Home     Articles     SBS Show     Vladfire     About     Links     Contact     Wiki     RSS2 Feed    

AJAXify your Wordpress

Learn how I ajaxified my wordpress blog with these few steps...

SBS Show!

Listen to the latest episode of the SBS Show, Dave Sobel talks about process management...

Vladville Newsletter!

Looking for a more focused, exclusive insight into the world of SMB tech & business? Sign up for my newsletter!

Greeting card from Paris?
Posted: 4:12 pm
August 14th, 2008 		Post a comment
ExchangeDefender

262218~Paris-Hilton-Posters While Tim is still trying to figure out how to integrate ExchangeDefender into his company, I’m feeling good knowing that some of the policies we have established a long time ago are finally starting to be used by the spammers. It’s one of the things we do here very often – if we were to SPAM the world, what would we do? (then we sit down and find the ways to crush it)

One of the things we integrated years ago covered the topic of extension masking, in the scam similar to the one outlined on Tim Barret’s blog. Basically, the spammer either attaches or links in a dangerous attachment that doesn’t look too dangerous. It’s all done by masking the extension to get by the user. For example:

This is a text file:
Vlad is great.txt

This is an executable:
Vlad is great.txt.exe

This is an executable that idiot users click on:
Vlad is great.txt                                     .exe

So a few years ago we integrated two checks – first, does the extension get masked by another extension and second, does the attachment or link include an excessive amount of spaces in it. If it does – poof.

paris

Now.. That’s hot!

This strain by the way has been going on for weeks now and we’ve locked down over 75,000 hosts for spraying it across the Internet. This one shows a familiar Youtube shell but links to a random web site with the virus linked on it with a masked extension.

Also of note, question came up: Why do these viruses always get spread by random web sites on the Net??? Well, because those web sites got 0wn3d. Do you really think a hacker or a script kiddy behind this is going to register a domain name and serve their traffic off their own site? Heck no. Let others pay for it, you just work on controlling your botnet.

Anyhow, thats what we do at ExchangeDefender all day long. That and read your email. We hit delete. A lot. Ok, sometimes we forward too – but only if its funny!

P.S. Oh, and if you’re wondering how I did that bubble thing in the screenshot – feature of the new SnagIt 9.0 – Betsy and Kristina have been hooking me up new copies of it  for years, best damn tool in the shed.

Both comments and pings are currently closed.

3 Comments

Allen | August 14th, 2008 at 5:17 pm

Oh, maybe that is the reason for the virus.
Doesn’t it matter, I am NOT going to suck your balls.



User links about "executable" on iLinkShare | September 13th, 2008 at 6:48 pm

[...] links | iLinkShare 2 votesD executable sizes over time>> saved by ollivesterinen 1 days ago3 votesGreeting card from Paris?>> saved by jlrieke 2 days [...]



Recent Faves Tagged With "snagit" : MyNetFaves | October 9th, 2008 at 3:35 pm

[...] public links >> snagit Greeting card from Paris? First saved by xTikewroex | 2 days ago SnagIt 9: Get it Now First saved by z4k4ri4 | 32 days [...]

Whats on Vlad's Mind?

Sponsors:
This blog is made possible by Own Web Now Corp and ExchangeDefender. If you like this blog and are in the need of products we offer I hope you give us some consideration.

Get The Newsletter

Twitter

Vladfire Vlog

Divider


SBS Show Podcast
 

Categories

  

Archives

  

About
Divider Divider