Security Blog

Bizarre Russian "X-ray Cell Phone Scanner" Scam

February 21, 2010 - By Chris Larsen,
Background: About a month ago, I [Chris] began noticing some rather... "interesting" Russian pages in our logs as I was looking for Fake AV Scanners. These sites appeared to be offering special software for your mobile phone that would let you use your phone's camera to "scan" women (who are wearing normal clothing) and see them naked on the screen. No, I'm not making this up.

Russian Examples of Fake AV Scanners

February 15, 2010 - By Chris Larsen,
That ever-popular malware vector, the Fake AV Scanner, is normally presented in English: either as the default (or only) language a particular instance uses, or they check the location of my IP address (which is normally in America, unless I'm being sneaky). So naturally any non-English examples I come across catch my eye. In the last week or two, I've seen several in Russian, and saved some screenshots:

Phishing for WoW Treasure

February 8, 2010 - By Chris Larsen,
Following up on a couple of recent posts (here and here), I wanted to continue emphasizing that phishing is not just about banking sites anymore. A perfect opportunity came up a couple of weeks ago, when one of our analysts noticed a phishing attack targeting World of Warcraft accounts, and took time to write it up. (Sorry I didn't get it posted last week, Matt!) -- C.L.  

How Suspicious are Dynamic DNS Sites?

February 4, 2010 - By Chris Larsen,
There is still no official update from Google providing details of the "Aurora" attack, but we continue to see second- and third-wave attacks in our logs. As it looks like most of the host sites are using "Dynamic DNS" subdomains, I thought this would be a good time to write about this often-abused part of the Internet.

A Look at the Google Hack (aka the 'Aurora' Attack)

January 24, 2010 - By Chris Larsen,
(Note: Thanks to all on the team who contributed constructive feedback on the draft version of this post!) Background

The Changing Phace of Phishing, Part Two

January 17, 2010 - By Chris Larsen,
Last month, I wrote about changes in the phishing ecosystem. As a follow-up, I asked one of our resident phishing specialists to write a short summary of the changes he's noticed as he monitors phishing attacks. (Thanks, Dave!) --C.L. Trends in Who is Spoofed

Baidu Taken Down by DNS Hack

January 12, 2010 - By Chris Larsen,
So Baidu got hacked yesterday. That is very big news. For China, that's like saying "Google got hacked." It's the leading search engine there, and one I've spent time using during work on our Chinese module for DRTR.

A Scary Statistic from Kaspersky

January 7, 2010 - By Chris Larsen,
Here's a quick post to think about this weekend, courtesy of a comment in the new issue of Virus Bulletin (subscription required) and our partners at Kaspersky:

Tracing an FBI Warning

January 7, 2010 - By Chris Larsen,
Normally, we don't blog much about other blogs or news stories, as we prefer to keep the focus here on original research based on what we see in the WebPulse™ logs. This week, however, I came across an article that deserves some wider publicity (and which fits in with our security work).

Major Christmas e-Card Spam Campaign

December 27, 2009 - By Chris Larsen,
During the holidays, the Blue Coat Web Filter™ team continues to keep an eye on things, both the results of the various WebPulse™ automated processes and the various data streams that the human analysts monitor. One trend worth remarking on has been a flood of "e-Card" spam in our honeypots. This began a few days before Christmas, and is still continuing. As it turns out, this will also give me a chance to talk a little bit about a category of software we call "Potentially Unwanted Software". (Or "PUS" for short.)