A few days ago, America Online, or AOL, confirmed that their mail service - AOL Mail - had been hacked, with the email addresses (allegedly only 1% of their entire customer base) either compromised and/or spoofed to send spam with links leading to phishing pages.  We combed through the Internet to look for samples of the phishing spam being sent, and they popped up readily in our searches. Figure 1. AOL Mail spam sample Figure 2. Second AOL Mail spam sample The spammed ...

Since news about Heartbleed broke out earlier this month, the Internet has been full of updates, opinions and details about the vulnerability, with personalities ranging from security experts to celebrities talking about it. Being as opportunistic as they are, cybercriminals have taken notice of this and turned the furor surrounding Heartbleed into lure for a spam attack. Figure 1. Heartbleed spam The spammed mail is a simple-looking one, as far as spam goes. The body is plain text, notifying the user about the ...

[caption id="attachment_59121" align="alignright" width="150"] How the Heartbleed bug works[/caption] In previous blog entries, we've discussed various aspects of the Heartbleed vulnerability in OpenSSL. Last Tuesday, our first blog post covered an analysis of the vulnerability itself, as well as some steps that IT administrators of affected systems could do in order to protect themselves. Later entries looked at how popular websites and mobile apps were, in their own ways, vulnerable to the threat. To help deal with the Heartbleed vulnerability, we've released several ...

In trying to gauge the impact of the Heartbleed vulnerability, we proceeded to scanning the Top Level Domain (TLD) names of certain countries extracted from the top 1,000,000 domains by Alexa. We then proceeded to separate the sites which use SSL and further categorized those under "vulnerable" or "safe." The data we were able to gather revealed some interesting findings. As of the moment, we see an overall percentage of around 5% in terms of sites affected by CVE-2014-0160. The TLDs with ...

“Get rich fast” scams have been circulating online for several years now. Some examples would be the classic Nigerian or 419 scams, lottery scams, and work-from-home scams. The stories may vary but the underlying premise is the same: get a large sum of money for doing something with little to no effort. Scammers have now added a new topic to their roster of lures: the cryptocurrency Bitcoin. The continued rise and fall (and rise and fall and…) of Bitcoins has captured ...