zveloLABS™ detected malicious code on the foxsports.com website late yesterday. Hackers have once again increased their tally of well known websites recently exploited to serve dangerous content.
The threat landscape continues to evolve—individual and state-backed hackers and agencies become increasingly emboldened to compromise websites and servers, steal CPU cycles for cryptocurrency mining, embark on social engineering efforts to find backdoors, and sway public opinion through fake news and other measures. zvelo provides the most advanced URL/IP categorization database for web filtering, whitelists and blacklists, and residential and business protections against bad actors and malicious online behavior. Explore our network security solutions, cyber threat map, and malicious exploit detection offerings for the most advanced threat intelligence available to OEMs and device manufacturers.
zveloLABS™ has been tracking compromised sites that host PageRank Bombs since 2008. The attacker hacks a site, but instead of putting exploits on the hacked site, they put links to other websites in order to boost the search result ranking on various search engines. Initially this was being used for ad sites, porn sites, and pharma fraud sites. Now, however, it is being used to boost the results of malicious sites, but with a new twist that targets Google users.
zvelo is researching a widespread and dangerous ring of fraudulent “OEM Software” distribution sites. These sites offer popular software from Microsoft, Adobe, and many other vendors at a greatly reduced price. Not only do they not deliver installable software, they collect sensitive information from individuals, including credit card numbers.
zveloLABS™ has been tracking a rapidly growing pattern in website exploits over the last 24 hours. Since Thursday, Aug 20 zvelo has seen over 6,000 compromised URLs with a similar pattern.
They always independently verify that their client is the best. Well, independent tests these days are a joke.
The zveloBLOG™ (formerly ThreatCenter) has returned. zvelo’s work in the web security area (identification of malicious/ compromised websites, not securing of web servers) has produced amazing results and huge volumes and its time to share some of these results back to the greater community.
Tuesday was another full day of malware analysis. The coursework, hosted by Mandiant, consisted of an introduction to OllyDbg, an in-depth look at the Windows loader and the Windows API, specifically covering registry functions, process/threading functions, and sockets.
On Monday, I took a killer crash course from Mandiant on malware analysis. Mandiant was not shy and dove right into the course curriculum. They even setup a great VM for us to practice on, complete with real world samples of malware.