Friday, May 9, 2008

Digital Certificates Update

A quick update from the previous post.

The Digital Certificates spam campaign against Merrill Lynch continues, but the good guys seem to be recovering their lead. Of the 9 domain names used in the spam campaign last night:

876536784k.com
2376540m.com
1291logon.org
10000993m.com
374286434d.com
8447652a.com
1291logon.biz
1291logon.net
1291logon.com

only one was live when my morning report was run this morning.

2376540m.com

did load the web page shown in the previous blog entry, and attempted to download the file:

MLBusinessCentreCERTv6704.exe

but this time the download was detected by McAfee anti-virus and blocked as "Spy-Agent.bg"

Much better. We'll see if we can make 2376540m.com go away shortly.

No comments:

Post a Comment