Estimated Reading Time: 2 minutes zveloLABS™ has been tracking compromised sites that host PageRank Bombs since 2008. The attacker hacks a site, but instead of putting exploits on the hacked site, they put links to other websites in order to boost the search result ranking on various search engines. Initially this was being used for ad sites, porn sites, and pharma fraud sites. Now, however, it is being used to boost the results of malicious sites, but with a new twist that targets Google users.
Estimated Reading Time: < 1 minute zveloLABS™ has found thousands of URLs and over 200 new domains registered to a group of Chinese scammers. The new sites are the same as the old, but with new branding and promotional products, such as “Acai Power Slim” “Pure Magnum Pro” and “Colo Cleanse Plus”. This scam is perpetrated by sending spam messages advertising a “free trial” of the products. In the end, the criminals have made off with personal information, a credit card number and a recurring monthly charge.
Estimated Reading Time: 2 minutes zvelo is researching a widespread and dangerous ring of fraudulent “OEM Software” distribution sites. These sites offer popular software from Microsoft, Adobe, and many other vendors at a greatly reduced price. Not only do they not deliver installable software, they collect sensitive information from individuals, including credit card numbers.
Estimated Reading Time: 2 minutes zveloLABS™ has been tracking a rapidly growing pattern in website exploits over the last 24 hours. Since Thursday, Aug 20 zvelo has seen over 6,000 compromised URLs with a similar pattern.
Estimated Reading Time: 2 minutes They always independently verify that their client is the best. Well, independent tests these days are a joke.
Estimated Reading Time: < 1 minute The zveloBLOG™ (formerly ThreatCenter) has returned. zvelo’s work in the web security area (identification of malicious/ compromised websites, not securing of web servers) has produced amazing results and huge volumes and its time to share some of these results back to the greater community.
Estimated Reading Time: < 1 minute Tuesday was another full day of malware analysis. The coursework, hosted by Mandiant, consisted of an introduction to OllyDbg, an in-depth look at the Windows loader and the Windows API, specifically covering registry functions, process/threading functions, and sockets.
Estimated Reading Time: < 1 minute On Monday, I took a killer crash course from Mandiant on malware analysis. Mandiant was not shy and dove right into the course curriculum. They even setup a great VM for us to practice on, complete with real world samples of malware.