Get short, timely messages from chris larsen.

Twitter is a rich source of instantly updated information. It's easy to stay updated on an incredibly wide variety of topics. Join today and follow @bc_malware_guy.

Get updates via SMS by texting follow bc_malware_guy to 40404 in the United States
Codes for other countries

Country	Code	For customers of
Two-way (sending and receiving) short codes:
Australia	0198089488 Telstra
Canada	21212 (any)
United Kingdom	86444 Vodafone, Orange, 3, O2
Indonesia	89887 AXIS, 3, Telkomsel
Ireland	51210 O2
India	53000 Bharti Airtel, Videocon
Jordan	90903 Zain
New Zealand	8987 Vodafone, Telecom NZ
United States	40404 (any)

bc_malware_guy

a gray-hat network using custom high-volume subdomain names as an SEO tactic: ow.ly/b3diG 10:33 AM May 21st via web
just finished reading Sophos whitepaper on Fake-AV evolution: ow.ly/b02d2 -- good stuff! 7:54 AM May 18th via web
mod up: great post from SecurityWeek looking at the black hat ecosystem behind Black Hole: ow.ly/b00my 7:37 AM May 18th via web
...and a complementary post from us, looking at the Fake-AV attack from a different angle: ow.ly/aZYh8 7:34 AM May 18th via web
mod up: nice blog post from sucuri on the big Fake-AV attack: ow.ly/aZZMB 7:33 AM May 18th via web
nice screenshot of a lazy-but-polite Bad Guy: ow.ly/aVvXI 9:50 AM May 15th via web
interesting #malware angle: ow.ly/aNT6r (wish more details were provided in the story; anyone know of a better write-up?) 10:41 AM May 9th via web
sometimes the Bad Guys' domain names are so junky even a computer can pick them out... (ow.ly/aDIMN) 4:28 PM May 1st via web
@jeromesegura - liked this post (blog.sparktrust.com/?p=921)... note that 0 VT detections on the java exploit is now up to 3 (Go AV guys!) 6:47 PM Apr 27th via web
blocked another 2000+ URLs in last 2 days in Fake-AV attack on domains on just one server (ow.ly/auGWt) - wild. 5:02 PM Apr 27th via web
lots of folks still being fooled by on-going SEP-driven Fake-AV attack: ow.ly/auGWt 3:01 PM Apr 24th via web
some stats from our logs in a look back at Flashback: ow.ly/apY83 12:00 PM Apr 20th via web
Tracking a big SEP/Fake-AV #malware campaign - ow.ly/a3Ye4 4:25 PM Apr 3rd via web
part 7 of recent Search Engine Poisoning (SEP) research (the most counterintuitive): "what about Big Event searches?" ow.ly/9HZ2R 2:07 PM Mar 16th via web
part 6 of recent Search Engine Poisoning (SEP) research is up ("what about image searches?"): ow.ly/9D5BY 8:25 AM Mar 13th via web
part 5 of Search Engine Poisoning (SEP) research is up ("what about celebrity searches?"): ow.ly/9yYXv 11:37 AM Mar 9th via web
shady domain name of the day: an SEP link-farmer at "farmen .isthebe .st" 4:50 PM Mar 8th via web
Part 4 of Search Engine Poisoning (SEP) research is up ("the most dangerous searches"): ow.ly/9xbQa 9:06 AM Mar 8th via web
malware domain name of the day: leprekon-stats .info (a bit early for St Patrick's Day tho...) 4:12 PM Mar 7th via web
Part 3 of blog post series on Search Engine Poisoning (SEP) research is now up (who is the safest search engine?): ow.ly/9wdr7 2:27 PM Mar 7th via web

Name chris larsen
Web http://www.blueco...
Bio Malware Researcher at Blue Coat Systems. Specializing in Web Vectors -- the links and networks used by malware distributors to infect people.