Research

Google, Mozilla and now Opera… Who’s next?

There have been several reports about malware hosted on Mozilla and Google code servers. Now we also found malware hosted on My Opera community servers. The screenshot below shows an example of this:

It’s a PHP based IRC botnet. Analyzing the code I found some evidences that it comes from Brazil.

We can see that criminals appreciate and actively use any and all available free web space.

Based on the statistics from one of our proactive web crawlers, I took a look at which free web hosts are most popular among criminals for uploading and spreading malware. The following graph shows the top 10 free web hosts used by criminals during the last 8 months:

Fileave is a really well known server for hosting tons of different kinds of malware. I noticed that some secure DNS providers block access to the domains listed above and show an alert message stating that these sites are known sources of phishing and malware.

So, what does that tell us? The usual – when you browse the internet always check links before clicking, and if the domain is suspicious, don’t. Just don’t click. And if you’re owner of a web site, make sure to secure your server properly to prevent the criminals from compromising it easily.

Google, Mozilla and now Opera… Who’s next?

Your email address will not be published. Required fields are marked *

 

Reports

GhostEmperor: From ProxyLogon to kernel mode

While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. With a long-standing operation, high profile victims, advanced toolset and no affinity to a known threat actor, we decided to dub the cluster GhostEmperor.

APT trends report Q2 2021

This is our latest summary of advanced persistent threat (APT) activity, focusing on significant events that we observed during Q2 2021: attacks against Microsoft Exchange servers, APT29 and APT31 activities, targeting campaigns, etc.

LuminousMoth APT: Sweeping attacks for the chosen few

We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.

Subscribe to our weekly e-mails

The hottest research right in your inbox