Malicious threat detection is a critical capability for service providers, businesses and network security vendors allowing real-time identification of URLs and IPs associated with viruses, malware, and other threats with potential to harm to your system.

“Chameleon” First Botnet Tied to Display Ad Fraud

There have been two notable botnets that have cost online advertisers millions of dollars in advertising click fraud in recent weeks. The first botnet, Bamital, was taken down by Microsoft and Symantec in February. A second botnet was later identified and dubbed Chameleon by Spider.io, a security company that specializes in analyzing web traffic. Since zvelo is also in the business of analyzing and categorizing web content viewed by actual users, this story resonated hard with zveloLABS.

zveloLABS® Identifies Sites with Work-at-Home Scams

zveloLABS® researchers recently identified numerous, fictitious 7 News websites promoting work-at-home jobs.  These bogus news sites unethically target stay-at-home moms, and falsely promise the discovery of a newfound money-making path in life.  Considering the natural appeal of making an honest buck, while being loving care providers at home, it’s certainly easy to understand how unsuspecting mothers could fall for such “recession busting” opportunities.

Anatomy of a Modern Compromised Website

In the security community, little attention is paid to compromised websites that don’t serve up malware. The malicious URL lists maintained by the anti-virus companies, by Google, and by nearly every other source of malicious URLs rely on anti-virus to trigger on exploits and malware to determine if a site is malicious. In a few select cases, behavioral analysis may be used to determine if a visit to a website will lead to an infected computer.

Obfuscated URLs no match for zvelo

Researchers at Kaspersky labs have discovered a new banking malware campaign that uses an old trick to obfuscate malicious URLs. Rather than using a domain name or IP address for their malicious link the URL is converted to numerical bases such as octal or hexadecimal formats. These formats are supported by major browsers and serve the purpose of tricking users into following the link and infecting their machine.