[ Product News ] 21 September, 2010 16:46


    Weeks eariler, we saw Google Code are misused by putting malware on it, now we also observed the spammer take advantages of people's trust for big company to redirect the URL inside the spam mail.

    A spam mail contains a URL link toward the Yahoo Groups, people usually trust the big companies, and then people visit the website of Yahoo. Since the group is configured as open, the spammer hints user to follow the links on the web page. And evently, user is redirected to Canada Pharmacy web site.

   Attacker and spammer now learned how to utilize free internet services as their hopping site.

 By AegisLab

[ Product News ] 17 September, 2010 11:44

-- Update in 2010-09-23 --

    With non-stop tracking of "invisiblebert.in", we found more vulnerable site but the detection rate is still very low. One victim is "hxxp://www.yio-shen.com.tw" which has more than 300 pages are polluted with SEO redirections.

    "invisiblebert.in" has low detection 6% (1/17) today, but Lionic blocked it from 2010-09-12.

    The final downloaded malware also has low detection rate 23.3% (10/43) in VT. ( http://www.virustotal.com/file-scan/report.html?id=333d5781ac3c0ed80cc76c8e8f94fc395aee2a64eba87eb436712f79e5bc4559-1285221104 )


 -- Orignally post in 2010-09-17 --

    AegisLab, security research group of Lionic Corp., constantly monitors the SEO based malicious web pages, which usually lead to drive-by-download, fake AV, scare-ware, online drug stores and etc. With our special technology and effort in discovery of SEO(Search engine optimization) based attack, we found new vulnerable site and new attack path today. The downloaded malware has very low detection rate, and the attack path is never discovered by other malicious URL database. But we discovered similiar attack path 4 days before and added it into our blacklist already.


    Here we disclose an attack path as the example.


[search] http://google.com (with popular keywords)

[root] hxxp://model.win-e.com.tw/images/model/school1.php   [PageRank:1]
  [script] hxxp://invisiblebert.in/search/search.php
   [script] hxxp://
    [script] hxxp://
      [script] hxxp://


[ Product News ] 16 September, 2010 17:27


    Today, we formally release the signatures to block AD in Youtube player screen. Lionic’s MiniGuard can set easily to block the advertisement on Youtube, and the snapshot of MiniGuard setting page is shown as below. It provides a very friendly user interface for configuration.

     “Lionic’s application guard offers a useful and convenient mechanism for Youtube Ads. We assist the user to block any annoying advertisements when they are watching a movie on Youtube. It’s been integrated and could be demonstrated by our reference design-MiniGuard. After a simple settings, users can easily have a nice experience in browsing YouTube. ” Mr. Eric Lu, CEO of Lionic commented.     Lionic is keep researching & developing the more user-friendly features on our Miniguard, and always plan ahead to think what features can benefit users and also provide the best applications for uses’ internet life. 


 [Eariler post in 2010-09-10]

     In past days, our customers complained Youtube displayed the advertisement in the movie canvas. It will occupy around one of fifth of the screen, and more annoying compared with advertisement put on elsewhere. See below figure.

      Even though Youtube provides some accout setting for user to turn on/off playing advertisement, but user seldom tweak the settings. Also, for anonymous user, there is no option to deal with it.

      Now, AegisLab will release a set of signature that can deploy in the gateway devices, all users under the gateway device with policy enabled is free from Youtube AD, oh yes!!


By AegisLab 

«Previous   1 2 3