Company > Blog

News and views from the leading voice
in secure digital transformation

More From This Author

Julien Sobrier

Fake AV And PRISM Warning On Hijacked Website

Insights and Research

September 09, 2013 1 Min read

Fake AV And PRISM Warning On Hijacked Website

While many individuals are concerned about privacy in light of PRISM, some malicious actors are using the program to scare naive users into installing ransomware. Since August 23rd, we have seen about 20 domains that car...

Facebook Phishing: Manual Session Hijacking

Insights and Research

August 14, 2013 2 Min read

Facebook Phishing: Manual Session Hijacking

We have reported a number of Facebook phishing pages and scams on this blog. Attackers always come up with clever ideas to fool users in order to obtain their credentials. One of these phishing tricks is a "poor-man" ses...

Insights and Research

July 10, 2013 1 Min read

Tracking A Botnet Infection

Recently we found several malicious executables with similar characteristics. These files were found on the following six domains: janashfordplumbing.com kalliskallis.com lowes-pianos-and-organs.com co...

Insights and Research

June 04, 2013 1 Min read

Phishers Target Yahoo Users

Yahoo Mail introduced two-factor authentication in December 2011. Two-factor authentication can be used to prevent suspicious access to an account (login from a different country, numerous failed login attempts, etc.) an...

Insights and Research

May 16, 2013 2 Min read

Fake YouTube Page Targets Chrome Users

Fake YouTube pages are one of the favored ways attackers leverage to get users to click on malicious content. These fake pages often look the same, but the source code can reveal a new twist. This time, a recently encoun...

Insights and Research

May 03, 2013 1 Min read

Fake Flash Player On DropBox

Fake Flash updates are leveraged as a very popular trick amongst attackers to fool users into downloading and installing malware. This week we found a three websites distributing Win32.Sanity.N malware disguised as Flash...

Insights and Research

April 30, 2013 1 Min read

More Fake SourceForge Websites Show Up

Two weeks ago we reported on a fake SourceForge website, sourceforgechile.net, which was used to distribute malware. We have since seen more of these fake sites this past week: sourceforgebulgaria.net, registered on ...

Insights and Research

April 26, 2013 3 Min read

Bitcoin: Regulations And Security

You have probably heard about Bitcoin, a relatively new virtual currency. It made headlines recently because it is starting to present a real alternative for traditional online payments, and has recently experienced ...

Fake SourceForge Site Distributes Malware

Insights and Research

April 17, 2013 1 Min read

Fake SourceForge Site Distributes Malware

We spotted malware hosted on hxxp://sourceforgechile.net/ a couple of days ago. The website is not currently responding, but appears to been set up as a fake and malicious version of the popular open-source hosting site ...

Pinhout: Pinterest Clone Or Phishing Site?

Insights and Research

April 09, 2013 1 Min read

Pinhout: Pinterest Clone Or Phishing Site?

Recently I stumbled upon pinhout.com. Look familiar? Pinhout.com looks awfully familiar to... It looks like a Turkish copy of Pinterest, a growing social network to share web conte...

Insights and Research

February 22, 2013 1 Min read

The Move To Plugin-free Browsers

Apple was the first major player to offer a browser with no plugins with Safari for iOS. Even the very popular Flash plugin cannot run in the browser. However, no vendor, including Apple, has had such restrictions on the...

HTTPS Everywhere For IE: Faster, Auto-update Enabled

Insights and Research

February 08, 2013 1 Min read

HTTPS Everywhere For IE: Faster, Auto-update Enabled

I've released HTTPS Everywhere for Internet Explorer v0.0.0.3. Additional details about the update can be found in the version history of the PDF documentation.Changes in 0.0.0.3Faster start upThe start up time is now mu...

HTTPS Everywhere For Internet Explorer: Source Code And New Version Available

Insights and Research

February 01, 2013 1 Min read

HTTPS Everywhere For Internet Explorer: Source Code And New Version Available

I have released the source code for HTTPS Everywhere for Internet Explorer on GitHub as promised in the last blog post. You need Visual Studio Profession 2010 to compile the project and NSIS to build the installer. Feel ...

Are You Vulnerable To Yet Another Java 0Day Exploit?

Insights and Research

January 14, 2013 3 Min read

Are You Vulnerable To Yet Another Java 0Day Exploit?

Test to see if you're vulnerable. Only five months after the last high profile 0-day Java vulnerability, there is new 0-day being exploited through Java plug-ins. This vulnerability is present in Oracle Java 1.7....

Insights and Research

January 11, 2013 3 Min read

Preparations For A Spam Campaign

We have discussed a number of spam and malware campaigns on this blog. This time, I'll show what happens in the days and weeks before the campaign starts. I've found two examples that show the steps that are taken by the...

Insights and Research

January 03, 2013 1 Min read

Facebook Malware Campaign

We're seeing a massive campaign of malware distribution through Facebook look-a-like pages that started just before the new year. Malicious page distributing malware These pages are...

Fake AV 3 Years Later: Still There, Still Not Blocked

Insights and Research

December 21, 2012 3 Min read

Fake AV 3 Years Later: Still There, Still Not Blocked

You may want to open the first blog post we did on Fake AV in December 2009, three years ago, side by side with this post. See if you can spot the differences... fake antivirus pages in 2012 are nearly the same as they w...

Insights and Research

December 17, 2012 3 Min read

HTTPS Everywhere For Internet Explorer

We have previously released a number of browser security extensions to protect users against new threats and security issues, which we did not feel were addressed by anything previously available. Now I've focused my att...

Flash In Windows 8: The Good, The Bad And The Ugly

Insights and Research

December 07, 2012 2 Min read

Flash In Windows 8: The Good, The Bad And The Ugly

Last week I described how Chrome and Firefox are protecting users against vulnerable plugins, Flash and Java amongst them, with Click to Play. Microsoft has a different approach with Windows 8 when it comes to protecting...

Click To Play: The Next Step For Firefox

Insights and Research

November 29, 2012 3 Min read

Click To Play: The Next Step For Firefox

Click to Play first appeared in Firefox 14 and it appeared in developer versions of Chrome back in 2010. I described the feature in a post last July. Click to Play disables all plugins by default on all pages. The user t...

Insights and Research

November 16, 2012 1 Min read

UPS Phishing Page With Malware

For some time now, attackers have been faking popular websites like YouTube to entice users into downloading and installing malicious software disguised as plugin updates or video codecs. I rcently found a page that is u...

Insights and Research

November 08, 2012 1 Min read

Evolution Of The "Work From Home" Scam

The "Work at home mum makes $X,000/month"scam has been around forever. In fact it has been an integral part of various scam campaigns which we've detailed in the past. These scams even appear in the list of the top-20,00...

.gov Redirections Leading To Spam: How Did We Get There?

Insights and Research

October 30, 2012 3 Min read

.gov Redirections Leading To Spam: How Did We Get There?

You may have seen reports of an increase in .gov websites redirecting to spam or scam sites. This issue is the same as one we reported almost two years ago. Many .gov websites have open redirections that can be exploited...

Insights and Research

October 18, 2012 2 Min read

Hijacked Websites By The Numbers

Two weeks ago, I had the chance to give a presentation about the danger of hijacked websites (you can download the presentation in French here). I used the talk to highlight various points which illustrate the extent of ...

How To Install Silently Malicious Extensions For Firefox

Insights and Research

September 25, 2012 3 Min read

How To Install Silently Malicious Extensions For Firefox

Recently, I had the pleasure of presenting on malicious browser extensions at SOURCE Seattle. I showed, amongst other things, how a malicious browser extension can be added silently to any Firefox profile. I've reworked ...

Internet Explorer Protected Mode In Windows 8

Insights and Research

September 17, 2012 2 Min read

Internet Explorer Protected Mode In Windows 8

Microsoft Introduced Protected Mode in Internet Explorer with Windows Vista in 2006. With Windows 8, Microsoft added Enhanced Protected Mode. Protected Mode aims to keep users safe by restricting what BHOs (Browser Helpe...

Insights and Research

September 07, 2012 2 Min read

Abusing ClickOnce

Many web-based attacks try to fool the users into installing a malicious executable by faking a native application: fake AV, fake Flash updates, etc. These pages are well designed, but you can always tell it is not a nat...

Are You Vulnerable To The Latest Java 0-day Exploit? (Updated)

Insights and Research

August 28, 2012 3 Min read

Are You Vulnerable To The Latest Java 0-day Exploit? (Updated)

Test to see if you're vulnerable. You may be aware that a 0-day vulnerability in the latest version of Java is presently being exploited on the Web. This vulnerability affects all versions of Java 1.7 (aka Java 7...

Insights and Research

August 24, 2012 2 Min read

Payday Loan Scam

Weebly is a free platform for website creation. Like many free hosting and DNS providers, it is abused by spammers and scammers. Recently, I found over 400 .weebly.com sub-domains advertising "instant cash loans" and red...

Zscaler Safe Shopping 1.1 For Internet Explorer: C++ BHO

Insights and Research

August 16, 2012 2 Min read

Zscaler Safe Shopping 1.1 For Internet Explorer: C++ BHO

I released Zscaler Safe Shopping for Internet Explorer in March 2012. This was my first attempt at writing a Browser Helper Object (BHO) and it was written in C#. There are are number of disadvantages to using C#, as I d...

Most Common Threats In Top Blacklisted Sites

Insights and Research

August 07, 2012 1 Min read

Most Common Threats In Top Blacklisted Sites

The vast majority of the most popular blacklisted websites contain a piece of malicious JavaScript inline. These sites were mostly hijacked by attackers and the malicious code can usually be linked to the Blackhole explo...

80% Of "Olympic" Domains Are Scams And Spam

Insights and Research

August 03, 2012 2 Min read

80% Of "Olympic" Domains Are Scams And Spam

Today we looked at all identified domains containing the string "olympics", which had been accessed by our customers over the course of a day. It turns out that 80% of them are scams or spam and they can be classified in...

Insights and Research

July 20, 2012 4 Min read

"Click To Play" Arrives In Firefox

Popular browser plugins like Flash and Adobe Reader are part of the typical web browser, with an installation base of 90+% on corporate computers (see the State of the Web report). However, they can also represent big se...

Insights and Research

July 11, 2012 2 Min read

Visualize The Top Blacklisted Sites

In the past month, I've been looking at the websites blacklisted websites by Google Safe Browsing from the Alexa top 1,000,000 sites. There are between 300 and 500 of these sites blocked everyday, mostly legitimate websi...

Insights and Research

June 22, 2012 2 Min read

Fake Flash Update With A Twist

We've seen Fake Flash updates for several years. A webpage claims that the user is running an outdated of version of Flash and they require an upgrade of the plugin to watch a video. The fake Flash update is ac...

Stolen Code Signing Certificates Are Your Worst Nightmare

Insights and Research

June 06, 2012 3 Min read

Stolen Code Signing Certificates Are Your Worst Nightmare

Flamer used spoofed code signing certificates from Microsoft. This was done to make it appear that the malicious content was actually software delivered by Microsoft.You have likely seen the use of code signing certifica...

Insights and Research

May 30, 2012 2 Min read

Zulu: The Warrior Is Even Stronger Now

We have analyzed close to 100,000 URLs since we launched Zulu in January 2012. Zulu provides real-time analysis of web content to determinate whether it is safe or malicious. Our goal is and always has been to make this ...

Insights and Research

May 25, 2012 2 Min read

Spotting Malicious JavaScript In A Page

While large blobs of obfuscated JavaScript at the top of the page are easy to spot, malicious JavaScript can often be hard to spot on hijacked sites. Some attackers go to great lengths to make their malicious code invisi...

Insights and Research

May 18, 2012 2 Min read

Follow Up On The Top Blacklisted Sites

Earlier this week, I researched the top websites blacklisted by Google. I've looked at more of these websites over the last three days to better understand the most common attacks. The findings are quite disappointing. F...

Insights and Research

May 14, 2012 2 Min read

A Look At The Top Websites Blacklisted

Google Safe Browsing is the most popular security blacklist in use. It is leveraged by Firefox, Safari and Google Chrome. As such, being blacklisted by Google is a big deal - users of these three browsers are warned not ...

Search Engine Security For Internet Explorer

Insights and Research

April 30, 2012 1 Min read

Search Engine Security For Internet Explorer

Search Engine Security (SES), a browser extension designed to protect users against Blackhat SEO links in search engines, is now available for Internet Explorer. You can download it from our website. It is compatible wit...

Insights and Research

April 26, 2012 1 Min read

Multiple Hijacking

Vulnerable websites are regularly hijacked to redirect users to malicious domains. The most popular type of of malicious page are Fake AV pages. Attackers commonly increase traffic to these hijacked websites using Blackh...

Insights and Research

April 18, 2012 1 Min read

French Budget Minister Website Hijacked

We've seen an increase in hijacked websites in recent months, redirecting users to Fake AV pages, Blackhole exploit kits and other malware. While most websites hacked are personal sites, or University websites, some are ...

Search Engine Security For Google Chrome

Insights and Research

April 16, 2012 1 Min read

Search Engine Security For Google Chrome

Google Chrome has recently added an API to modify HTTP headers. This in turns, made it possible to port Zscaler's Search Engine Security add-on from Firefox and Firefox Mobile to Google Chrome. ...

Insights and Research

April 13, 2012 1 Min read

Details Of A "new" Fake AV Page

As I mentioned last week, more Fake AV pages are once again showing up in popular Google searches. Although these malicious pages look the same as they did 2 years ago, the source code is different. The first thing y...

Insights and Research

April 06, 2012 2 Min read

Blackhat SEO Back In Google Searches

In 2011, Blackhat SEO links were pretty much absent from the most popular searches in Google. Instead, Blackhat SEO was used to target more specific searches. The technique heavily used to poison the searches for buying ...

My Experience Wirting An Add-on For Internet Explorer

Insights and Research

March 27, 2012 4 Min read

My Experience Wirting An Add-on For Internet Explorer

I've released my first add-on for Internet Explorer and I've almost finished a second one. Developing for Internet Explorer was a very different experience than developing for the other browsers I've worked with before -...

Insights and Research

March 14, 2012 1 Min read

Malware Campaign Targeting Opera Mobile

I've stumbled upon hundreds of links targeting Opera Mobile users, to trick them into installing a malware on the device.The links are in the form of:hxxp://geqe.net/opera_mini/1965/opera_mini.auto#phpsessid=85cfe7f19a08...

Anatomy Of An On-going Malvertising Campaign

Insights and Research

March 13, 2012 3 Min read

Anatomy Of An On-going Malvertising Campaign

During the course of investigating an open incident ticket with a customer, we uncovered what is a common occurrence on the web - legitimate sites linking in third-party content (often advertisements or banners) that ult...

Insights and Research

March 07, 2012 1 Min read

"Check Who Is Visiting Your Profile" Scam On Russian Social Network Vkontakte

Vkontakte is the Russian equivalent of Facebook and has been criticized for being a direct "clone". Well, scammers are "cloning" the most popular Facebook scams and porting them to this Russian platform as well. One r...

Are Pinterest "Pin It" Going The Way Of Facebook "Like"?

Insights and Research

March 05, 2012 1 Min read

Are Pinterest "Pin It" Going The Way Of Facebook "Like"?

Pinterest is a new social network that has been getting a lot of press lately. Basically, Pinterest is a virtual board, where users can pin things they like online. They can share the content with their friends, follow o...

Fake AV: .ru Sites Used For Redirections

Insights and Research

February 28, 2012 2 Min read

Fake AV: .ru Sites Used For Redirections

This past month, I've seen an increase in hijacked sites redirecting to a Fake AV page. These attacks typically involves three separate phases: The hijacked website redirects users coming from a Google search to...

Insights and Research

February 21, 2012 1 Min read

Groupon Scam Site

groupon500.com was registered in Feb 20, 2012. The home page for the domain claims to offer a free $500 voucher for Groupon or LivingSocial, another popular daily-deal site. groupon500.com ...

Insights and Research

February 20, 2012 2 Min read

Analysis Of A Blackhole Exploit Page

The Blackhole Exploit kit is still a very popular attack on the web. They are many variants of the threat. Here is a detailed analysis of one Exploit kit page and the obfuscation technique leveraged by the attack. In ...

Insights and Research

February 13, 2012 2 Min read

Follow Up On Russian Scam

Last week, I described how many websites hosted on DreamHost had been hijacked.Since then, I found the same scams on websites hosted with different providers.Often, vulnerable sites are hacked by many groups for various ...

DreamHost: Hijacked Websites Redirect To Russian Scam

Insights and Research

February 03, 2012 2 Min read

DreamHost: Hijacked Websites Redirect To Russian Scam

Following the Dreamhost hack, that was revealed this week, many websites hosted by the company have been hijacked to redirect users to a Russian scam page. I've identified hundreds of websites hosted by DreamHost that...

Fake Missing Plugin Warnings Used For Spam/spyware

Insights and Research

January 25, 2012 1 Min read

Fake Missing Plugin Warnings Used For Spam/spyware

A key element for a successful spam/malicious page is to establish trust with the visitor so that he will perform the requested actions. Users trust their browser, but not necessarily the content (i.e. web page) that it ...

Zscaler Keygen: Beware Of What You Are Looking For

Insights and Research

January 20, 2012 1 Min read

Zscaler Keygen: Beware Of What You Are Looking For

Some searches yield more dangerous results than others, for example, looking to buy software online has a 90% risk of bring you to a fake store and free software might not be free of adware/spyware. Looking for 'warez' i...

An Example Of Likejacking (Facebook Clickjacking)

Insights and Research

January 10, 2012 1 Min read

An Example Of Likejacking (Facebook Clickjacking)

Last year, we released Zscaler Likejacking Prevention, a free browser extension to protect users from clickjacking leveraging Facebook widgets. Since then, I've seen many websites using Likejacking as their "business mod...

Insights and Research

January 03, 2012 1 Min read

Google Serves Ad For Adware/Spyware

Last year, we wrote about Bing and Yahoo! serving ads leading to malicious websites. This week, it was Google who inserted ads for adware/spyware. I found a suspicious ad in my Google Reader for a free FLV player. I'v...

Insights and Research

December 28, 2011 1 Min read

Web Threats: Trends And Statistics

One of the question I often get asked is "What is the most prevalent threat on the Internet for the enterprises?". In terms of the total number of transactions, botnets are the biggest security risk. Once a host gets inf...

Facebook Used To Make Scams Look Legitimate

Insights and Research

December 21, 2011 2 Min read

Facebook Used To Make Scams Look Legitimate

One of the recurring web spam themes I saw in 2011, was the "Work from home and make $X,000/month" scam. In some variations of the well-known and well-used scam, websites are set up to look like a well-established newspa...

Insights and Research

December 09, 2011 1 Min read

Switch To Google Safe Browsing V2

Google maintains a list of malicious URLs and phishing sites distributed through their Google Safe Browsing API. On December 12, version 1 was deprecated in favor of version 2. The API for version 2 works quite different...

More Software-related Searches Lead To Malware

Insights and Research

November 22, 2011 3 Min read

Zscaler Likejacking Prevention For Opera

Along with Firefox, Chrome and Safari, Zscaler Likejacking Prevention is now also available for Opera. You can download it on the official Opera add-on site. Zscaler Likejacking Prevention on...

Insights and Research

November 18, 2011 2 Min read

When Scammers Call You At Home

UPDATE: I've updated the post with a second Skype call I received on 1/17. Scammers are always trying new ways to reach their targets to foil them into buying free software, sending credit card information, etc. Yeste...

Insights and Research

November 15, 2011 1 Min read

More Free Software Repackaged For Money

In previous posts, I've shown how popular free software programs are repackaged and sold by scammers, while containing spyware, or are outright replaced by malware. The number of web sites offering such repackaged softwa...

Naked Emma Watson Video Used To Spread Malware

Insights and Research

October 26, 2011 1 Min read

Naked Emma Watson Video Used To Spread Malware

Fake videos with funny or sexual content, have long been used to entice users to download and install malware. The technique is used by hackers to convince users that they need to install additional codecs, or software, ...

Insights and Research

October 19, 2011 1 Min read

Fake Free AVG Download Sites

Fake antivirus sites are a very common way to trick people into installing malware on their computers. Another technique is to repackage popular software with adware or malware, and offer them for download.AVG is a popul...

Building Zscaler Likejacking Prevention For Different Browsers

Insights and Research

October 06, 2011 7 Min read

Building Zscaler Likejacking Prevention For Different Browsers

Facebook Likejacking Prevention is the second plug-in that I've released for multiple browsers (Google Chrome, Safari and Firefox). It is technically much more complex than the previous one, Zscaler Safe Shopping. Eac...

Protect Your Self Against Facebook Spam: Zscaler Tool For "LikeJacking" Protection

Insights and Research

September 26, 2011 3 Min read

Protect Your Self Against Facebook Spam: Zscaler Tool For "LikeJacking" Protection

Facebook widgets, including the "Like" buttons, are often used to spread spam and propagate scams. Typically, the scammer creates a page with a fake video player. Users are tricked into clicking on Facebook Like buttons ...

Insights and Research

September 21, 2011 1 Min read

Fake Software Store Imitate Groupon

Fake software stores often claim to offer huge discounts, not unlike the well-known site Groupon. So it should not be a surprise that some of these fake stores look exactly like Groupon in an effort to be more familiar t...

Thousands/Millions Of .tk Sites Created For Fake Online Stores

Insights and Research

September 15, 2011 2 Min read

Thousands/Millions Of .tk Sites Created For Fake Online Stores

While I was monitoring hijacked sites leading to fake online stores, I noticed a significant increase in .tk sites redirecting to searchdiscovered.com via domain.dot.tk. There are a number of interesting things going on ...

Firesheep And BlackSheep On Firefox 4.0+

Insights and Research

September 09, 2011 3 Min read

Firesheep And BlackSheep On Firefox 4.0+

Firesheep You may have noticed that the downloadable binary of the Firesheep add-on works only with version 3.6 of Firefox. The main branch is still incompatible with Firefox 6, but the latest Firesheep branch, (firef...

Insights and Research

August 31, 2011 2 Min read

Fake Stores On Other Search Engines

A few weeks ago, I showed that even search engines focused on eliminating spam from their search results fail to remove spam pages leading to fake online stores. I was curious to get a broader pictures of how different s...

Insights and Research

August 26, 2011 3 Min read

Blackhat Spam SEO Trends In 2011

My last post on Blackhat SEO spam trends was posted in December 2010. Things have changed quite a bit in 2011. Cleaner results in popular searches The main target of search engine poisoning used to be popular searc...

Insights and Research

August 17, 2011 1 Min read

Amusing Craigslist Phishing

The best way to double check that the page you are visiting is a legitimate page and not a phishing site, is to verify the domain name in the address bar (obviously, this does not work in case of DNS hijacking). Phishers...

The Web Has Still Not Switched To SSL-only

Insights and Research

August 11, 2011 3 Min read

The Web Has Still Not Switched To SSL-only

In November 2010, the release of Firesheep highlighted the dangerous consequences of not using secure HTTPS transactions. Following this, I provided some of the reasons why the web has not switched to SSL-only yet. There...

Blekko Illustrates The Difficulty In Fighting SEO Spam

Insights and Research

August 02, 2011 2 Min read

Blekko Illustrates The Difficulty In Fighting SEO Spam

Blekko is the new search engine in the block. It launched in November 2010, raised about $24 million and received a fair bit of press in start-up and tech blogs. Blekko's promise is to provide high quality search resu...

Insights and Research

July 25, 2011 1 Min read

Zscaler Safe Shopping For Safari

After Firefox, Firefox Mobile, Opera and Google Chrome, Zscaler Safe Shopping is now available for Safari. You can download it from our website. The features are the same as the other platforms - a warning is displayed w...

Brazilian Bank Targeted By Phishing Site And DNS Poisoning

Insights and Research

July 18, 2011 2 Min read

Brazilian Bank Targeted By Phishing Site And DNS Poisoning

Update 7/26: See post on our Scrapbook blog about details surrounding a recently poisoned BR nameserver involved in this fraud. -- Mike Santander, a well-known banking site, has often been the target of phishers....

Zscaler Safe Shopping Available For Opera

Insights and Research

June 20, 2011 2 Min read

Zscaler Safe Shopping Available For Opera

Zscaler Safe Shopping is already available for Firefox, Firefox Mobile (aka Fennec) and Google Chrome. Now, you can also download the extension for your Opera 11 browser. A version for Safari will be available soon as we...

The "Dad Walks In On Daughter.. EMBARRASSING!" Facebook Scams

Insights and Research

June 17, 2011 3 Min read

The "Dad Walks In On Daughter.. EMBARRASSING!" Facebook Scams

The "Dad walks in on Daughter.. EMBARRASSING!" Facebook scams have become very prevalent. I listed a few examples on our new blog, Zscaler Analyst Scrapbook. I'll go into more detail in this post. A Google search for ...

PasteHtml.com, A Heaven For Phishing Pages

Insights and Research

June 15, 2011 1 Min read

PasteHtml.com, A Heaven For Phishing Pages

Phishers, scammers and other attackers love free hosting services. They constantly need to set up plenty of malicious sites as their old ones are taken down or blacklisted. Fake AV authors loved co.cc, a free DNS service...

Blackhat Spam SEO Leading Directly To A Virus Download

Insights and Research

June 07, 2011 1 Min read

Blackhat Spam SEO Leading Directly To A Virus Download

Attackers usually use some form of social engineering technique to fool users into downloading and executing a malicious executable - they scare users with a fake antivirus page, they present users with a video that requ...

Buying Software Online Is Getting More And More Risky

Events

June 04, 2011 1 Min read

Buying Software Online Is Getting More And More Risky

Google searches for popular software (Windows, Microsoft Office, etc.) often contain links to fake online stores since at least December 2010. Google has done very little to clean up the search results. ...

Zscaler Safe Shopping Now Available For Google Chrome

Insights and Research

May 26, 2011 1 Min read

Zscaler Safe Shopping Now Available For Google Chrome

The number of fake online stores displaying downloadable software at a steep discount remains high. It can be hard to distinguish these sites from legitimate online stores. Therefore, I had previously released Zscaler Sa...

Insights and Research

May 18, 2011 1 Min read

Increase In Use Of PDFs For Spam

In recently weeks, I have noticed an increase in the use of PDF files for spam. Instead of uploading an HTML page using a compromised account, as seen shown in a previous post "Hundreds of College and Government websites...

The Most Common Obfuscation Techniques In Fake AV Pages

Insights and Research

May 14, 2011 1 Min read

The Most Common Obfuscation Techniques In Fake AV Pages

We have shown some of the heavy JavaScript obfucation techniques used by Fake AV pages, but the vast majority of such pages use lighter, yet effective techniques. Those techniques are aimed at bypassing detection devices...

Zscaler Safe Shopping Available For Firefox 4 Mobile

Insights and Research

May 06, 2011 1 Min read

Zscaler Safe Shopping Available For Firefox 4 Mobile

After porting Search Engine Security to Firefox Mobile, I have also made Zscaler Safe Shopping available for smartphones. This add-on warns users when they are browsing a fake or compromised store. If you happen to visit...

Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), SQL Injection, HTML Injection, Etc.

Insights and Research

April 28, 2011 3 Min read

Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), SQL Injection, HTML Injection, Etc.

Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), SQL Injection and HTML Injection are security flaws that have been around for years. They are well know vulnerabilities, with well-known solutions. As we've ...

Search Engine Security Available For Firefox Mobile

Insights and Research

April 20, 2011 2 Min read

Search Engine Security Available For Firefox Mobile

While the number of threats targeting mobile devices is increasing, web browsers for mobile devices are still lacking the security features of their Desktop counterparts. For example, Firefox 4 Mobile (also known as Fenn...

Hundreds Of College And Government Websites Still Redirecting To Fake Stores

Insights and Research

April 13, 2011 1 Min read

Hundreds Of College And Government Websites Still Redirecting To Fake Stores

In January, I talked about high-profile websites, which had been hacked to redirect users to fake online stores. One unique aspect of the hack was the fact that the attackers had set up additional web servers on non-stan...

Insights and Research

April 05, 2011 2 Min read

Fake AV Vs. Zscaler

I've been monitoring Blackhat spam SEO for more than a year now. I frequently have to modify the scripts used to retrieve the fake AV pages in order to deal with obfuscation and other obstacles the perpetrators have put ...

Insights and Research

March 22, 2011 2 Min read

Many University Websites Used For Spam

In January, I wrote about many high profile websites, mostly universities, that were hijacked to redirect to fake stores. Many have since been cleaned up, but a few of these University websites are still redirecting user...

Insights and Research

March 14, 2011 1 Min read

Facebook Likejacking, Phishing And Spam

Last Thursday, I wrote about Facebook Likejacking. Today, similar pages were brought to my attention. They use Likejacking to spread through user profiles using much more aggressive spam techniques.The pages looks like t...

Zscaler Safe Shopping - Stay Protected Against Compromised Or Fake Stores Online

Insights and Research

February 25, 2011 3 Min read

Zscaler Safe Shopping - Stay Protected Against Compromised Or Fake Stores Online

We're happy to release yet another free Firefox plugin to protect consumers online. Introducing Zscaler Safe Shopping This product has been submitted to the official Mozilla Add-ons sites, but will likely t...

Insights and Research

February 24, 2011 1 Min read

Facebook Phishing Pages

On 02/13/2011, I found several domains used for Facebook phishing, registered the same day: securedirectsite.com directsecuresite.com securedsitedirect.com highsecuritydirect.com securedsitedirect.com offic...

Browser Plugins And Security Considerations

Insights and Research

February 10, 2011 4 Min read

Browser Plugins And Security Considerations

Firefox is an ideal browser platform for creating add-ons. Firefox plugins have access to the entire browser, without any restriction. This allowed me to release two plugins to improve the security of Firefox users (Sear...

Unchecked Redirection + URL Shortener = Spam

Insights and Research

February 03, 2011 2 Min read

Unchecked Redirection + URL Shortener = Spam

Recently, I found several legitimate sites, with bad coding practices, used to redirect users to spam sites with the help of URL shorteners. Here is how the scam works:The legitimate sites have a warning page for all li...

Blackhat SEO Numbers For December 2010 (Part II)

Insights and Research

January 20, 2011 1 Min read

Blackhat SEO Numbers For December 2010 (Part II)

This is a follow up to the numbers I presented in Part I, which discussed malicious spam pages in Google results and the malicious that sites they redirect to.Google warningsThe number of spam pages which are flagged by ...

Insights and Research

January 12, 2011 1 Min read

High Profile Websites Hijacked To Lead To Fake Stores

Recently, a lot of high profile .EDU and .GOV were hijacked to redirect users to fake online stores. Google searches related to buying software ("buy windows 7 key", where to buy microsoft, "purchase microsoft word", "bu...

Blackhat SEO Numbers For December 2010 (Part I)

Insights and Research

January 05, 2011 2 Min read

Blackhat SEO Numbers For December 2010 (Part I)

Blackhat spam SEO was very prevalent in 2010 and it is not likely to disappear in 2011. I've compiled a few statistics on Blackhat spam SEO pages found in Google search results during December 2010: Number of ...

Google Search Results Warn About Hijacked Sites

Insights and Research

December 22, 2010 3 Min read

Google Search Results Warn About Hijacked Sites

Last Friday, Google announced a new warning for hijacked sites displayed within search results. The new warnings say "This site may be compromised". Such results represent legitimate sites that have likely been hijacked ...

Chinese Phishing Sites: Stocks And Government Lottery

Insights and Research

December 15, 2010 2 Min read

Chinese Phishing Sites: Stocks And Government Lottery

I find Chinese phishing sites particularly interesting. For starters, they don't seem to attract too many security researchers. I have found that very few Chinese sites are blocked by Phishtank or Google Safe Browsing. A...

Blackhat Spam SEO: Which Sites Get Hijacked?

Insights and Research

December 06, 2010 2 Min read

Blackhat Spam SEO: Which Sites Get Hijacked?

I have looked at 1,123 legitimate sites which have been hijacked to host spam pages redirecting users to a fake AV page. I'd assumed that most of them would be running WordPress, Joomla!, OSCommerce and other open source...

Blackhat Spam SEO & Fake AV: They Are Still There

Insights and Research

November 30, 2010 1 Min read

Blackhat Spam SEO & Fake AV: They Are Still There

It's quite depressing to see that Google still contains numerous links to spam pages which lead to fake AV sites. While there are fewer of them, they are still there. This, despite the fact that attackers have not signif...

SSL: The Sites Which Don't Want To Protect Their Users

Insights and Research

November 24, 2010 2 Min read

SSL: The Sites Which Don't Want To Protect Their Users

Last week I explained some of the challenges that websites face to switch to SSL to protect their users. The main challenge is to send the correct SSL certificate in all cases.Some websites make it very hard, or even imp...

Insights and Research

November 17, 2010 1 Min read

BlackSheep 1.5: More Options

The latest version of BlackSheep brings new options and fixes a few bugs. I encourage all users of BlackSheep to upgrade by downloading the latest version. New options Start BlackSheep au...

Why The Web Has Not Switched To SSL-only Yet?

Insights and Research

November 15, 2010 5 Min read

Why The Web Has Not Switched To SSL-only Yet?

With the session-sidejacking issue highlighted once more by Firesheep, a many people have asked me why more websites, or at least the major players (Google, Facebook, Amazon, etc.) have not enabled SSL by default for all...

Insights and Research

November 09, 2010 3 Min read

BlackSheep For Linux

BlackSheep uses compiled code to listen to HTTP traffic. These executables come straight from Firesheep. Firesheep ships with executables for Windows And MacOSX 10.5 (Intel) only, this is why the first release of BlackSh...

Insights and Research

November 09, 2010 2 Min read

Update To BlackSheep

First of all, thank you very much for all your e-mails and comments! I've tried to answer all. I will give the answer to the most common questions in this blog post. BlackSheep 1.1 is available. It fixes one issue:...

Insights and Research

November 08, 2010 3 Min read

BlackSheep - A Tool To Detect Firesheep

UPDATE: see the requirements for the extension at the end of the post UPDATE: an new version is available UPDATE: BlackSheep for Linux is available here UPDATE: If you use FileVault on MacOSX, you might be prompted fo...

Insights and Research

November 05, 2010 2 Min read

Recent Trends In Blackhat Spam SEO

Blackhat spam SEO is still very present on the web, and there have been more changes in the past few weeks than in the months before. Here are some of the evolutions that began in the past few weeks. More diverse TLDs...

Insights and Research

November 02, 2010 2 Min read

The "movie" Rings

If you've recently looked for information on a movie or its trailer, you've probably stumbled upon a website which claims to provide free streaming or downloads. The promise of these sites is rather dubious since this ac...

Another 1.5 Million Twitter Links Scanned

Insights and Research

October 28, 2010 2 Min read

Another 1.5 Million Twitter Links Scanned

In March 2010, I analyzed about 1 million links taken from public tweets on Twitter. I showed that the number of malicious links was less than 1%. I have scanned another 1.5 million links in the past 3 months from Twi...

Perl Library For Google Safe Browsing V2

Insights and Research

October 26, 2010 2 Min read

Perl Library For Google Safe Browsing V2

Google offers URL blacklists to identify malicious websites and phishing sites through the Google Safe Browsing API. It is used in pretty much all browsers (Firefox, Safari, etc.), except Internet Explorer. Version 2 has...

Insights and Research

October 21, 2010 1 Min read

Analysis Of Multiple Exploits

The most common type of malware seen in Blackhat spam SEO is the fake antivirus. But I also see other types of exploits from time to time. This week, the same malicious page came up on different domains: 4rukel.cz.cc, 4l...

Who Else Is Benefiting From The Spam SEO?

Insights and Research

October 19, 2010 2 Min read

Who Else Is Benefiting From The Spam SEO?

Blackhat SEO spam is used mainly to redirect users to pages serving malware, often disguised as an antivirus. However, other players are using the same Blackhat spam SEO techniques (they use hijacked sites) more and more...

"Hot Video" Pages: Analysis Of An Hijacked Site (Part IV)

Insights and Research

October 14, 2010 2 Min read

"Hot Video" Pages: Analysis Of An Hijacked Site (Part IV)

In Part I and II, I analyzed files on a hijacked web site that was part of the malicious "Hot Video" campaign. While doing the analysis, I looked at other hijacked domains. All these domains had one of the malicious file...

Insights and Research

October 11, 2010 1 Min read

Halloween Tricks: Spammers Are Ready

Halloween is less than a month away and vendors have already set up their stores to sell plenty of candies, pumpkins, decorations, costumes. Halloween represents big business for U.S. retailers. Spammers are clearly n...

Update To The Search Engine Security Plugin

Insights and Research

October 06, 2010 1 Min read

Update To The Search Engine Security Plugin

I won't make a new blog post every time I update the Search Engine Security add-on for Firefox, but there have been several changes since the last post. Notification This feature was introduced in version ...

Insights and Research

October 04, 2010 1 Min read

PHP Deobfuscation

When I was analyzed the PHP scripts used for the "Hot Video" pages, I had to find a way to deobfuscate the PHP code. There are many tools and online services to obfuscate PHP, but very few to deobfuscate it. ...

Best And Worst Antivirus Against Fake AV Malware

Insights and Research

September 30, 2010 1 Min read

Best And Worst Antivirus Against Fake AV Malware

The detection rate for fake antivirus malware amongst antivirus vendors is usually below 25%. I was curious to see which AV engines were the best and worst, when it comes to blocking malicious fake AV executables. In ord...

"Hot Video" Pages: Analysis Of An Hijacked Site (Part III)

Insights and Research

September 29, 2010 3 Min read

"Hot Video" Pages: Analysis Of An Hijacked Site (Part III)

In Part I and II, I analyzed files on a hijacked site that was part of the "Hot Video" campaign. While doing the analysis, I identified other hijacked domains and found additional scripts used to create the "Hot Video" p...

Insights and Research

September 23, 2010 1 Min read

Fake AV Moving From .co.cc To .cz.cc

I've mentioned before that most of the fake AV sites were hosted on the sub-domain of co.cc which offers free DNS services. It is certainly true that the domain is still hosting most of the fake AV sites, however, the...

"Hot Video" Pages: Analysis Of An Hijacked Site (Part II)

Insights and Research

September 22, 2010 2 Min read

"Hot Video" Pages: Analysis Of An Hijacked Site (Part II)

In Part I of this series, I analyzed the files used in coordination with news.php to create the malicious spam "Hot Video" pages. In this second post, I'll analyze the rest of the files found on the site: .cch/ - f...

Insights and Research

September 20, 2010 5 Min read

"Hot Video" Pages: Analysis Of An Hijacked Site (Part I)

I was fortunate enough to find a hijacked site which was being used to host fake "Hot video" pages, which I've blogged about before. However, this time around, the site had directory listings enabled. As such, I could vi...

Phishing Sites Hosted On Google Blogpsot

Insights and Research

September 15, 2010 1 Min read

Phishing Sites Hosted On Google Blogpsot

We've previously reported on malware that can be accessed from Google search results and malicious executables hosted on Google Code. Additionally, Google Docs has been used for phishing and spam in the past. Now, Blogsp...

Attackers Re-create An Entire Facebook Site For Phishing

Insights and Research

September 14, 2010 1 Min read

Attackers Re-create An Entire Facebook Site For Phishing

Most phishing sites consist of one login page with perhaps a few additional pages. However, I recently stumbled upon a Facebook phishing site which cloned all the facebook pages: About, Developers, Adverting, Sign up, et...

Insights and Research

August 24, 2010 2 Min read

A Week Of Research

This post is a little bit different from what I usually write. Rather than explaining one topic, I'd like to provide insight into what we uncover during a typical week of research. Here are some of the malicious pages th...

Insights and Research

August 18, 2010 1 Min read

More Chinese Phishing Sites

in a previous post, I talked about the QQ phishing sites targeting chinese users. There is another popular type of Chinese phishing: Yahoo! Auctions lotteries. Yahoo Auctions is more popular than eBay in China. ...

Insights and Research

August 16, 2010 1 Min read

QQ Phishing Sites Stay Under The Radar

In April, Mike reported an increase of QQ phishing sites. This does not come as a surprise, QQ is the equivalent of Google + eBay + Paypal in China. QQ first started as an Instant Messaging site and has now evolved as a ...

Insights and Research

August 11, 2010 1 Min read

Spam SEO And Adware

It seems that Blackhat spam SEO is getting more and more effective, allowing attackers to spread malware and adware. Spammers can now easily infect thousands of websites in order to rank high in popular searches and tric...

SEO Spam Attacks Are Getting Harder To Spot

Insights and Research

August 05, 2010 1 Min read

SEO Spam Attacks Are Getting Harder To Spot

Spam SEO pages used to be very easy to spot: no Javascript, no style sheets, no images, etc. and usually just a single link. They only text on the page relevant to the spam was generally a set of short paragraphs, as sh...

Insights and Research

August 02, 2010 1 Min read

SEO Spammers Go After Firefox Users

Most malicious pages used in spam SEO attacks target Windows users, by showing what looks like a Windows Antivirus screen running, or Internet Explorer with pages displaying fake IE warnings about outdated flash versions...

New Firefox Add-on To Protect Against Blackhat Spam SEO

Insights and Research

July 30, 2010 3 Min read

New Firefox Add-on To Protect Against Blackhat Spam SEO

There are currently no ultimate solutions for end-users to protect themselves against fake AV pages, fake videos and other malicious spam SEO: antivirus have a low detection rate, blacklist (such as Google Safe Browsing)...

Insights and Research

July 27, 2010 1 Min read

Fake AV: New Look & Feel

I recently stumbled upon a new type of fake AV page. This one looks like the store front of an anti-virus vendor. New fake AV look & feel The page is animated and displays a fa...

Insights and Research

July 19, 2010 1 Min read

"Spyware And Virus Free" - Really?

Most of the non-malicious spam that we see in search results relates to fake search engines. The operators of these sites make money by tricking users into clicking on disguised advertising. Another way they make money i...

Fake Youtube Page Used To Infect Soccer Fans

Insights and Research

July 09, 2010 1 Min read

Fake Youtube Page Used To Infect Soccer Fans

Attackers are using the excitement surrounding the World Cup to attack users. As we've shown earlier, they have posted links to fake live streams on social networks, or used BlackHat SEO spam to infect the top soccer-rel...

Comparison Of Malware Protections: Google Safe Browsing, Microsoft SmartScreen, Etc.

Insights and Research

June 10, 2010 2 Min read

Comparison Of Malware Protections: Google Safe Browsing, Microsoft SmartScreen, Etc.

All modern web browsers now include protections for malware. They include a list of known malicious URLs, and compare each address visited by the user against this list. If the URL is recognized as malicious, a warning m...

Fake Video Codecs Replacing Fake AV Pages

Insights and Research

June 08, 2010 1 Min read

Fake Video Codecs Replacing Fake AV Pages

We've recently seen fake AV pages being replaced by fake video pages - malicious pages showing a Flash based video player, along with an error telling the user that he has to download a new codec to play the video. Th...

Insights and Research

June 04, 2010 1 Min read

New Fake AV Pages

There have been a number of changes in the world of Search Engine Optimization (SEO) poisoning attacks. I reported yesterday that there we're seeing ever more dangerous exploits using Flash and Java.We're now also findin...

Spam SEO: Use Of Java/Flash Leads To More Dangerous Exploits

Insights and Research

June 02, 2010 2 Min read

Spam SEO: Use Of Java/Flash Leads To More Dangerous Exploits

Most malicious sites behind spam Search Engine Optimization (SEO) poisoning attacks lead to fake antivirus pages. The malicious sites rely on social engineering, tricking users into thinking their computer is infected an...

Insights and Research

June 01, 2010 1 Min read

Infected Javascript File

When legitimate sites are hacked, attackers usually modify the existing HTML pages to add their own code (obfuscated Javascript or invisible IFRAMEs), or add new fake pages to the site. The additional code is commonly fo...

Fake Antivirus: Your Blacklist And Antivirus Do Not Protect You

Insights and Research

May 25, 2010 2 Min read

Fake Antivirus: Your Blacklist And Antivirus Do Not Protect You

We have spent a fair bit of time discussing fake AV pages as they represent approximately 60% of the malicious content associated with Search Engine Optimization (SEO) attacks, according to Google. As shown in past Zscal...

Insights and Research

May 25, 2010 1 Min read

Philippine Yellow Pages Hacked

Following on the wave of "iepeers.dll" exploits, we found that the same client IP address involved in the attacks, used an open proxy to reach thousands of pages containing IE6 exploits. These consisted of legitimate si...

Insights and Research

May 24, 2010 2 Min read

Fake AV Copycat?

Malicious fake antivirus pages are pretty much all the same, with very straightforward code, which makes them relatively easy to detect. Most of these pages are also found just a few domains (mostly on sub-domains of xor...

Insights and Research

May 18, 2010 1 Min read

Spike Of "iepeers.dll" Exploits

We have seen a spike in exploits using the CVE-2010-0806 "iepeers.dll" vulnerability since this past weekend. The vulnerability affects Internet Explorer 6 and 7. We have seen this exploit in the wild since that day,...

Insights and Research

May 17, 2010 2 Min read

SEO Spam Research

Hacked sites may have their pages modified with invisible IFRAMES or malicious JavaScript, or new dynamic pages are created to redirect users to a fake anti-virus page or a scam. In some cases, new folders are created, a...

Deep Javascript Obfuscation Can Make Exploits Easier To Detect

Insights and Research

May 13, 2010 3 Min read

Deep Javascript Obfuscation Can Make Exploits Easier To Detect

UPDATE: AVG displayed false alerts about the obfuscated Javascript codes samples displayed in the post. These samples are all harmless. I have replaced these codes samples with screenshots. Minification, packing, ob...

Insights and Research

May 06, 2010 2 Min read

Elaborate Scam For Mother's Day

Mother's Day is coming soon. As for any big event, attackers and spammers are using Blackhat Search Engine Optimization (SEO) to lure users to their site. I stumbled upon a rather elaborate scam involving tens of site...

How To Use Google To Be The Bad Guy, Or To Fight The Bad Guys

Insights and Research

May 04, 2010 4 Min read

How To Use Google To Be The Bad Guy, Or To Fight The Bad Guys

Find vulnerable targets When a vulnerability is disclosed in a popular software (such as Wordpress, Joomla!, Drupal, etc.), attackers can use Google to quickly find a list of websites that run the potentially vulnerab...

Remote Downloader ActiveX: Old Exploits, New Malware

Insights and Research

April 26, 2010 3 Min read

Remote Downloader ActiveX: Old Exploits, New Malware

ActiveX is a proprietary Microsoft technology, which allows developers to produce reusable software components. The controls are compatible with the Internet Explorer (IE) web browser and over the years have been a frequ...

Video: First Link On Google Leads To A Malware Site

Insights and Research

April 16, 2010 1 Min read

Video: First Link On Google Leads To A Malware Site

A video is worth a thousand words. This short clip shows a Google search for "tax day freebies", one of the hottest search terms on 04/14/2010. The first regular search result (below the News and Twitter sections) redire...

Google Search: More Links Are Malicious Than You Realize

Insights and Research

April 05, 2010 2 Min read

Google Search: More Links Are Malicious Than You Realize

It is not uncommon to find malicious links in 15% to 20% of the first 100 results returned by Google for any popular search term (according to Google trends). If Google doesn’t take the Blackhat SEO problem more seriousl...

How Google Is (NOT) Tackling The Blackhat SEO Issue

Insights and Research

April 05, 2010 3 Min read

How Google Is (NOT) Tackling The Blackhat SEO Issue

Google is widely used by attackers to trick users into going to malicious sites. The attackers hack legitimate sites that rank high on popular searches. The hacked pages display good content to the Google crawlers but wh...

Governmental Website Hacked To Spread Malware

Insights and Research

April 01, 2010 1 Min read

Governmental Website Hacked To Spread Malware

Malicious sites are hiding themselves behind hacked legitimate sites. Attackers use these legitimate sites to fool the search engines into showing them as the top results for the most popular searches. These sites are ...

Unlike Popular Belief, Short Links On Twitter Aren't Malicious!

Insights and Research

March 29, 2010 2 Min read

Unlike Popular Belief, Short Links On Twitter Aren't Malicious!

Twitter recently announced that it has implemented a new security system to scan all URLs posted in tweets to protect users from malicious sites. This follows a similar announcement from bit.ly in November 2009 T...

Insights and Research

March 09, 2010 3 Min read

Are URL Shorteners Really Dangerous?

There has been plenty of buzz about URL shorteners and security. URL shorteners have been described as a new attack vector since being popularized by social networks such as Twitter. I don't feel that URL shorteners are ...

Chile Earthquake Tragedy Used To Spread Malware

Insights and Research

March 03, 2010 2 Min read

Chile Earthquake Tragedy Used To Spread Malware

As we've discussed multiple times, search engine optimization (SEO) is a favored tool for spreading malware. Along with the Haiti earthquake and the Winter olympics, the recent earthquake in Chile is a top news story. Un...

Explore More Topics

Customer Stories

Culture

Zscaler Cloud Platform

Insights and Research

Work from Anywhere

CIO Insights

Events

News and views from the leading voice in secure digital transformation

Menu

Home

Product Insights

Security Research

Company News

Zscaler Life

More From This Author

Julien Sobrier

Insights and Research

September 09, 2013 1 Min read

Fake AV And PRISM Warning On Hijacked Website

While many individuals are concerned about privacy in light of PRISM, some malicious actors are using the program to scare naive users into installing ransomware. Since August 23rd, we have seen about 20 domains that car...

Insights and Research

August 14, 2013 2 Min read

Facebook Phishing: Manual Session Hijacking

We have reported a number of Facebook phishing pages and scams on this blog. Attackers always come up with clever ideas to fool users in order to obtain their credentials. One of these phishing tricks is a "poor-man" ses...

Insights and Research

July 10, 2013 1 Min read

Tracking A Botnet Infection

Recently we found several malicious executables with similar characteristics. These files were found on the following six domains: janashfordplumbing.com kalliskallis.com lowes-pianos-and-organs.com co...

Insights and Research

June 04, 2013 1 Min read

Phishers Target Yahoo Users

Yahoo Mail introduced two-factor authentication in December 2011. Two-factor authentication can be used to prevent suspicious access to an account (login from a different country, numerous failed login attempts, etc.) an...

Insights and Research

May 16, 2013 2 Min read

Fake YouTube Page Targets Chrome Users

Fake YouTube pages are one of the favored ways attackers leverage to get users to click on malicious content. These fake pages often look the same, but the source code can reveal a new twist. This time, a recently encoun...

Insights and Research

May 03, 2013 1 Min read

Fake Flash Player On DropBox

Fake Flash updates are leveraged as a very popular trick amongst attackers to fool users into downloading and installing malware. This week we found a three websites distributing Win32.Sanity.N malware disguised as Flash...

Insights and Research

April 30, 2013 1 Min read

More Fake SourceForge Websites Show Up

Two weeks ago we reported on a fake SourceForge website, sourceforgechile.net, which was used to distribute malware. We have since seen more of these fake sites this past week: sourceforgebulgaria.net, registered on ...

Insights and Research

April 26, 2013 3 Min read

Bitcoin: Regulations And Security

You have probably heard about Bitcoin, a relatively new virtual currency. It made headlines recently because it is starting to present a real alternative for traditional online payments, and has recently experienced ...

Insights and Research

April 17, 2013 1 Min read

Fake SourceForge Site Distributes Malware

We spotted malware hosted on hxxp://sourceforgechile.net/ a couple of days ago. The website is not currently responding, but appears to been set up as a fake and malicious version of the popular open-source hosting site ...

Insights and Research

April 09, 2013 1 Min read

Pinhout: Pinterest Clone Or Phishing Site?

Recently I stumbled upon pinhout.com. Look familiar? Pinhout.com looks awfully familiar to... It looks like a Turkish copy of Pinterest, a growing social network to share web conte...

Insights and Research

February 22, 2013 1 Min read

The Move To Plugin-free Browsers

Apple was the first major player to offer a browser with no plugins with Safari for iOS. Even the very popular Flash plugin cannot run in the browser. However, no vendor, including Apple, has had such restrictions on the...

Insights and Research

February 08, 2013 1 Min read

HTTPS Everywhere For IE: Faster, Auto-update Enabled

I've released HTTPS Everywhere for Internet Explorer v0.0.0.3. Additional details about the update can be found in the version history of the PDF documentation.Changes in 0.0.0.3Faster start upThe start up time is now mu...

Insights and Research

February 01, 2013 1 Min read

HTTPS Everywhere For Internet Explorer: Source Code And New Version Available

I have released the source code for HTTPS Everywhere for Internet Explorer on GitHub as promised in the last blog post. You need Visual Studio Profession 2010 to compile the project and NSIS to build the installer. Feel ...

Insights and Research

January 14, 2013 3 Min read

Are You Vulnerable To Yet Another Java 0Day Exploit?

Test to see if you're vulnerable. Only five months after the last high profile 0-day Java vulnerability, there is new 0-day being exploited through Java plug-ins. This vulnerability is present in Oracle Java 1.7....

Insights and Research

January 11, 2013 3 Min read

Preparations For A Spam Campaign

We have discussed a number of spam and malware campaigns on this blog. This time, I'll show what happens in the days and weeks before the campaign starts. I've found two examples that show the steps that are taken by the...

Insights and Research

January 03, 2013 1 Min read

Facebook Malware Campaign

We're seeing a massive campaign of malware distribution through Facebook look-a-like pages that started just before the new year. Malicious page distributing malware These pages are...

Insights and Research

December 21, 2012 3 Min read

Fake AV 3 Years Later: Still There, Still Not Blocked

You may want to open the first blog post we did on Fake AV in December 2009, three years ago, side by side with this post. See if you can spot the differences... fake antivirus pages in 2012 are nearly the same as they w...

Insights and Research

December 17, 2012 3 Min read

HTTPS Everywhere For Internet Explorer

News and views from the leading voice
in secure digital transformation