Of Spam & Men

To content | To menu | To search

Tag - paper

Entries feed - Comments feed

Wednesday 21 March 2007

Stocks spams do work

diaaf-chart-annotated.pngChoose an unknown, forgotten, valueless stock value like DIAAF.OB, quoted at $0.0008 per share. Buy millions of shares, it will make the value rise (you are creating a demand) to $0.0011. Now, flood the world with spam, advertizing how the stock value is raising... you'll create more demand, the share value will rise... And now? Sell. You're rich.

Continue reading...

Friday 1 December 2006

Malware against virtual keyboards

malware-virtualkeyboard1.jpg

More and More banking institutions are replacing the usual username/password form with a virtual keyboard. The sole purpose of thie method is to defeat keyloggers.

Unfortunately for them, more and more malwares also defeat the purpose of using virtual keyboards. The guys at VirusTotal analyze a new trojan that performs a series of small screen captures of the area aroundthe mouse cursor.It also adds a red arrow pointing exactly where the user clicked.

Continue reading...

Friday 24 November 2006

Malicious crypto: (Ab)use cryptology

This is a very interesting lecture from Frederic Raynal from the french security mag MISC:

Cryptology is everywhere nowadays. Most of the time, people don't even know they are actually using it on a daily basis. In this lecture, we'll show how the crytpography is actually a double edged sword. Despite cryptology's common use as a defensive way by providing primitives like confidentiality and integrity, we'll see to use cryptology for malicious purpose. We use it here to improve target selection during attacks, to save time or to be as sealth as possible.

Continue reading...

Saturday 18 November 2006

Malware Case Study

Secure Science Corporation and Michael Ligh did a very good job analyzing a malware. Their case study is a very complet and interesting analyze of a yet-to-be-named malware (prg.exe):

This document contains details of an exploratory case study that was conducted on a malware specimen found in the wild by members of the Mal-Aware Group 1 . The trojan was hosted on web servers located in the Ukraine and Russia, and existed among several gigabytes of data encoded with a proprietary algorithm. There were nearly 10,000 individual files available, each containing between 70 bytes and 56 megabytes worth of stolen data that only criminals could read…until now.

Continue reading...