RSS Alerts

Share

More services

Rick Robinson

Job title:
CTO and vice president, eSoft

Areas of expertise:
Applied cryptography, PKI, identity and access management (authentication, authorization, and auditing), secure data transport, and system hardening and protection

Biography:
Rick Robinson has over ten years of experience in the computer security sector, including development of secure embedded computers, secure remote access, secure networking design, and secure system architecture. Throughout his career, he has regularly worked with Fortune 500 customers, providing security strategy and guidance. Robinson is a recipient of the prestigious Avaya Labs Cup Award and has been named on four USPTO patents in the area of computer security with additional USPTO application submissions in process. He possesses CISSP and ISSAP certifications from (ISC)2. In addition, he is an IEEE Senior Member, Past-Chair of the IEEE-Denver Section, Member of IEEE Security and Privacy Society, Member of the IEEE Computer Society, and Member of the IEEE Critical Infrastructure Protection Committee. Robinson holds BS and MS degrees in electrical engineering from Montana State University with an emphasis in computer engineering, and is completing his Executive MBA from the University of Colorado.

Tag Cloud

WiFiMalwareCybercrimeCompliancehackingcloudSecurityWiFi Security

Bloggers

Blog

Blackhats Unleash Fake Blog Campaign Spreading Rogue AV

In September, eSoft reported as many as 720,000 compromised sites hosting fake blog pages and being used to distribute rogue anti-virus programmes. Many of these sites are still active and continue to plague searches with malicious results.

Earlier today, Cyveillance issued this report of a nearly identical attack with over 260 000 dangerous URLs prompting the Threat Prevention Team to revisit this threat.

Between the newly reported Cyveillance URLs and additional URLs discovered by eSoft, there are now well over 800 000 active URLs matching this pattern. Surprisingly, Google only detects a small portion of these sites as malicious.

The key to this scheme is javascript uploaded to the compromised server and used in the fake blog pages. Using this technique allows the attackers to quickly and easily change distribution points and payloads. The current payloads have low detection rates among AV scanners.

The eSoft Threat Prevention Team is tracking this threat, flagging associated domains into their appropriate security categories. More information on this threat can be obtained on the eSoft ThreatCenter Blog.

Posted 18/11/2009 by Rick Robinson

Tagged under:web security,compromised sites,rogue AV,malware

Comment on this blog

You must be registered and logged in to leave a comment about this blog.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012