaries by Keyword Diaries by Keyword

Special Webcast: What you need to know about the crypt32.dll vulnerability. Register Now

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Date Author Title

ANTIVIRUS 2009 FAKE AV

2008-09-15donald smithFake antivirus 2009 and search engine results

ANTIVIRUS

2018-06-25/a>Didier StevensGuilty by association
2015-12-05/a>Guy BruneauAre you looking to setup your own Malware Sandbox?
2015-06-28/a>Didier StevensThe EICAR Test File
2014-05-27/a>Kevin ShorttAvast forums hacked
2012-11-02/a>Daniel WesemannThe shortcomings of anti-virus software
2012-04-26/a>Richard PorterDefine Irony: A medical device with a Virus?
2011-06-02/a>Johannes UllrichSome Insight into Apple's Anti-Virus Signatures
2011-03-17/a>Kevin ListonSo You Got an AV Alert. Now What?
2011-03-09/a>Kevin ShorttAVG Anti-Virus 2011 False Positives - Luhe.Exploit.PDF.B
2011-03-01/a>Daniel WesemannAV software and "sharing samples"
2010-05-26/a>Bojan ZdrnjaMalware modularization and AV detection evasion
2009-09-25/a>Lenny ZeltserCategories of Common Malware Traits
2009-09-17/a>Bojan ZdrnjaWhy is Rogue/Fake AV so successful?
2009-08-29/a>Guy BruneauImmunet Protect - Cloud and Community Malware Protection
2009-08-19/a>Daniel WesemannChecking your protection
2009-08-13/a>Johannes UllrichCA eTrust update crashes systems
2008-09-15/a>donald smithFake antivirus 2009 and search engine results
2006-10-30/a>William SaluskyToD - Configuration Management - maintaining security awareness

2009

2010-01-12/a>Adrien de BeauprePoC for CVE-2009-0689 MacOS X 10.5/10.6 vulnerability
2010-01-04/a>Bojan ZdrnjaSophisticated, targeted malicious PDF documents exploiting CVE-2009-4324
2009-10-31/a>Rick WannerCyber Security Awareness Month - Day 31, ident
2009-10-30/a>Rob VandenBrinkCyber Security Awareness Month - Day 30 - The "Common" IPSEC VPN Protocols - IKE / ISAKMP (500/udp), ESP (IP Protocol 50), NAT-T-IKE (500/udp, 4500/udp), PPTP (tcp/1723), GRE (IP Protocol 47)
2009-10-29/a>Kyle HaugsnessCyber Security Awareness Month - Day 29 - dns port 53
2009-10-25/a>Lorna HutchesonCyber Security Awareness Month - Day 25 - Port 80 and 443
2009-10-22/a>Adrien de BeaupreCyber Security Awareness Month - Day 22 port 502 TCP - Modbus
2009-10-19/a>Daniel WesemannCyber Security Awareness Month - Day 19 - ICMP
2009-10-17/a>Rick WannerCyber Security Awareness Month - Day 17 - Port 22/SSH
2009-10-16/a>Adrien de BeaupreCyber Security Awareness Month - Day 16 - Port 1521 - Oracle TNS Listener
2009-10-09/a>Rob VandenBrinkCyber Security Awareness Month - Day 9 - Port 3389/tcp (RDP)
2009-10-06/a>Adrien de BeaupreCyber Security Awareness Month - Day 6 ports 67&68 udp - bootp and dhcp
2009-10-05/a>Adrien de BeaupreCyber Security Awareness Month - Day 5 port 31337
2009-06-20/a>Mark HofmanG'day from Sansfire2009
2009-06-14/a>Guy BruneauSANSFIRE 2009 Starts Tomorrow
2009-05-28/a>Stephen HallMicrosoft DirectShow vulnerability
2008-09-15/a>donald smithFake antivirus 2009 and search engine results

FAKE

2019-04-07/a>Guy BruneauFake Office 365 Payment Information Update
2019-04-02/a>Johannes UllrichFake AV is Back: LaCie Network Drives Used to Spread Malware
2019-03-21/a>Xavier MertensNew Wave of Extortion Emails: Central Intelligence Agency Case
2017-07-07/a>Renato MarinhoDDoS Extortion E-mail: Yet Another Bluff?
2016-05-12/a>Xavier MertensAnother Day, Another Wave of Phishing Emails
2015-09-28/a>Johannes Ullrich"Transport of London" Malicious E-Mail
2014-02-21/a>Johannes UllrichUPS Malware Spam Using Fake SPF Headers
2013-04-29/a>Adam SwangerReport Fake Tech Support Calls submission form reminder
2013-04-16/a>John BambenekFake Boston Marathon Scams Update
2013-01-03/a>Manuel Humberto Santander PelaezNew year and new CA compromised
2012-12-06/a>Daniel WesemannFake tech support calls - revisited
2012-10-03/a>Kevin ShorttFake Support Calls Reported
2012-06-19/a>Daniel Wesemann Vulnerabilityqueerprocessbrittleness
2011-07-25/a>Bojan ZdrnjaWhen the FakeAV coder(s) fail
2011-07-21/a>Daniel WesemannDown the FakeAV rabbit hole
2011-05-19/a>Daniel WesemannFake AV Bingo
2011-05-04/a>Bojan ZdrnjaMore on Google image poisoning
2011-01-18/a>Daniel WesemannYet another rogue anti-virus
2010-11-11/a>Daniel WesemannFake AV scams via Skype Chat
2010-02-27/a>Johannes UllrichSearch Engine Poisoning: Chile Earthquake
2010-02-15/a>Johannes UllrichVarious Olympics Related Dangerous Google Searches
2010-02-08/a>Adrien de BeaupreWhen is a 0day not a 0day? Fake OpenSSh exploit, again.
2010-01-08/a>Rob VandenBrinkMicrosoft OfficeOnline, Searching for Trust and Malware
2009-09-17/a>Bojan ZdrnjaWhy is Rogue/Fake AV so successful?
2009-09-04/a>Adrien de BeaupreFake anti-virus
2009-02-06/a>Adrien de BeaupreFake stimulus payments
2008-09-15/a>donald smithFake antivirus 2009 and search engine results

AV

2019-12-31/a>Johannes UllrichSome Thoughts About the Critical Citrix ADC/Gateway Vulnerability (CVE-2019-19781)
2019-11-23/a>Guy BruneauLocal Malware Analysis with Malice
2019-08-09/a>Xavier Mertens100% JavaScript Phishing Page
2019-07-25/a>Rob VandenBrinkWhen Users Attack! Users (and Admins) Thwarting Security Controls
2019-06-20/a>Xavier MertensUsing a Travel Packing App for Infosec Purpose
2019-06-10/a>Xavier MertensInteresting JavaScript Obfuscation Example
2019-05-29/a>Xavier MertensBehavioural Malware Analysis with Microsoft ASA
2019-04-02/a>Johannes UllrichFake AV is Back: LaCie Network Drives Used to Spread Malware
2019-02-07/a>Xavier Mertens Phishing Kit with JavaScript Keylogger
2019-02-02/a>Guy BruneauScanning for WebDAV PROPFIND Exploiting CVE-2017-7269
2018-11-20/a>Xavier MertensVMware Affected by Dell EMC Avamar Vulnerability
2018-07-17/a>Xavier MertensSearching for Geographically Improbable Login Attempts
2018-07-13/a>Xavier MertensCryptominer Delivered Though Compromized JavaScript File
2018-06-18/a>Xavier MertensMalicious JavaScript Targeting Mobile Browsers
2017-11-03/a>Xavier MertensSimple Analysis of an Obfuscated JAR File
2017-10-06/a>Johannes UllrichWhat's in a cable? The dangers of unauthorized cables
2017-08-23/a>Xavier MertensMalicious script dropping an executable signed by Avast?
2017-06-22/a>Xavier MertensObfuscating without XOR
2017-04-02/a>Guy BruneauIPFire - A Household Multipurpose Security Gateway
2017-03-24/a>Xavier MertensNicely Obfuscated JavaScript Sample
2017-03-04/a>Xavier MertensHow your pictures may affect your website reputation
2017-02-12/a>Xavier MertensAnalysis of a Suspicious Piece of JavaScript
2016-08-28/a>Guy BruneauSpam with Obfuscated Javascript
2016-06-18/a>Rob VandenBrinkControlling JavaScript Malware Before it Runs
2016-02-20/a>Didier StevensLocky: JavaScript Deobfuscation
2016-02-07/a>Xavier MertensMore Malicious JavaScript Obfuscation
2016-01-15/a>Xavier MertensJavaScript Deobfuscation Tool
2015-11-09/a>John BambenekICYMI: Widespread Unserialize Vulnerability in Java
2015-08-07/a>Tony CarothersCritical Firefox Update Today
2015-06-16/a>John BambenekCVE-2014-4114 and an Interesting AV Bypass Technique
2014-12-06/a>Rick WannerGoogle App Engine Java Security Sandbox bypasses
2014-08-29/a>Johannes UllrichFalse Positive or Not? Difficult to Analyze Javascript
2014-07-15/a>Daniel WesemannOracle Java: 20 new vulnerabilities patched
2014-07-13/a>Tony CarothersOracle July 2014 Update Pre-Notification
2014-07-06/a>Richard PorterPhysical Access, Point of Sale, Vegas
2014-07-05/a>Guy BruneauJava Support ends for Windows XP
2014-07-02/a>Johannes UllrichSimple Javascript Extortion Scheme Advertised via Bing
2014-05-27/a>Kevin ShorttAvast forums hacked
2014-02-11/a>Johannes UllrichAdobe February 2014 Patch Tuesday
2014-02-05/a>Johannes UllrichTo Merrillville or Sochi: How Dangerous is it to travel?
2013-12-23/a>Rob VandenBrinkHow-To's for the Holidays - Java Whitelisting using AD Group Policy
2013-10-28/a>Daniel WesemannExploit cocktail (Struts, Java, Windows) going after 3-month old vulnerabilities
2013-10-15/a>Rob VandenBrinkJava Quarterly Updates
2013-10-08/a>Johannes UllrichAnti-Virus Company Avira Homepage Defaced
2013-09-10/a>Swa FrantzenMore Black Tuesday workload
2013-08-07/a>Johannes UllrichFirefox 23 and Mixed Active Content
2013-04-23/a>Russ McReeMicrosoft's Security Intelligence Report (SIRv14) released
2013-04-19/a>Russ McReeJava 8 release schedule delayed for renewed focus on security
2013-04-16/a>Rob VandenBrinkJava 7 Update 21 is available - Watch for Behaviour Changes !
2013-03-07/a>Guy BruneauApple Blocking Java Web plug-in
2013-03-05/a>Richard PorterJava j6u43 update #YAJU http://www.oracle.com/technetwork/java/javase/6u43-relnotes-1915290.html
2013-03-04/a>Richard PorterJava 7u17 update #YAJU http://www.oracle.com/technetwork/java/javase/7u17-relnotes-1915289.html
2013-03-01/a>Jim ClausingAnd the Java 0-days just keep on coming
2013-02-26/a>Rob VandenBrinkAll I need Java for is ....
2013-02-25/a>Johannes UllrichTrustwave Trustkeeper Phish
2013-02-20/a>Johannes UllrichUpdate Palooza
2013-02-19/a>Johannes UllrichOracle Updates Java (Java 7 Update 15, Java 6 update 41)
2013-02-12/a>Swa FrantzenAdobe Feb 2013 Black Tuesday patches
2013-02-08/a>Kevin ShorttIs it Spam or Is it Malware?
2013-02-01/a>Jim ClausingOracle quitely releases Java 7u13 early
2013-01-19/a>Guy BruneauJava 7 Update 11 Still has a Flaw
2013-01-15/a>Rob VandenBrinkWhen Disabling IE6 (or Java, or whatever) is not an Option...
2013-01-13/a>Stephen HallJava 0-Day patched as Java 7 U 11 released
2013-01-12/a>Stephen HallJava 0-day impact to Java 6 (and beyond?)
2013-01-10/a>Johannes UllrichJava is still exploitable and is likely going to remain so.
2012-11-01/a>Daniel WesemannPatched your Java yet?
2012-10-18/a>Rob VandenBrinkAnother Java update! Java SE 1.6.0_37 Available ==> http://www.oracle.com/technetwork/java/javase/releasenotes-136954.html
2012-10-17/a>Rob VandenBrinkTime to update - Java version 7 update 9 (JRE 7u9, JDK 7u9) is out! Release notes here - http://www.oracle.com/technetwork/java/javase/7u9-relnotes-1863279.html
2012-09-01/a>Russ McReeBlackhole targeting Java vulnerability via fake Microsoft Services Agreement email phish
2012-08-31/a>Russ McReeNot so fast: Java 7 Update 7 critical vulnerability discovered in less than 24 hours
2012-08-27/a>Kevin ListonQuick Bits about Today's Java 0-Day
2012-08-05/a>Daniel WesemannPhishing for Payroll with unpatched Java
2012-06-25/a>Guy BruneauUsing JSDetox to Analyze and Deobfuscate Javascript
2012-06-19/a>Daniel Wesemann Vulnerabilityqueerprocessbrittleness
2012-06-12/a>Swa FrantzenJava 7u5 and 6u33 released
2012-05-22/a>Johannes Ullrichnmap 6 released
2012-05-16/a>Johannes UllrichAvira Antivirus false positives http://forum.avira.com/wbb/index.php?page=Thread&threadID=144875
2012-04-25/a>Daniel WesemannBlacole's obfuscated JavaScript
2012-04-12/a>Guy BruneauApple Java Updates for Mac OS X
2012-04-06/a>Johannes UllrichAnother OS X Java Patch
2012-03-25/a>Daniel Wesemannevilcode.class
2012-02-16/a>Tony CarothersJava Update for February
2012-02-14/a>Johannes UllrichAdobe Shockwave Player and RoboHelp for Word Patches
2012-01-22/a>Johannes UllrichJavascript DDoS Tool Analysis
2012-01-03/a>Bojan ZdrnjaThe tale of obfuscated JavaScript continues
2011-12-12/a>Daniel WesemannJava 6u30 released
2011-12-10/a>Daniel WesemannUnwanted Presents
2011-12-07/a>Lenny ZeltserV8 as an Alternative to SpiderMonkey for JavaScript Deobfuscation
2011-10-22/a>Guy BruneauOracle Java SE Critical Patch Update
2011-09-05/a>Raul SilesJava 7 Officially Released
2011-08-19/a>Kevin ShorttJava SE 6 Update 27 released. No security updates, many bug fixes ==> http://www.oracle.com/technetwork/java/javase/6u27-relnotes-444147.html
2011-07-28/a>Guy BruneauJava 7.0 released. Get it here - http://blogs.oracle.com/javase/entry/java_7_has_released
2011-07-25/a>Bojan ZdrnjaWhen the FakeAV coder(s) fail
2011-07-21/a>Daniel WesemannDown the FakeAV rabbit hole
2011-06-28/a>Johannes UllrichUpdate: Java update for OS X fixes security issues http://support.apple.com/kb/HT1222
2011-06-13/a>Bojan ZdrnjaHarry Potter and the Rogue anti-virus: Part 1
2011-06-07/a>Johannes UllrichOracle Releases Java Version 1.6.0.26 http://java.com/en/download/manual.jsp
2011-06-06/a>Manuel Humberto Santander PelaezPhishing: Same goal, same techniques and people still falling for such scams
2011-06-06/a>Johannes UllrichThe Havij SQL Injection Tool
2011-06-03/a>Guy BruneauOracle Java SE Critical Patch Update Pre-Release Announcement - June 2011
2011-05-19/a>Daniel WesemannFake AV Bingo
2011-05-04/a>Bojan ZdrnjaMore on Google image poisoning
2011-05-01/a>Deborah HaleJava 6.25 Is Now Available
2011-04-23/a>Manuel Humberto Santander PelaezImage search can lead to malware download
2011-03-27/a>Guy BruneauStrange Shockwave File with Surprising Attachments
2011-03-14/a>Bojan ZdrnjaTsunami in Japan and self modifying RogueAV code
2011-03-09/a>Jim ClausingApple updates Java
2011-03-09/a>Kevin ShorttAVG Anti-Virus 2011 False Positives - Luhe.Exploit.PDF.B
2011-02-15/a>Jason LamOracle Java 6 Update 24
2011-02-09/a>Mark HofmanAdobe Patches (shockwave, Flash, Reader & Coldfusion)
2011-02-09/a>Mark HofmanJava Floating point issue (CVE-2010-4476)
2011-02-07/a>Pedro BuenoThe Good , the Bad and the Unknown Online Scanners
2011-02-04/a>Daniel WesemannOh, just click "yes"
2011-01-18/a>Daniel WesemannYet another rogue anti-virus
2010-12-29/a>Daniel WesemannBeware of strange web sites bearing gifts ...
2010-12-24/a>Daniel WesemannA question of class
2010-12-23/a>Mark HofmanOlder AV Scam Active again.
2010-12-08/a>Rob VandenBrinkJava 6, Update 23 is out => http://java.sun.com/javase/6/webnotes/ReleaseNotes.html , http://www.oracle.com/technetwork/java/javase/6u23releasenotes-191058.html , http://www.oracle.com/technetwork/java/javase/2col/6u23bugfixes-191074.html
2010-12-03/a>Mark HofmanAVG Update Bricking windows 7 64 bit
2010-12-02/a>Kevin JohnsonRobert Hansen and our happiness
2010-11-11/a>Daniel WesemannJava Exploits
2010-10-30/a>Guy BruneauSecurity Update for Shockwave Player
2010-08-25/a>Pedro BuenoAdobe released security update for Shockwave player that fix several CVEs: APSB1020
2010-08-17/a>Bojan ZdrnjaDo you like Bing? So do the RogueAV guys!
2010-07-21/a>Adrien de BeaupreUpdate on .LNK vulnerability
2010-07-20/a>Manuel Humberto Santander PelaezLNK vulnerability now with Metasploit module implementing the WebDAV method
2010-07-18/a>Manuel Humberto Santander PelaezNew metasploit GUI written in Java
2010-07-04/a>Manuel Humberto Santander PelaezMalware inside PDF Files
2010-07-01/a>Bojan ZdrnjaDown the RogueAV and Blackhat SEO rabbit hole (part 2)
2010-06-29/a>donald smithInteresting idea to help prevent RogueAV from using SEO without being noticed:)
2010-06-28/a>Bojan ZdrnjaDown the RogueAV and Blackhat SEO rabbit hole
2010-05-23/a>Manuel Humberto Santander PelaezOracle Java SE and Java for Business 'MixerSequencer' Remote Code Execution Vulnerability
2010-05-12/a>Rob VandenBrinkAdobe Shockwave Update
2010-04-14/a>Mark HofmanClamAV 0.94 EOL Reminder
2010-04-10/a>Andre LudwigNew bug/exploit for javaws
2010-04-02/a>Guy BruneauOracle Java SE and Java for Business Critical Patch Update Advisory
2010-03-05/a>Kyle HaugsnessJavascript obfuscators used in the wild
2010-02-27/a>Johannes UllrichSearch Engine Poisoning: Chile Earthquake
2010-01-14/a>Bojan ZdrnjaRogue AV exploiting Haiti earthquake
2010-01-13/a>Guy BruneauSun Java JRE 6 Update 18 Released
2010-01-08/a>Rob VandenBrinkMicrosoft OfficeOnline, Searching for Trust and Malware
2009-12-05/a>Guy BruneauJava JRE Buffer and Integer Overflow
2009-12-03/a>Mark HofmanAvast false positives
2009-11-13/a>Adrien de BeaupreConficker patch via email?
2009-11-03/a>Bojan ZdrnjaAdobe released Shockwave Player 11.5.2.602 which fixes several critical security vulnerabilities
2009-09-08/a>Guy BruneauBug Fixes in Sun SDK 5 and Java SE 6
2009-08-04/a>donald smithJava Security Update
2009-07-15/a>Bojan ZdrnjaMake sure you update that Java
2009-07-01/a>Bojan ZdrnjaMobile phone trojans
2009-06-10/a>Swa FrantzenJava 6 update 14 released
2009-05-27/a>donald smithWebDAV write-up
2009-05-24/a>Raul SilesIIS admins, help finding WebDAV remotely using nmap
2009-05-22/a>Mark HofmanPatching and Apple - Java issue
2009-05-21/a>Adrien de BeaupreIIS admins, help finding WebDAV
2009-05-10/a>Mari NicholsIs your Symantec Antivirus Alerting working correctly?
2009-05-04/a>Tom ListonAdobe Reader/Acrobat Critical Vulnerability
2009-04-07/a>Bojan ZdrnjaAdvanced JavaScript obfuscation (or why signature scanning is a failure)
2009-04-02/a>Bojan ZdrnjaJavaScript insertion and log deletion attack tools
2009-03-25/a>David GoldsmithJava Runtime Environment 6.0 Update 13 Released
2009-02-25/a>Andre LudwigAdobe Acrobat pdf 0-day exploit, No JavaScript needed!
2009-02-10/a>Swa FrantzenJava up to date ?
2008-11-02/a>Adrien de BeaupreDaylight saving time
2008-09-15/a>donald smithFake antivirus 2009 and search engine results
2008-08-10/a>Stephen HallFrom lolly pops to afterglow
2008-07-14/a>Daniel WesemannObfuscated JavaScript Redux
2008-07-09/a>Johannes UllrichJava Update
2008-06-30/a>Marcus SachsMore SQL Injection with Fast Flux hosting
2008-05-20/a>Raul SilesList of malicious domains inserted through SQL injection
2008-05-20/a>Raul SilesJava 6 Update 6 has been released
2008-04-06/a>Daniel WesemannAdvanced obfuscated JavaScript analysis
2008-04-03/a>Bojan ZdrnjaMixed (VBScript and JavaScript) obfuscation