Spoof

Dec 13th

Posted by admin in Spoof

Welcome to Spoof Assassin! A decade ago e-mail was the vehicle to communicate online for a variety of  topic such as sending messages to family, advertising to clients, finding opportunities etc.. It was great: No phone bill, No stamps and lots of speed.
Now, Spam became a problem, as programmers designed robots to collect e-mail addresses [...]

BLOCKBUSTER Spoofer

Dec 31st

Posted by admin in Spoof

No comments

Spoofer posing as BLOCKBUSTER Movies.

Return-Path: <714018148@return.snipolivefield.com>
Received: from mtain-mb04.r1000.mx.aol.com (mtain-mb04.r1000.mx.aol.com [172.29.96.24]) by air-dg07.mail.aol.com (v126.13) with ESMTP id MAILINDG071-5f3a4b3b84ef345; Wed, 30 Dec 2009 11:50:55 -0500
Received: from 99.51.83.172.generaldns.com (99.51.83.172.generaldns.com [99.51.83.172])
by mtain-mb04.r1000.mx.aol.com (Internet Inbound) with ESMTP id 537CA3800009A
for ; Wed, 30 Dec 2009 11:49:27 -0500 (EST) DomainKey-Signature: q=dns; a=rsa-sha1; c=nofws;
s=default; d=snipolivefield.com;
h=DKIM-Signature:Received:Date:From:To:Message-id:Mime-Version:Subject:X-Ver:X-CampaignDetail:X-Edata1:X-Log:Errors-To:List-Unsubscribe:Content-Type;
b=BJZlYqtgmlHQYQpU5uJF1RpjUZpAvADO0KPLsHTfkNi0MXsny0oRj8YN36Q+4Poj
AK+vMTYrDaqwSUtQ8zLtE+JyLxuYvXL72J0fm3IVYcN+UUfyYw/irAp47GDYHLRl
DKIM-Signature: v=1; a=rsa-sha1; d=snipolivefield.com; s=default; c=simple/simple;
q=dns/txt; i=@snipolivefield.com; t=1262191592;
h=From;
bh=J6bbXClJ0LuyAT+xyqa6WJ8S0Z0=;
b=m+9R0eX9WpObZwGEkyBdQQWPMZH4OEgyQFhXoaIEq760u0L284p30FoKwhHcRTqc
1iyPAA0iZj5sYIZ8JnXJVdmFWUmEMDUWdYe9Vg4H7kmChl5+OEg5XU6DewbFIkcZ;
Received: from [...]

, , ,

FBI Spoofer

Dec 31st

Posted by admin in Spoof

No comments

Another spoofer trying to make a comeback during these times:
This Character is trying to disguise himself as Hi5 and the FBI at the same
time, but he is sending it from AOL. Not all messages are this easy to spot. Not
only do I hope that his IP is attacked, but that the FBI also get a [...]

, , , ,

Gumblar

Dec 26th

Posted by admin in Dangerous

No comments

Gumblar Virus Description
Gumblar is malicious software that is known to steal FTP
credentials from a victim’s computer allowing remote users to access a
webmasters website to import malicious scripts. Gumblar infects php, html and js
website files. Affected users are known to be redirected to malicious websites
through Google search engine result pages that return the results of infected
websites. [...]

,

Hack & Brute Force 25 Dec 2009

Dec 26th

Posted by admin in Malicious Hackers

No comments

All IP’s below are using root as a
username and system as a password
12.54.112.27
114.247.0.81
125.215.160.10
c-83-233-149-162.cust.bredband2.com
124.205.2.179
s0106001ee59d7347.ed.shawcable.net
102-195-018-212.ip-addr.teresto.net
173-11-128-161-houston.txt.hfc.comcastbusiness.net
59.108.230.130
Even on Christmas day, these knuckle heads are still pursuing to break in.
If they happen to pass by your way: Block Them Quickly

Un Wanted SPAM

Dec 20th

Posted by admin in Spam

No comments

Most well seasoned internet users know that not all SPAM are intentional, but the trick is common.
A spammer is paid by a client to send out ads, but they don’t really have a good self-developed list of their own, so they would use your e-mail address to send these ads. Now here something that has [...]

Hack & Brute Force 19 Dec 2009

Dec 20th

Posted by admin in Malicious Hackers

No comments

If you like to research these IP’s you’re welcome. These are rotatin IP’s which are leased, used and then thrown away to prevent detection. No rules barred in what you do with them.
Brutes (Excessive Login Failures)
failed login attempts to account test (system) — Large number of attempts from this IP:  89.208.146.115
failed login attempts to account [...]

Hack & Brute Force 13 Dec 2009

Dec 14th

Posted by admin in Malicious Hackers

No comments

The IP’s and domains below are rotating IP’s (These guys attack daily)
2 failed login attempts to account root (system) — Large number of attempts from this IP: ppp91.zhongshan.gd.cn
2 failed login attempts to account root (system) — Large number of attempts from this IP: ezwebprohosting.com
2 failed login attempts to account root (system) — Large [...]