Clik here to view.
Darkode leak
And you can thanks Nassef.http://lists.emergingthreats.net/pipermail/emerging-sigs/2012-August.txt I don't know if it's you who did this shitupaskitv1.org xylibox.biz krebsonsecurity.biz...
View ArticleClik here to view.
Clik here to view.
I Accidentally…
Another things, not new but don't want publish that.. till now...My first post was not an april fool, and not only 'nassef' was compromisedSince Brian burned the covers...
View ArticleClik here to view.
ppc.su Affiliate
Advert:I thought it was related to Beecoin, due to the design (know for FakeAV)According to TrendMicro BeeCoin generated US$123,475 in profit.But after some talk with the Affiliate owner seem ppc.su is...
View ArticleClik here to view.
Elite VPN Service
Elite VPN Service is a service advertised on underground forumSubscription list:Subscription configuration:VPN certs:
View ArticleClik here to view.
Phishing made easy, way too easy...
You just have to type 'scam pages' in Google and the first result is cool.Phishing, phishing!! See them everywhere.. Mr. HItman is well famous for making them..Paypal pack 'private'Letter...
View ArticleClik here to view.
Skimmers: NCR/Diebold/Wincor
Advert:Pictures:Some picture from the youtube video:Also remember this guys 'pUre' ?He published a photo of what he do:
View ArticleClik here to view.
System Care Antivirus
System Care Antivirus is a fake anti-spyware tool. It displays fake alert messages, prevent execution of legit programs and detects inexistent infections to scare users.It is a clone of AVASoft...
View ArticleClik here to view.
Phish a phisher
Everything started from a simple phishing mail as usual...And some traps who have do all the magic... i've phished the phisher.Some phishing pages on a compromised server:The guys behind these fishs is...
View ArticleClik here to view.
Fake carding shops
Nothing new here, just three forums used to scam stupid people like carders.It's always the same method: advertising via spam and to view the content you must pay a fee.Our first forum is a phpbb with...
View ArticleClik here to view.
getdumps.com Fake Carding shop and LR Curl scam script
Another (lame) and fake carding shop:• dns: 1 ›› ip: 94.215.213.31 - adresse: GETDUMPS.COMSpam:Dashboard: Paypal: Dumps: Cards:Ebay: Western Union transfer:SSH Server:RDP Server: SMTP:VPN:...
View ArticleClik here to view.
Cardingmaster.com carding shop
• dns: 1 ›› ip: 174.136.55.117 - adresse: CARDINGMASTER.COMMail:Let's destroy another shop.../home/cardingm/.lastlogin: 41.225.221.30Admin IP used on shop: 41.227.48.25Admin login:Dashboard:Edit...
View ArticleClik here to view.
Picebot pharming botnet
Nothing new here, just got the oportunity to force a Picebot panel recently.At MalwareIntelligence, Picebot was identified the 19 January 2013 by Ernesto, he have do later a post on his personal blog:...
View ArticleClik here to view.
Liberty Reserve Curl Scam script
Since i started to speak about fake carding shops and LR phishing, many requested me the scam script who start to become popular for an unknown reason.Alright... let's make it...
View ArticleClik here to view.
Off-sho.re and Darkode
In April i got a DDoS attack (lol, good luck to take down google)Nothing really high on my site, temari.fr suffered a bit, and i grabbed alot of weird referrers.Fun things: some pointed to winlocks...
View ArticleClik here to view.
Panel Control RëFF
RëFF is a Peruvian botnet, i've not found alot of informations about this, but that not the first time i see it.As Latin American botnets we can quote also vOlk, S.A.P.Z and PiceBOT.Double...
View ArticleClik here to view.
Pony 1.9 (Win32/Fareit)
Came across a Pony panel recently and the original one not the 'TF' version.Alright let's talk about Pony, the guys have some cool stats. The panel is on 95.170.83.145 and the sql server used by pony...
View ArticleClik here to view.
ProjectHook RAM Scrapper
ProjectHook is a RAM scrapper malware that someone sent me on ICQ.The malware cost 1k according to him, i'm not sure if it's this guys:MD5: a599836a7bbc68a5e712d48bb6319951 The original exe is packed...
View ArticleClik here to view.
Dump Memory Grabber / BlackPOS (Win32/Pocardler.A)
Having a look on another POS malware named by AV guys BlackPOS:MD5: cbd268e260bf40c25f1bff8b85e04e01The original exe is packed with UPX and have a size of (292 Kb)After unpacking the exe size is 754 Kb...
View ArticleClik here to view.
Infiltrating malware servers without doing anything
Today i was searching more samples of BlackPOS because this malware use FTP protocol.And knowing this, i was interested to crawl more panels but then i realised something...Why did i look only for...
View Article