tag:blogger.com,1999:blog-34422497.post3004664144641246610..comments2024-01-03T07:10:05.491-05:00Comments on Anurag Agarwals' Threat Modeling Blog: Malware installation attempt via phishingAnurag Agarwalhttp://www.blogger.com/profile/00132226679618654350noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-34422497.post-87688990707146239072008-03-24T03:13:00.000-04:002008-03-24T03:13:00.000-04:00I came across an interesting service lately. It's ...I came across an interesting service lately. It's a hosted behavioral analysis service for websites. You can sign up for free at http://hackalert.armorize.com<BR/>and specify the URL you want to scan. It also allows scheduled scans so basically if the web page is modified by hackers so that it will attempt to download executables or scripts to clients or attempts to redirect them to malicous URLsAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-34422497.post-42519899282685655642008-03-24T02:56:00.000-04:002008-03-24T02:56:00.000-04:00thanks for adding your experience to the post. Let...thanks for adding your experience to the post. Lets hope it helps someone :)Anurag Agarwalhttps://www.blogger.com/profile/00132226679618654350noreply@blogger.comtag:blogger.com,1999:blog-34422497.post-88682074853616080902008-03-23T20:20:00.000-04:002008-03-23T20:20:00.000-04:00I just received the BOA Cert notice. My suspicion...I just received the BOA Cert notice. My suspicions were arroused when I noticed the URL they reference was an HTTP rather than HTTPS. ALL security type data would ALWAYS be sent over a secured socket layer. Upon examining the source, I noticed that the destination URL was not the same as the published URL. There may very well be an http://direct-certs.bankofamerica.com/direct/certpickup.asp? Anonymousnoreply@blogger.com