Another attack from Russia (or at least a computer in Russia) on job seekers - in a section of business week targeting job related section of the site.
I would put the article link here but when I go to the page Norton says it's blocking a virus, so will refrain.
Trends from the trenches of Internet traffic. Hackers, spammers and Internet abuse. IP address database. DNS sightings. Views and opinions expressed are my own. ~ Teri Radichel @teriradichel
Thursday, September 18, 2008
HTTP Adobe SWF Remote Code Execution
Apparently an attack was blocked on my computer:
Http Adobe SWF Remote Code Execution
Risk: High
remote machine: ad101com-images.adbeareau.net (96.17.108.107)
Site I was visiting: http://adtmag.com/article.aspx?id=23284
(the ads may rotate)
Network:
OrgName: Akamai Technologies
OrgID: AKAMAI
Address: 8 Cambridge Center
City: Cambridge
StateProv: MA
PostalCode: 02142
Country: US
NetRange: 96.16.0.0 - 96.17.255.255
I just realized that the email came from: AppTrendsNL@1105service.com
http://whois.domaintools.com/1105service.com
Coincidentally, I was just reading about a click attack that Adobe was asking some hackers not to report.
Http Adobe SWF Remote Code Execution
Risk: High
remote machine: ad101com-images.adbeareau.net (96.17.108.107)
Site I was visiting: http://adtmag.com/article.aspx?id=23284
(the ads may rotate)
Network:
OrgName: Akamai Technologies
OrgID: AKAMAI
Address: 8 Cambridge Center
City: Cambridge
StateProv: MA
PostalCode: 02142
Country: US
NetRange: 96.16.0.0 - 96.17.255.255
I just realized that the email came from: AppTrendsNL@1105service.com
http://whois.domaintools.com/1105service.com
Coincidentally, I was just reading about a click attack that Adobe was asking some hackers not to report.
Wednesday, September 10, 2008
Latest hack - Code tacked onto URL
There seems to be a new hack on the loose. Well it's not that new because I noticed before but didn't have time to blog it. Seems that someone is attempting to include some code at the end of a URL as shown in this image (click on the image to see a larger size image showing the code that is tacked onto the end of a url like:
http://www.somesite.com/?DECLARE....
This particular traffic comes from:
142.167.53.105 9/10/2008
OrgName: Stentor National Integrated Communications Network
OrgID: SNI1
Address: One Brunswick Square
City: Saint John
StateProv: NB
PostalCode: E2L-4K2
Country: CA
NetRange: 142.167.0.0 - 142.167.255.255
http://www.somesite.com/?DECLARE....
This particular traffic comes from:
142.167.53.105 9/10/2008
OrgName: Stentor National Integrated Communications Network
OrgID: SNI1
Address: One Brunswick Square
City: Saint John
StateProv: NB
PostalCode: E2L-4K2
Country: CA
NetRange: 142.167.0.0 - 142.167.255.255
Monday, September 08, 2008
Encrypted Email
I understand that you can encrypt email and someone cannot read the contents (assuming they cannot hack your encryption technology) but what I want to know is this - you have to include in your email the destination and is the email address itself readable? In that case what prevents the hackers from replacing encrypted email contents with a spam message and changing the from email address? Just wondering.
Subscribe to:
Posts (Atom)