Archive for the Malicious websites Category

Spambot Leak: 711 Million Email Addresses Ensnared

Spambot Leak: 711 Million Email Addresses Ensnared
Spambot Leak: 711 Million Email Addresses Ensnared by Lou Nabarrete, VP of Engineering and Data Operations Email Spam is dead! Long live Email Spam! It seems very strange that in the year 2017 (approximately 20 years from when the commercial use of the Internet first became possible), we are still dealing with email spam with no end in sight. There are many solutions now available in the industry that can be placed in various locations [...]Read more

Looking forward to the DEF CON 25 Hacking Conference

Looking forward to the DEF CON 25 Hacking Conference

Two large annual security conferences are taking place in Las Vegas this week and I will be attending the second one.

Read more

InfoSecurity Magazine Features How IoT Device Discovery and Activity Detection Can Work by Jeff Finn of zvelo

InfoSecurity Magazine Features How IoT Device Discovery and Activity Detection Can Work by Jeff Finn of zvelo

*****The following article, by Jeff Finn, appears as an online article in the Opinion section on InfoSecurity Magazine Home’s web site and was originally published on July 13, 2017. In InfoSecurity Magazine: How IoT Device Discovery and Activity Detection Can Work by Jeff Finn, CEO of zvelo Even as IoT device volume races towards 200 billion by 2020, the vast majority of our connected gadgets still have little or no security features in place – leaving them ripe for […]

Read more

Full Path URL Categorization and Content Distribution Networks (CDNs)

Full Path URL Categorization and Content Distribution Networks (CDNs)

By Eric Watkins, Senior Malicious Detection Researcher at zvelo Earlier this  month, I came across a use case that capitalizes on the value of full path content categorization. Before discussing this use case in detail, let’s go over the definition of a content distribution network (CDN) and also highlight a few key strengths of full path URL categorization.   A content distribution network (CDN) is designed to optimize web usage by distributing the content from […]

Read more

Best Practices You Can Adopt to Help Protect Against Router Vulnerabilities

Best Practices You Can Adopt to Help Protect Against Router Vulnerabilities

About two months ago, I posted a video blog showing how easy it is to obtain unauthenticated root access on a very popular Netgear router. This Netgear vulnerability received overwhelming news coverage and the urgent call went out across the Internet to patch all of their routers ASAP. Users scrambled to get new firmware for their hardware before hackers could potentially exploit the weakness to break into their devices. As a reaction to this negative […]

Read more

Bot Fraud: Malware bots vs. Ad-fraud bots

Bot Fraud: Malware bots vs. Ad-fraud bots

Bot Fraud: Malware Bots vs. Ad-fraud Bots The size and magnitude of the Malware and Ad-fraud bot problem is immense and growing. And, as bots continue to proliferate, there’s important distinctions to point out between Malware bots and Ad-fraud bots.  At zvelo, we’re always looking for ways our data can detect and mitigate bad bots and equip the smart minds who are working on solutions to stay one step ahead of the bad guys. Let’s […]

Read more

Ad Fraud Q&A: Partner SpotX Talks Ad Fraud with zvelo

Ad Fraud Q&A: Partner SpotX Talks Ad Fraud with zvelo

Partner SpotX holds Q&A with zvelo Business Development Vice President, Cordell BaanHofman, on all things ad fraud related. SpotX recently sat down with Cordell BaanHofman, our VP Business Development here at zvelo to discuss the current state of fraud in the industry, including brand safety challenges and ways combat them. They were curious about how zvelo combines artificial intelligence with human-supervised machine learning methodologies to deliver the most extensive content categorization, malicious site detection, botnet […]

Read more

Phishing Websites Detected by zvelo

Prior to this blog post, zveloLABS published a phishing URL alert about fake Apple account verification websites. Now, zvelo’s team of engineers and researchers has unearthed a new phishing attack campaign using fraudulent Facebook log-in sites.

Read more

WaterHole Attacks – Compromised Websites

Instances of large-scale compromises of both private industry and public institutions in 2013 prompted a flurry of activity among security researchers to identify emerging and established threats. Commonly identified as Advance Persistent Threats (APTs), this phenomenon is expected to continue well into the foreseeable future. Fundamental to the spread of these threats is one of their foremost methods of propagation – a water hole attack.

Read more

Phishing Website Alert: Fake My Apple ID Account Verification URL

zveloLABS discovered a phishing website masquerading as an account verification page for Apple IDs, as depicted in the following screenshot and explained in this blog post.

Read more

Phishing Website Detections Down, Financial Industry Biggest Target

The Anti-Phishing Working Group (APWG) released their quarterly Phishing Attack Trends Report for the first quarter of 2013. Payment Services were reported as the most phished industry sector, followed by Financial Services. When considering the goal of cyber-criminals behind such scams – typically usernames, passwords and credit card information for monetary gains – these industries certainly make sense. While the total number of reported phishing website detections is seemingly on the decline, as illustrated in the trend line below, actual attacks may tell a different story.

Read more

PayPal Phishing Attack Example: Warns Your Account Has Been Limited

I received an email seemingly from PayPal informing me that access to my account has been limited. It threw me off because I received this at my work email, which is not registered with PayPal. I immediately wondered if my account got hacked. Here is a screenshot of the email:

 

Read more

Most Common Malicious Websites in Q3 of 2012

zveloLABS® has reported statistics and trends about the most visited types of malicious URLs by the international end users of zvelo’s technology partners. These OEM Partners include well over 100 of the world’s leading service providers, UTM and gateway appliance vendors, web filtering and parental controls solutions software makers, online advertising and brand safety technology providers, web analytics firms and many more. The data sample was extracted from actual URLs queried to and contextually categorized by the zveloNET® cloud systems during Q3 of 2012, and numbered in the tens of millions, yet far from the billions of non-malicious queries seen daily. The findings, statistics and trends shed new light on the seriousness, frequency, and negative consequences of compromised (hacked) websites hosted worldwide, and more importantly, accentuates the importance of adequate web filtering and network security.

 

Read more

zvelo Newly Enhanced Phishing Website, Attack Detection System

With the increasing complexity of threats appearing on the Internet, coupled with the rapid development of security products designed to mitigate them, the number of phishing-based attacks have grown. In the first half of 2011 and compared to the second half of 2010, the Anti-Phishing Working Group (APWG) reported a 62% increase in unique phishing attacks worldwide in 200 top-level domains (TLDs).1 This trend warrants swift action to address the growing threat.

 

Read more

Anti-Phishing Working Group (APWG) 2011 eCrime Researchers Summit Highlights

Anti-Phishing Working Group (APWG) - official logo'

The 2011 Anti-Phishing Working Group (APWG) eCrime Researchers Summit, out of San Diego, California, moved fast with a number of interesting presentations and fascinating people. The APWG is a non-profit global pan-industrial and law enforcement association focused on eliminating the fraud, crime and identity theft that results from phishing, pharming, malware and e-mail spoofing of all types. The eCrime Researchers Summit brings together malware researchers, counter-eCrime developers and responders, and includes the 2011 Fall General Meeting. Here are some highlights from the event.

 

Read more

Fraudulent Websites: Spammers Shift Tactics

Viagra’s days may be numbered, at least when it comes to being the drug-of-choice on fraudulent pharmacy websites. Recently, zveloLABS™ noticed a strong shift to another lifestyle drug named Adipex–a brand name alternative to the weight-loss drug phentermine. It suppresses the appetite and when combined with a healthy diet and exercise regimen can be an effective weight-loss stimulant.1 Spammers thrive from the emergence of such drug alternatives and have adapted their campaigns accordingly in order to continue making money from online prescription drug seekers.

 

Read more

“You-Just-Won” Gift Card Scam Continues to Proliferate the Web

zveloLABS™ has been tracking a “You-Just-Won” gift card scam that continues spreading all over the Internet.  This gift card scam prompts users to surrender credit card information in exchange for falsely promised winnings through numerous contests and lotteries unofficially tied to popular brand names like Apple, Wal-Mart and Best Buy.

 

Read more

zveloLABS® Identifies Sites with Work-at-Home Scams

zveloLABS® researchers recently identified numerous, fictitious 7 News websites promoting work-at-home jobs.  These bogus news sites unethically target stay-at-home moms, and falsely promise the discovery of a newfound money-making path in life.  Considering the natural appeal of making an honest buck, while being loving care providers at home, it’s certainly easy to understand how unsuspecting mothers could fall for such “recession busting” opportunities.

Read more

Adobe CS7 Searches Saturated With Dangerous Results

Looking to save a few bucks on software will almost always lead users down a dangerous path.  Users either end up at “OEM Software” sites offering unlicensed and illegal software, or to downloading cracks or keygens laced with malware.

 

Read more

Malware for Twitter Users through Phishing

A new twitter spam campaign is making rounds, infecting users with rogue anti-virus malware. The spam mail attempts to convince the user that someone was trying to steal their Twitter account information, and to download a “secure module” to protect their account.

 

Read more