INSERT INTO sites(host) VALUES('malwaredatabase.net') 2002: Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) malwaredatabase.net 网站价值¥148,405(不含域名),MYIP.CN网站综合数据统计 - 域名,Alexa,PR,反向链接,关键字
  测网速 网站优化诊断 广告招商QQ3066631932 CodeForge最好的源码站!   手机测速 测速APP

  
                       

网站页面信息

标题:
描述:
关键字:
sponsored links:
连接:
图片:
网站历史:
sponsored links:

网站流量与估价

网站流量:
网站估价:  (注:不包含域名价值,不代表公司价值)

网站排名

Alexa全球排名:
Google Page Rank:
真假PR鉴别:   (提示:若此处显示网站与查询网站不同,则疑为劫持PR)
Sogou Rank:
百度快照日期:

搜索引擎收录

搜索引擎收录情况反向链接
 谷歌Google:
 百度Baidu:
 微软Bing:
 搜搜Soso:
 雅虎Yahoo:
 有道Youdao:
 搜狗Sogou:

服务器信息

Web服务器:
IP地址:    
IP所在地:

域名注册信息

注册人:
Email:
ICANN注册机构:
创建时间:
修改时间:
过期时间:
状态:
Name Server:
Whois Server:

Alexa 排名走势数据

流量统计: 当日 一周平均 三个月平均
排名:
PV:
日独立IP:

网站在各国/地区的排名

国家/地区访问比例

下属子站点被访问比例

Alexa 排名走势图

Alexa Reach走势图

域名 Whois 记录

Who is malwaredatabase.net at whois.godaddy.com

The data contained in GoDaddy.com, Inc.'s WhoIs database,

while believed by the company to be reliable, is provided "as is"

with no guarantee or warranties regarding its accuracy. This

information is provided for the sole purpose of assisting you

in obtaining information about domain name registration records.

Any use of this data for any other purpose is expressly forbidden without the prior written

permission of GoDaddy.com, Inc. By submitting an inquiry,

you agree to these terms of usage and limitations of warranty. In particular,

you agree not to use this data to allow, enable, or otherwise make possible,

dissemination or collection of this data, in part or in its entirety, for any

purpose, such as the transmission of unsolicited advertising and

and solicitations of any kind, including spam. You further agree

not to use this data to enable high volume, automated or robotic electronic

processes designed to collect or compile this data for any purpose,

including mining this data for your own personal or commercial purposes.



Please note:
the registrant of the domain name is specified

in the "registrant" field. In most cases, GoDaddy.com, Inc.

is not the registrant of domain names listed in this database.





Registrant:


Malware Research



Registered through:
GoDaddy.com, Inc. (
http://www.godaddy.com)

Domain Name: MALWAREDATABASE.NET



Domain servers in listed order:


ns10.lithiumsys.com

ns11.lithiumsys.com





For complete domain details go to:


http://who.godaddy.com/whoischeck.aspx?Domain=MALWAREDATABASE.NET

网站缩略图

sponsored links:

网站访问速度测试

国内Ping速度测试      国内TraceRoute路由测试
美国Ping速度测试      美国TraceRoute路由测试

网站关键字指数 (越高越热门)

域名 malwaredatabase 其他后缀注册情况   查看更多

后缀 注册时间 到期时间 是否注册
.com
.net
.org
.cn
.com.cn
.asia
.mobi

同类相似网站

查看更多
Alexa标题
1,488,012Malware Database
0ESET NOD32 Antivirus Software - Elimine Spyware, Adware, Rootkits, Vir
0Malware Help. Org | PC security, privacy, anonymity and anti-malware R
4,749ESET - Antivirus Software with Spyware and Malware Protection
4,708Speed Up Slow Computer, Keep PC and Internet Secure, Freeware Download
201,325Emsisoft Anti-Malware (gratis) und Mamutu Verhaltensanalyse - (a-squar
118,892Endpoint Protection, Antivirus Software, Email & Anti-Malware Protecti
4,015,023Emsisoft Anti-Malware Free and Mamutu behavior blocker - (a-squared) F
527,100A1datastore Huge email database email list database 4 internet marketi
4,953VirusTotal - Free Online Virus, Malware and URL Scanner
211,538ESET NOD32 Antivirus - Effizienter Schutz vor Viren, Trojaner, Wuermer
261,909FireEye, Web Malware Security & Botnet Protection Systems
512,435all-about-security.de: IT-Security, Endpoint, Malware, Data Loss Preve
817,100Malware City: stay informed in your every day battle against malware
1,073,271ESET - Antivirus Software with Spyware and Malware Protection
722,967NovaShield - Anti Malware, Antivirus, PC Security Products, Behavio
149,609MalWare Removal • Malware Removal - Website Home Page.
834,459Remote Oracle DBA | Remote DBA Support | Database Specialists
1,190,107Emsisoft Anti-Malware et Mamutu bloqueur de comportement malveillant -
1,142,902Emsisoft Anti-Malware (Freeware) et Mamutu bloqueur de comportement ma
727,919Protection against Malware like Trojans, Worms, Dialer, Spyware in one
480,087carsporter - world largest complete sportcar review database, sportcar
735,412remove-malware.net - solutions for removing spyware, adware and other
575,278Tools for Database Developers: database modeling, synchronization, com
526,437Database F1 - Help in Database, get Database code, scripts, tutorials
48,346Emsisoft Anti-Malware Free and Mamutu behavior blocker - (a-squared) F
1,132,291Upscene: Database tools for Developers. Database developer tools for I
782,451
1,496,805PC Security Labs --- Independent Research of Antivirus Test and IT Sec
0PC Security Labs---PCSL|PC Security|Malware-List|PCSL-Testing|Anti Vir

模拟搜索引擎蜘蛛抓取

Title:Malware Database
Description:Malware Database is a group of security professionals and a few hobbyists who each contribute to a private distributed database of malicious binaries while raising awareness on current malware trends through our website.
Keywords:malware, malware removal, rogue security software, XP Antivirus 2008, XP Antivirus 2009, eAntivirusPro, Web Spy Shield, Firewall, Antivirus, Anti-Malware, Anti-Virus, Security Software, Malicious Domains, Malicious Binaries, Malware Database, Rogue Remover, Security, Software, rootkit, trojan, malware database, malware repository
Body:
Malware Database
Social engineering bypasses all technologies, including firewalls.
Kevin Mitnick
Malware Database
About Us
Malware Search
FAQ
09Nov
new rogue domain: adware-2010.com
By bartblaze
0 Comments
Categories: Blackhat SEO, Database Update, Malware Distribution and Rogue Security Software
Whois record for adware-2010.com
Registrant Contact:
Name: Domains by Proxy, Inc.
Address: 15111 N. Hayden Rd., Ste 160, PMB 353
City: Scottsdale, Arizona 85260
Country: United States
hxxp://adware-2010.com
Result: 5/17 (29 %)
Domain Hash: b414c04b50a49afffbe7bccfc2018358
URLVoid
Note: this page does not trigger a #8220;scan #8221; of your computer.
Some related domains:
hxxp://www.antivirus-armor.com/
hxxp://www.anti-virus-professional.com/
hxxp://www.adwareprofessional.com/
hxxp://adwareprofesional.com/
hxxp://adwareprofessional.net/
hxxp://adwareprofessional.org/
hxxp://adware-2009.com/
hxxp://www.antivirus.nhinfosys.com/
hxxp://www.adware-2011.com/
hxxp://adware2010.com/
hxxp://adware2011.com/
The following file was downloaded:
setup.exe
Result: 21/43 (48.8%)
MD5: 161abe66e920925699d88f935838696c
VirusTotal
Anubis Report
ThreatExpert Report
Screenshot examples:
Adware Professional 5.0 home page
When executing the file (setup.exe)
Adware Professional 5.0 installation wizard
25Oct
The Botnet Wars: a Q amp;A
By bartblaze
1 Comment
Categories: Database Update, Exploit, FAQ, Malware, Malware Distribution, Thoughts and Vulnerabilities
The Botnet Wars: a Q amp;A
- written by Bart Parys
- @bartblaze
Introduction
Botnet kits. Crimeware kits. Exploit kits. Who hasn #8217;t heard these words nowadays ? Sold in underground forums, they are becoming more popular due to a drop in prices and the fact you do not need to be a technological wonder to use them.
But what are these kits exactly ? Which features does it have ? Who develops them ? How do they get used ? More importantly, how can we stop the spreading of these kits and how can users protect themselves against the dangers they pose ?
In today #8217;s article (which will be a Q amp;A, a question amp; answer), I hope to be able to clear up the mystery behind these kits. I have been able to interview experts in the anti-malware world. They will each give their opinion on this particular subject.
I will pose my question and place the answer of each expert right beneath it, for your convenience.
Included is a link to their website, and a link to their Twitter page. If you have Twitter, I strongly advise you to follow them if you aren #8217;t already. The experts are the following:
Iftach Ian Amit - Security Art VP Business Development - @iiamit
Luis Corrons #8211; PandaLabs Technical Director - @Luis_Corrons
David Harley #8211; Eset Anti-malware researcher/author - @DavidHarleyBlog
Mikko H. Hypponen #8211; F-Secure Chief Research Officer - @mikkohypponen
Paolo Milani #8211; isecLAB Malware/Threat researcher - @paolo_milani
David Sancho #8211; Trend Micro Senior Malware Researcher #8211; @dsancho66
Steve Santorelli #8211; Team Cymru Malware/Threat Researcher - @teamcymru
Lenny Zeltser #8211; Savvis Security Consultant amp; Malware/Threat Researcher - @lennyzeltser
Note: Mr. Harley did not have much time as he was travelling, but succeeded in providing me answers anyway. Thanks !
Iftach Ian Amit provides us with the difference between an exploit kit and a crimeware kit:
The exploit kits are usually focused on serving the attack vector of drive-by downloads and browser exploitations where criminals #8220;reach out #8221; to get their victims abused. An example for an exploit kit is Mpack, IcePack, Neosploit, etc…
The crimeware kits (or more specifically the Trojan kits) serve the more persistent part of the attack and are the ones being deployed after the exploit kit managed to gain access to the victim #8217;s system. Trojan kit examples are Limbo, ZeuS, SpyEye, Sinowal, etc…
Now, time to fire off those questions ! Each expert will give their opinion and elaborate.
a) Let us start with a basic question. What is, in your opinion, an exploit kit ? Which features does it have and which risks pose they ?
Iftach Ian Amit:
An exploit kit specifically is an aggregation of #8220;weaponized #8221; exploits geared towards ease of use in deployment. These usually have a basic installation script (DB backed), and a management interface. Some exploit kits include multiple-user support and a granular permission system to allow users from different #8220;groups #8221; to manage their own data. The exploit kit does NOT contain a payload (usually a Trojan, Spyware, or a rootkit), but allows the manager to set one up to be used on PCs it successfully exploits.
The risk that exploit kits pose is from an ease-of-use perspective, as they enable even the most non-technical criminal to start utilizing the internet as a venue for their fraud.
Luis Corrons:
It is a “kit for infecting computers for dummies.” Pretty popular nowadays, we are just talking about a software package very easy to use, that enables anyone to create their infection spread platform. They come with a number of exploits for different software, they usually include tech support amp; updates (if you pay for it), statistics, etc. You can even decide which users you want to infect (per country, language, etc.) and some also include a module to infect websites injecting iframes which will point to the exploit kit server, where the software is installed and where the exploits are launched from.
David Harley:
I’d actually favour quite a lax definition: some “exploit kits” are not much more than Proof of Concept code that illustrates a vulnerability. Not that information about a vulnerability is a trivial issue. In fact we had to be rather careful in our research into Stuxnet not to make too much information available about currently unpatched vulnerabilities that we’ve turned up during our analysis work, though it’s difficult to strike a balance between releasing enough generally useful information and too much info for comfort. The prompt take-up of the CVE-2010-2568 vulnerability originally found in Stuxnet by other malware families illustrates the problem.
The risks here are generally indirect as far as the user is concerned: they depend on the ability of criminals to turn a specific kit to their advantage: however glamorous the bug, it can still be the quality of the social engineering that makes it successful.
Mikko H. Hypponen:
An exploit kit is a collection of multiple exploits, targeting various different vulnerabilities. Most of these focus on drive-by-attacks, targeting web surfers.
Paolo Milani:
I think an exploit kit can be all sorts of different things, and will become yet more varied as time goes by. Cybercrime is developing into a service economy, with many specialized actors with completely different levels of technical sophistication, and different levels of involvement into illegal activities, who provide services to one another. So some people develop and sell 0-days, others operate and rent botnets, and others provide software tools for different parts of this ecosystem, from ready-to-use bot code to tools for drive-by download exploits or blackhat search engine optimization. Any of these software tools can in the wider sense be called #8220;exploit kits #8221;.
David Sancho:
Exploit kits are web front-ends whose main objective is to infect the users when they access the page. In order to do this, they identify the user #8217;s browser and send the right exploits to make sure they get infected. In addition to this, modern exploits have logging capabilities that crunch the numbers so that the owner can see how many users have been infected, what country they were coming from, what vulnerabilities are the most successful ones and other similar items.
Exploit kits ultimately mean that a criminal can put up a malicious web site to infect users. They can do this with a minimal programming effort, with low cost and with good reporting stats that will allow them to tweak their attacks to maximize the number of infections.
These are similar to botnet kits, which allow the criminals to create botnets. Botnet kits have both server and client side and can be customized so that the information they steal from the victim #8217;s pc is automatically reported to the command and control console so that the botnet #8217;s owner can access it. Botnet kits have automated botnet creation and maintenance in such a way that it has impulsed malware growth enormously. Proliferation of malware is in part due to the ease which criminals have access to automated tools to infect new victims.
strong
Steve Santorelli:
A package that contains everything needed to infect and leverage those infected machines without needing to know much coding, if any. One of the major problems is that this enables a far broader base of criminals to adopt and use these kits as a lack of technical knowledge is no longer a barrier. There is also often centralized, highly reactive and highly experienced development and technical support available to the exploit kit users. Advertising, pricing and reputation all come into play here, just as with any other type of sales #8216;in real life #8217;.
Lenny Zeltser:
An exploit kit is a toolkit that automates the exploitation of client-side vulnerabilities, targeting browsers and programs that a website can invoke through the browser. Common exploit targets have been vulnerabilities in Adobe Reader, Java Runtime Environment and Adobe Flash Player.
A key characteristic of an exploit kit is the ease with which it can be used even by attackers who are not IT or security experts. The attacker doesn’t need to know how to create exploits to benefit from infecting systems. Further, an exploit kit typically provides a user-friendly web interface that helps the attacker track the infection campaign.
Some exploit kits offer capabilities for remotely controlling the exploited system, allowing the attacker to create an Internet crimeware platform for further malicious activities.
b) Do you suspect that the phenomena of an exploit kit disabling one another, will appear more ? In other words, do you think the authors of these kits will more and more start to target each other to infect more users or to steal each other #8217;s botnets ?
Iftach Ian Amit:
I #8217;m assuming here you either refer to Trojan-builders or auto-pawn tools (which infect legitimate websites with the malicious code from exploit kits). These two tool categories have shown over the last few years (at least 3-4 years from my personal experience) that the competition is fierce in the online criminal world, as they have been added with features to disable/uninstall #8220;competing #8221; tools.
I #8217;m definitely expecting the competition in the Trojan market to step up in terms of gaining more marketshare #8211; especially if it’s affecting a competing botnet.
Luis Corrons:
We have seen malware disabling other malware since a long time ago. Some of you may remember the fight that the Netsky and Bagle authors had 6 years ago, they were at that time creating some variants that were disabling or uninstalling each other’s malware. The exploits kits are used to install malware, so from a criminal point of view it is useful to remove other malware that is present there and could interfere with their business.
David Harley:
I don’t know if it will increase, but it’s not unlikely: piggybacking and botnet theft have long been prevalent at the malicious application level, and it makes sense that such targeting is seen as a selling point for exploit kits too.
Mikko H. Hypponen:
Exploit kits are often commercial in the sense that they are being sold in the underground between hackers. This means that there #8217;s concrete competition between these criminals. As a result we do see cases where particular attacks will try to disable previous attacks from a machine in order to gain control of them.
Paolo Milani:
That #8217;s quite possible, we #8217;ve seen this back in the day of network worms that were scanning for each other #8217;s backdoors. Also, security researchers have been known to take over botnets that do not use strong authentication for bot commands. However, in the future I expect increasing professionalism and sophistication on the part of the bot masters, who I think will more and more use standard cryptography or other sound technical means to ensure they maintain control of their bots.
David Sancho:
Botnet kits have had a tendency lately of disabling each other. This is possibly a sign of rivalry between the programmers of each kit. Stealing other botnet #8217;s clients is definitely a possibility and if they haven #8217;t thought of it, they will pretty soon. I actually think this will become commonplace because once a bot takes over a victim machine, if it was previously infected, that bot belongs to both botnets. Checking this eventuality and preventing it purely denies competing botnets access to their own resources.
Steve Santorelli:
SpyEye has had a #8216;Kill Zeus #8217; option for a while now. Most evolution of tools and techniques in the Underground Economy is driven by business/economic need and a desire to maintain a low risk and high reward ratio. As such if you approach a position where the majority of infect-able machines are already infected, it #8217;s logical to assume that miscreants will start to fight over the pool of available machines: they are making good money so they won #8217;t stop just because it #8217;s becoming slightly harder to do business.
They will adapt and overcome: we see this constantly in the Underground Economy.
Lenny Zeltser:
I may be defining an exploit kit more narrowly than how you use the term. In my mind, the exploit kit is the launching platform used to deliver other payload, which may include a bot, a backdoor, spyware or another type of malware. In this context, exploit kit authors and distributors compete for customers.
Overall, it’s not uncommon for criminals of all shapes and sizes to battle one another for control. I’m not surprised we’re seeing such battles in the Internet world as well. Though there are a lot of potential targets for competing attackers to infect, it’s natural for the attacker to wish to assert full control over newly-compromised system. If the host is already infected, the new attacker will need to remove the presence of a competing entity. It’s a variation of a children’s game called King of the Hill, though obviously with more severe repercussions.
c) More and more exploit kits are sold in underground forums, which is increasing the use of these kits. Do you expect that the source of attacks will be more widespread, i.e. more countries getting involved instead of the traditional ones ? (Russia, China, ..)
Iftach Ian Amit:
Definitely #8211; even the forums are opening up more and more to members that are not specifically from the #8220;local #8221; countries. We have been seeing that in the pricing models used for selling such tools (speaking Russian/Chinese usually means a lower price), as well as in the openness tosell to foreigners that identify themselves as such (whereas in the past you had to #8220;prove #8221; some locality to get the really tricked up kits).
This, in addition to more criminal venues finding the online market a major additional revenue source, and the limping economy which brings more people to try and find ways to make a quick buck, is a sure way to see continued growth in the popularity of exploit kits and Trojan creation/management kits.
Luis Corrons:
This should makes us think a few things. It seems that if you are a good developer and you’re living in the US, Europe or Japan, you’d work any good IT company that will pay you really well. But if you are living in China or Russia, and you need food to eat, for you and your family, and you are a really good developer but with no choice to work for an IT company, what would you do? Those are the guys that can make a lot of money developing these kits and selling them, it’s an easy way to make a lot of money really fast.
So answering the question, even though these attacks happen everywhere, and from each and every country, I don’t think we’ll see anytime soon a major change in the actual situation where certain countries are the ones attacking the most. Explanation: Easy money + little risk + no other choices
David Harley:
While certain kinds of attack are particularly and popularly associated with certain regions, I don’t actually think that regionalization has ever been such a hard and fast issue, and in a depressed economic climate the old differences between hobby malware and malware for profit have tended to dissipate, and I’d expect the trend to be upward.
Mikko H. Hypponen:
We do expect most of these kits continue to be from the usual suspects. Russia, Ukraine, Belarus, China etc.
Paolo Milani:
Hard to say. I think this type of patterns can also change dramatically with the legal and regulatory framework around the internet and internet crime in individual countries (like the recent change in the domain registration policies in china).
David Sancho:
This is already happening. The Mariposa botnet surfaced in February 2010 in Spain, which is a country not normally tied to these kinds of attacks. There have been other instances of new botnets surfacing everywhere else and this is no doubt caused by the wide availability of botnet kits and other software designed to make criminals #8217; lives easier.
Steve Santorelli:
We are already seeing it: miscreants from multiple countries and regions, all co-operating irrespective of any cultural, language or even religious differences that might separate them in real life: they are all primarily and overwhelmingly interested in making money whilst maintaining a low risk and high reward equation.
Lenny Zeltser:
I haven’t researched geographic patterns associated with the usage of exploit kits. Certainly some of the toolkits are developed and marketed in a specific country and, therefore, will be used more widely by attackers who speak that language or who hang out in those forums. However, the “beauty” of exploit kits is that they can be developed in Country A, sold in Country B, and used in Country C to attack Country D by using systems hosted in Country E. My point is that it’s hard to attribute malicious activity to actors located in a particular country by simply looking at IP addresses observed during the immediate attack.
d) Additionally, the kits are getting cheaper and more options are available. Is it acceptable to presume that more and more users with low or no technical skills will use these kits for profit ? For example look at the Mariposa case, where the botnet operators had little knowledge about technical subjects.
Iftach Ian Amit:
Of course. In a lot of the cases that we have been seeing, the botnet herder wasn #8217;t really technically savvy. The kits are designed to focus on the #8220;business #8221; side of things and takes care of all the major technical aspects of running a successful botnet. As I mentioned before, criminal operations that seek to enter the online market find it very easy to just buy a kit, have a few henchmen run it, and if needed take the fall for it (see Mariposa again).
Luis Corrons:
Yes, of course, these packages are point – and click, as I was saying it is for dummies, you don’t need to be an expert, not even an average user to learn how to use them.
David Harley:
I’d agree with that, in general.
Mikko H. Hypponen:
Yes, most of the exploit kit customers have limited technical skills and would be unable to create the exploits themselves.
Paolo Milani:
Yes, I think this is part of the specialization of the industry. More technologically savvy actors develop malicious software, which in many countries is not in and of itself a crime. Other actors, who may not be as technically competent but are more willing to take risks, actually go out and use the software to commit crimes.
David Sancho:
Exactly. I don #8217;t even think the cost is a factor anymore. Zeus is a very popular botnet kit that is not precisely cheap but a resourceful criminal can amortize the cost in no time. This is becoming such a bountiful market that a high license fee, say between $5,000 and $10,000, is a reasonable investment for cybercriminals.
Steve Santorelli:
Yes, as answered in a), this is one of the major problems #8211; it is a package that contains everything needed to infect and leverage those infected machines without needing to know much coding. This enables a far broader base of criminals to adopt and use these kits as a lack of technical knowledge is no longer a barrier.
Lenny Zeltser:
Indeed, the ease of use and affordability of exploit kits makes it possible even for people with low technical skills to become a “hacker,” be it for profit, politics or other reasons.
e) And, last but not least, how can we prevent these exploit kits to spread and what are the best practices for users to protect themselves against mischief ?
Iftach Ian Amit:
Fortunately, most of the kits do not contain 0-day exploits. Unfortunately, most home (as well as business) users do not patch their systems and are left an easy prey for those kits. It #8217;s a combined effort from both software vendors to quickly patch (and test!) their software, as well as users to be more responsible in terms of making sure they are running the latest version of the software available to them. The numbers speak for themselves, and right now most kits have a good enough success rate without the true need for 0-days in them. If the status-quo will change and we will see more resilient software that updates itself quickly and seamlessly, as well as users that demand a secure operating environment, the exploit kits would have a hard time maintaining their reign over us.
Luis Corrons:
Most of the exploit kits use known exploits that are not 0-day, so that means that there is a patch for each one. If people would patch, which means to update each and every piece of software installed in a computer, the kits would be useless.
David Harley:
I don’t see this as (primarily) an area in which users can do much except to take the usual precautions (sound security software properly updated, patching, caution against social engineering and so on.) The most effective preventative measures are almost invisible to end users: anti-malware technology, of course, but also at the level of cooperation with law enforcement, ISPs and so forth at an international level, takedown of exploit resources, unobtrusive monitoring of new families and trends, etc.
Mikko H. Hypponen:
Security companies must be very active in gaining access to the latest versions of various kits and then build generic detections against all the exploits they can generate. Alternatively, generic exploit-detection technologies help.
Paolo Milani:
I #8217;m not sure we can prevent exploit kits from spreading. Insofar as they are traded on mostly open forums, security practitioners can do some amount of monitoring of what happens in these markets (see recent work at our lab: http://seclab.tuwien.ac.at/papers/underground_dimva.pdf).
Once the bad guys take the trading onto private channels, nothing short of police infiltration can really make a dent, and we know how hard that is across national jurisdiction boundaries.
David Sancho:
Botnet kits and exploit kit sales happen in the underground so it #8217;s key that security companies keep an eye on what #8217;s happening there. Law enforcement agencies around the world are especially keen on apprehending the criminals so it #8217;s in their own interest that information flows. This is already happening and security professionals gather in private and public forums to exchange intelligence so that we can be on top of the attacks as soon as they happen.
From the user #8217;s perspective, if they don #8217;t want to become a victim they need to be aware of the tactics that the criminals use to infect and always be protected with an antivirus suite.
Steve Santorelli:
Wow #8211; this answer would take up a book. At a basic, user level, follow our tips here:
http://www.team-cymru.org/ReadingRoom/Tips/. At a network Administrator level, ping us at outreach[AT]cymru[DOT]com #8230; We #8217;ve got over 30 different community services that we offer at no cost that can help network admins protect their users but above all: DON #8217;T PANIC and leverage the IT Security Community to help you. Some very smart folks (much smarter than me) have been working to combat these problems for years and they relish the opportunity to help anyone else who is willing to fight the good fight!
Lenny Zeltser:
Though some exploit kits target zero-day vulnerabilities, a large number of exploits go after vulnerabilities for which patches exist. End-users and organizations should look closely at how they keep up with security patches on the desktop. End-users at home can use auto-update mechanisms of the targeted applications or specialized tools such as Secunia PSI. Enterprise environments should use automated tools to identify vulnerable systems, install relevant patches and validate that the patches are installed. It’s also important to lock down the environment so that when an individual system is affected, the attack is contained and discovered quickly.
Conclusion
I think we may come to the conclusion that Exploit Kits these days are easy-to-use and as one expert said; #8220;it is a kit for infecting computers for dummies.” They usually exist of web front-ends to infect the user.
Will malware authors be targeting each other ? This is of course hard to predict, but it might be more common in the future.
A new development is however happening, as posted by Brian Krebs:
#8220;Leading malware developers within the cyber crime community have conspired to terminate development of the infamous ZeuS banking Trojan and to merge its code base with that of the up-and-coming SpyEye Trojan, new evidence suggests. #8221;
Will the attacks be more wide spread ? Yes, most experts think it will. One expert noted:
#8220;However, the “beauty” of exploit kits is that they can be developed in Country A, sold in Country B, and used in Country C to attack Country D by using systems hosted in Country E. #8221;
Will more and more users with bad intentions use these kits for profit ?
Yes, as been said before, take a look at the Mariposa case. The botnet herders weren #8217;t exactly technical savvy #8211; the ease of use #8220;is part of the specialization of the industry. #8221; Also, #8220;The kits are designed to focus on the #8220;business #8221; side of things and takes care of all the major technical aspects of running a successful botnet. #8221;
How can we protect ourselves and which countermeasures can we take against these kits ?
The answer is: PATCH PATCH PATCH. Keep your Operating System up-to-date and use an Antivirus with a strong Firewall.
#8220;Security companies must be very active in gaining access to the latest versions of various kits and then build generic detections against all the exploits they can generate. Alternatively, generic exploit-detection technologies help. #8221;
#8220;Law enforcement agencies around the world are especially keen on apprehending the criminals so it #8217;s in their own interest that information flows. This is already happening and security professionals gather in private and public forums to exchange intelligence so that we can be on top of the attacks as soon as they happen. #8221;
Security companies must work together, cooperate, unite even, against these kits and the authors/operators behind it:
#8220;The most effective preventative measures are almost invisible to end users: anti-malware technology, of course, but also at the level of cooperation with law enforcement, ISPs and so forth at an international level, takedown of exploit resources, unobtrusive monitoring of new families and trends, etc. #8221;
I would like to thank the experts for their time and of course their professional insight on the subject.
About me
I currently work at Panda Security as a Technical Support Engineer. Obviously, my main interest lies in Malware Research.
If you would like to know more, or just want to have a chat about almost everything, don #8217;t hesitate to contact me on Twitter:
@bartblaze
Thank you for reading and until next time.
13Oct
new rogue domain: antisywire.com
By bartblaze
0 Comments
Categories: Database Update and Rogue Security Software
Whois record for antisywire.com
Registrant Contact:
Name: Amora Delaco
Address: Sun street 12-45/2
City: Los Angeles
Country: United States
hxxp://antisywire.com
Result: 0/17 (0 %)
Domain Hash: 1afd77aed84ca02364d9bba567313913
URLVoid
Note: this page does not trigger a #8220;scan #8221; of your computer.
Some related domains:
hxxp://Antivirdrome.com
hxxp://Antivirwall.com
hxxp://Versionantispy.com
hxxp://Antisywire.com
hxxp://Antispydot.com
hxxp://antivirwall.net
Screenshot example:
Antivirus Action home page
28Sep
new rogue domain: antivirwall.com
By bartblaze
0 Comments
Categories: Database Update, Phishing and Rogue Security Software
Whois record for antivirwall.com
Registrant Contact:
Name: Mikle Sinders
Address: 19 avenue 876
City: Los Angele
Country: United States
hxxp://antivirwall.com
Result: 1/17 (6 %)
Domain Hash: 51230ec51df8d178e3d1252baedfdb5d
URLVoid
Note: this page does not trigger a #8220;scan #8221; of your computer.
Some related domains:
hxxp://ezantispy.com
hxxp://versionantispy.com
hxxp://www.stopjunkspam.com
hxxp://www.antispamwatch.com
hxxp://pcprotectnow.com
hxxp://theprotectall.com
Screenshot example:
Antivirus IS home page
06Sep
new rogueware domains
By bartblaze
0 Comments
Categories: Blackhat SEO, Database Update, Malicious Domains and Rogue Security Software
New rogueware domains are spreading fast around the web. Today I found a lot of websites, and some are offering a different product:
One is for Antivirus live, another one for Security Suite, and yet another website is designed for System Guard 2009. Antivirus Live even has an interface that differs from their other page.
They all seem to be very professional, with quotes copied from legit antivirus companies or security websites.
Note: none of these pages trigger a #8220;scan #8221; of your computer.
Whois record for avcruiser.com
Registrant Contact:
Name: Aydar Zykoev
Address: Volhonka 73
City: Moskow
Country: Russia
hxxp://avcruiser.com
Result: 5/17 (29 %)
Domain Hash: a1ba5a9028f0086c1f6f5145d569c4b6
URLVoid
Whois record for antispyfond.com
Registrant Contact:
Name: Ghilbert Fither
Address: Fither inc 1st 54/5
City: New York
Country: United States
hxxp://antispyfond.com
Result: 1/17 (6 %)
Domain Hash: 6f0d7edf587a531e78e051e1b2e9ed5a
URLVoid
Whois record for antispyclass.com
Registrant Contact:
Name: Coordination Center for TLD RU
Address: Krasnopresnenskaya nab.
City: Moscow
Country: Russia
hxxp://antispyclass.com
Result: 1/17 (6 %)
Domain Hash: 048a9c79940a686af6d5d685ef1bf1f2
URLVoid
Related domains:
hxxp://antispyware-global.net
hxxp://antispyjob.com
hxxp://Antivira2010.com
hxxp://antivirlock.com
hxxp://antivirreality.com
hxxp://antispywaresimple.com
hxxp://antivirbase.net
hxxp://antispyware-tools.net
hxxp://antivirtools.net
hxxp://anitvirustool2010.com
hxxp://antivirbest.com
hxxp://antispy-defender.com
hxxp://antivir-protect.com
hxxp://antispylock.com
hxxp://antispywarebase.net
hxxp://Antispydelta.com
hxxp://Antispydog.com
hxxp://Antispydogma.com
hxxp://Antispyextra.com
hxxp://Antispywareactual.com
hxxp://Antispywaresimple.com
hxxp://antivirdelivery.com
hxxp://antivirone.com
hxxp://antivirdom.com
hxxp://Antivirreality.com
hxxp://Antivirworld.com
hxxp://Avcleaner.com
hxxp://av-downloadcenter.com
hxxp://Claronav.com
hxxp://Cremix.net
hxxp://Doublesavior.com
hxxp://Edefender-pro.com
hxxp://Great-eusing.com
hxxp://Reddragonav.com
hxxp://sings-soft.com
hxxp://Superspyremover.com
hxxp://Taskbar-hide.com
hxxp://Viruscleanersoft.com
Screenshot examples:
Antivirus Live home page
Antivirus Live home page #2
Security Suite home page
System Guard 2009 home page
24Aug
new rogue domain: desktopsecuritysoft2010.com
By bartblaze
0 Comments
Categories: Database Update and Rogue Security Software
Whois record for desktopsecuritysoft2010.com
Registrant Contact:
Name: Proxy Private Registration
Address: 27 Old Gloucester street
City: London WC1N 3AX
Country: United Kingdom
hxxp://desktopsecuritysoft2010.com
Result: 8/16 (50 %)
Domain 41e3eca6d25ca75d2d335708b554d8e8
URLVoid
Note: this page does not trigger a #8220;scan #8221; of your computer.
Some related domains:
hxxp://desktopsecuritytech2010.com
hxxp://desktopsecurity2010new.com
hxxp://desktopsecurityorg.com
hxxp://desktopsecuritylab.com
The following file was downloaded:
security.exe
Result: 31/42 (73.8%)
MD5: 48ad4454db79f34d2ed0e6be365d92fd
VirusTotal
Anubis Report
ThreatExpert Report
Screenshot examples:
Desktop Security 2010 home page
When executing the file (security.exe):
21Aug
new rogue domain: makeptotect73.co.cc
By bartblaze
0 Comments
Categories: Blackhat SEO, Database Update and Rogue Security Software
If you #8217;re looking for the latest news about Honda, you might get surprised by finding a rogueware called MySecuritySield popping up.
Some of the affected search terms:
honda recall 2010 list
honda recall 2010
Whois record for makeptotect73.co.cc
Registrant Contact:
Name: JONG SUNG, KIM
Address: 864-2, JANGHANGDONG, ILSAN
City: GOYANG,GYEOUNGGI
Country: South-Korea
hxxp://makeptotect73.co.cc
Result: 2/16 (13 %)
Domain Hash: 4546911ccc95e03d4290f0a5209c0077
URLVoid
The following file was dropped:
packupdate8_195.exe
Result: 7/39 (17.9%)
MD5: 64c63db4f9bb57a85120b822fbd4dfb0
VirusTotal
Anubis Report
ThreatExpert Report
Related domain:
hxxp://get-download41.co.cc
Screenshot examples:
Fake scan page Windows XP style
Fake scan page Windows 7 style
17Aug
new rogue domain: pcsecurityshield.com
By bartblaze
0 Comments
Categories: Rogue Security Software
Whois record for pcsecurityshield.com
Registrant Contact:
Name: Frischman, Arthur
Address: 601 N Congress Avenue
City: Delray Beach, Florida 33445
Country: United States
hxxp://pcsecurityshield.com
Result: 3/19 (16 %)
Domain Hash: 3a4c1b0c128468d2390ddf1e5ba86f98
URLVoid
Note: this page does not trigger a #8220;scan #8221; of your computer.
Some related domains and roguevertising pages:
hxxp://pc-security.net
hxxp://www.topsofts.com/pop/anti-spyware/shield-deluxe-2009-user-comments.html
hxxp://shielddeluxe.com-shareware.com/
hxxp://anti-virus-software-review.toptenreviews.com/v2/the-shield-antivirus-software.html
hxxp://www.securemost.com/antivir/shieldpro.htm
Screenshot example:
PC Security Shield home page
laquo; Previous Entries
wordpress@djpnuemo.com tracker@djpnuemo.com trap@djpnuemo.com spam@djpnuemo.com virus@djpnuemo.com mdb@djpnuemo.com malware@djpnuemo.com
SANDBOXSANDBOX ANALYSIS PAGE
Search
November 2010
M
T
W
T
F
S
S
laquo; Oct
1234567
891011121314
15161718192021
22232425262728
2930
Recent Posts
new rogue domain: adware-2010.com
The Botnet Wars: a Q amp;A
new rogue domain: antisywire.com
new rogue domain: antivirwall.com
new rogueware domains
new rogue domain: desktopsecuritysoft2010.com
new rogue domain: makeptotect73.co.cc
new rogue domain: pcsecurityshield.com
new rogue domain: antivirmore.com
new rogue domain: oksave9.co.cc
Categories
Blackhat SEO
Codec
Database Update
E-mail
Exploit
FAQ
Hack
IFRAME
Infection
Low Detection
Malicious Domains
Malicious Links
MalSpam
Malware
Malware Distribution
Phishing
Rogue Security Software
Rogue Software
Rootkit
Social Engineering
SQL Injection
SQLi
Thoughts
Twitter
Video
Vulnerabilities
Archives
November 2010
October 2010
September 2010
August 2010
July 2010
June 2010
May 2010
April 2010
March 2010
July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
Blogroll
0 #215;000000
ADD / XOR / ROL
Dancho Danchev
Ero Carrera
errata security
F-Secure Weblog
h4k.com
Information Security Short Takes
Kansas University
Malware Database Forum
Malware Domain List
Matasano
McAfee Avert Labs Blog
MCW Research
Midnight Research Labs
n0where.org
Nate McFeters
Offensive Computing
Panda Research Blog
PandaLabs Blog
Prevent Malware
Raffy Marty
Sane Security
Schneier on Security
securabit
Security Twits
Security Uncorked
Securosis
Sunbelt Blog
Tao Security
Tenable Security
TrendMicro Blog
Viruslist
WebSense Security Labs
Zero Day (ZDNet)
Creative Commons License
Malware Database is powered by WordPress abc and Redoable 1.2 |
RSS Entries and RSS Comments

数据更新时间

正在更新   

常用工具

桌面软件: MyIP网站信息状态条  WebShot网页快照  SiteMapMaker网站地图生成 
网站信息: Alexa排名查询  PageRank查询/真假PR鉴别/PR劫持检测  外链检查  搜索引擎收录  搜索引擎反向链接  域名注册查询 
网页编辑: 颜色代码选择器  Html特殊符号 
网站调试: 蜘蛛抓取模拟  网站Header信息  网页源代码查看 
代码转换: 火星文查询  繁体/简体转换  Html/js代码转换  Html/UBB代码转换 
友情连接: CodeForge免费源码 CodeForge.com PCFans IT资讯 Ngnix Lighttpd GPhone中国    更多... (PR<5自动转内页)
网站地图: 1 2 3 4 5 6 7 8 9 10 20 30 40 50 60 70 80 90 100 110 120 130 140 150 160 170 180 190 200 250 300 350 400 450 500
免责声明 | 联系我们 | 交换友情链接 | 广告位招商QQ: 1967659002
© 2009 MyIP.cn Dev by MYIP Elapsed:79.757ms 黑ICP备09072263号