Andrew Martin

My RSS reader alerted me today to another wave of mass website compromises from Web Sense. Hungry for more information I decided to dig in to reveal the details that, as always, have been left out. Summary This attack appears to be brought to us courtesy of the attackers behind Gumblar. The malware involved and [...]

I first found out about Gumblar a couple days ago via one of Scan Safe’s blog posts. Responsible for 42% of “all malicious infections found on websites” (Sophos) during a 7 day period, Gumblar (JSRedir-R)  has been extremely effective at propagating. Many bloggers have been focusing on the script involved in the attack, not so [...]

It’s my first day back on the job and I decided to do a little hunting to see what this notorious hosting provider has been up to while I was gone. Unsurprisingly, we saw a large number of attacks from this hosting company. They all appear to be fake anti virus related. Given the age [...]

After a weekend hiatus, I’m back with the next host of interest – ZlKon. role: ZlKon HostMaster address: Lilijas iela 4-74 address: Riga, LV-1055 address: Latvija phone: +371 26330593 e-mail: hostmaster@zlkon.lv admin-c: AD5952-RIPE tech-c: AD5952-RIPE nic-hdl: ZK508-RIPE mnt-by: ZLKON-MNT changed: hostmaster@zlkon.lv 20081125 source: RIPE abuse-mailbox: abuse@zlkon.lv Based in Latvia, Zlkon seems to have a high [...]