Stegano exploit kit poisoning pixels
Visiting popular websites and getting infected without any interaction? ESET explains how the stealthy Stegano exploit kit, hiding in the pixels of malicious ads, is capable of performing this dirty job.
exploit kit
Readers of popular websites targeted by stealthy Stegano exploit kit hiding in pixels of malicious ads
Millions of readers who visit popular news websites have been targeted by a series of malicious ads redirecting them to the Stegano exploit kit.
Exploit Kit plays with smart redirection (amended)
Aleksandr Matrosov notes a new exploit kit approach to hiding redirects using implicit iFrame injection. (NB Nuclear Pack, not Blackhole.)
Free Anti-virus: Worth Every Penny?
Why you really might prefer to pay for AV security. Free Fall or Free-for-All?
Blackhole, CVE-2012-0507 and Carberp
The Blackhole exploit kit has been updated to version 1.2.3 and includes a new exploit for the Java CVE-2012-0507 vulnerability, which ESET calls Java/ Exploit.CVE-2012-0507
Drive-by FTP: a new view of CVE-2011-3544
Research by Aleksandr Matrosov and Vladimir Kropotov on distribution of a CVE-2011-3544 exploit by FTP.
Spam campaign uses Blackhole exploit kit to install SpyEye
This article was written in collaboration with my colleague Jean-Ian Boutin. The Wigon botnet (also known as Cutwail) is being used in a massive spam campaign. A multitude of ruses are used to get the user to click on a link: fake LinkedIn or Facebook notifications, free Windows licenses, fake deliveries etc. The links are
Carberp white paper: now with added pictures
"Win32/Carberp: When You're in a Black Hole, Stop Digging" aggregates most of our published material on Carberp into a single resource.
Carberp + BlackHole = growing fraud incidents
This article examines the relationship between the Black Hole exploit kit and Win32/Carberp.