Security Blog

Leave blank for all. Otherwise, the first selected term will be the default instead of "Any".
Chris Larsen's picture
Written by
Chris Larsen, Adnan Shukor

[It's been a couple of months since the last post in our "Shady TLD" series, with plenty of interesting candidates for another expedition, but other R&D kept getting in the way.

Chris Larsen's picture
Written by
Chris Larsen

I've been meaning to write about a particular PUS (Potentially Unwanted Software) network that I looked at a couple of weeks ago, but there's been a considerably high number of meetings lately (the bane of an engineer's existence)...

Background:

Chris Larsen's picture
Written by
Chris Larsen

Under my Twitter handle (@bc_malware_guy), I post an occasional "Shady Domain Name of the Day" tweet, featuring my favorite oddball domain names that the Bad Guys create to further their nefarious schemes. (Recent favorites include names like faintheartedsharkoil.info, macadamianutdogma.org, and practicebundlingredbreastedsapsucker.org....)

Chris Larsen's picture
Written by
Chris Larsen

For part of this week, I've been poking into an attack we blocked last weekend (Saturday, 6/06), and while parts of it were pretty standard, the variety of attack vectors was interesting...

First, the "standard stuff":

Chris Larsen's picture
Written by
Chris Larsen

This is essentially Part Two of yesterday's post on phony tech support scams. (For those too lazy to click, a hat tip to @malekal_morte for his tweets yesterday about these attacks.)

Near the end of yesterday's investigation, I came across a couple of domains that appeared to be targeting Macs. In poking around a bit further afield, I found another one, and decided that these were worth a separate blog post.

The three scam domains I've found so far are as follows:

Chris Larsen's picture
Written by
Chris Larsen

This is a post to support the excellent work of another researcher (@malekal_morte), who posted several screenshots from his research today, focusing on Tech Support Scams. (His main site is here, if you read French.)

Malekal's images showed several of these sites (techsupportexpertise.com, windows-notifications.com, couponsforcart.com). If you're sharp-eyed, you may have noticed that the third domain in that list doesn't seem to have anything to do with tech support, and it doesn't; but that's because the network that it belongs to does more types of scams than just phony tech support.