The Russian Underground has been around (in an organized manner) since 2004, and has been used both as a marketplace and an information exchange platform. Some well-known centers of the Russian underground include zloy.org, DaMaGeLab, and XaKePoK.NeT. Initially, these forums were used primarily to exchange information, but their roles as marketplaces have become more prominent. Many parts of the Russian underground today are now highly specialized. A cybercriminal with ties to the right people no longer needs to create all his attack tools himself; instead ...

A few days ago, America Online, or AOL, confirmed that their mail service - AOL Mail - had been hacked, with the email addresses (allegedly only 1% of their entire customer base) either compromised and/or spoofed to send spam with links leading to phishing pages.  We combed through the Internet to look for samples of the phishing spam being sent, and they popped up readily in our searches. Figure 1. AOL Mail spam sample Figure 2. Second AOL Mail spam sample The spammed ...

Since news about Heartbleed broke out earlier this month, the Internet has been full of updates, opinions and details about the vulnerability, with personalities ranging from security experts to celebrities talking about it. Being as opportunistic as they are, cybercriminals have taken notice of this and turned the furor surrounding Heartbleed into lure for a spam attack. Figure 1. Heartbleed spam The spammed mail is a simple-looking one, as far as spam goes. The body is plain text, notifying the user about the ...

[caption id="attachment_59121" align="alignright" width="150"] How the Heartbleed bug works[/caption] In previous blog entries, we've discussed various aspects of the Heartbleed vulnerability in OpenSSL. Last Tuesday, our first blog post covered an analysis of the vulnerability itself, as well as some steps that IT administrators of affected systems could do in order to protect themselves. Later entries looked at how popular websites and mobile apps were, in their own ways, vulnerable to the threat. To help deal with the Heartbleed vulnerability, we've released several ...

In trying to gauge the impact of the Heartbleed vulnerability, we proceeded to scanning the Top Level Domain (TLD) names of certain countries extracted from the top 1,000,000 domains by Alexa. We then proceeded to separate the sites which use SSL and further categorized those under "vulnerable" or "safe." The data we were able to gather revealed some interesting findings. As of the moment, we see an overall percentage of around 5% in terms of sites affected by CVE-2014-0160. The TLDs with ...