Draft:Dancho Danchev

Submission declined on 8 February 2024 by Paul W (talk). This submission's references do not show that the subject qualifies for a Wikipedia article—that is, they do not show significant coverage (not just passing mentions) about the subject in published, reliable, secondary sources that are independent of the subject (see the guidelines on the notability of people). Before any resubmission, additional references meeting these criteria should be added (see technical help and learn about mistakes to avoid when addressing this issue). If no additional references exist, the subject is not suitable for Wikipedia. This submission appears to read more like an advertisement than an entry in an encyclopedia. Encyclopedia articles need to be written from a neutral point of view, and should refer to a range of independent, reliable, published sources, not just to materials produced by the creator of the subject being discussed. This is important so that the article can meet Wikipedia's verifiability policy and the notability of the subject can be established. If you still feel that this subject is worthy of inclusion in Wikipedia, please rewrite your submission to comply with these policies. If you would like to continue working on the submission, click on the "Edit" tab at the top of the window. If you have not resolved the issues listed above, your draft will be declined again and potentially deleted. If you need extra help, please ask us a question at the AfC Help Desk or get live help from experienced editors. Please do not remove reviewer comments or this notice until the submission is accepted. Where to get help If you need help editing or submitting your draft, please ask us a question at the AfC Help Desk or get live help from experienced editors. These venues are only for help with editing and the submission process, not to get reviews. If you need feedback on your draft, or if the review is taking a lot of time, you can try asking for help on the talk page of a relevant WikiProject. Some WikiProjects are more active than others so a speedy reply is not guaranteed. How to improve a draft Wikipedia:Contributing to Wikipedia – a basic overview on how to edit Wikipedia. Help:Wikitext – how to use the markup Help:Referencing for beginners – how to include references Wikipedia:Article development – how to develop your article Wikipedia:Writing better articles – how to improve your article Wikipedia:Verifiability – make sure your article includes reliable third-party sources You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article. Improving your odds of a speedy review To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags. Add tags to your draft Editor resources Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL Easy tools: Citation bot (help) | Advanced: Fix bare URLs Declined by Paul W 4 months ago. Last edited by Ahsks873 4 days ago. Reviewer: Inform author. Resubmit Please note that if the issues are not fixed, the draft will be declined again.

Submission declined on 2 November 2023 by Vanderwaalforces (talk). This submission's references do not show that the subject qualifies for a Wikipedia article—that is, they do not show significant coverage (not just passing mentions) about the subject in published, reliable, secondary sources that are independent of the subject (see the guidelines on the notability of people). Before any resubmission, additional references meeting these criteria should be added (see technical help and learn about mistakes to avoid when addressing this issue). If no additional references exist, the subject is not suitable for Wikipedia. Declined by Vanderwaalforces 7 months ago.

• Comment: Subject may be notable, but article needs substantial editing to remove the promotional tone (needs to be factual and neutral - see WP:NPOV - the first two paragraphs of the biography section should be immediately deleted for a start), and to present the subject's life/career in a more chronological order up to the present day. Paul W (talk) 14:11, 8 February 2024 (UTC)

• Comment: Currently source does not cover him significantly, please see WP:SIGCOV. Vanderwaalforces (talk) 13:42, 2 November 2023 (UTC)

---

Danchev photo

Danchev Danchev (Данчо Данчев) (born November 22, 1983) is a Bulgarian cyber security researcher, journalist and blogger. Born in Sofia, he now lives in Troyan.

Biography

Danchev is an influential figure in the world of cybersecurity. With his extensive knowledge and experience he has made significant contributions to this field. One of his key contributions to cyber security is his role in uncovering and analyzing new cyber threats. He has a keen ability to identify emerging trends and techniques used by threat actors, which has helped organizations stay one step ahead in protecting their systems and data.

Dancho Danchev has pioneered his own methodology for processing threat intelligence leading to a successful set of hundreds of high-quality analysis and research articles published at the industry's leading threat intelligence blog - ZDNet's Zero Day, Dancho Danchev's Mind Streams of Information Security Knowledge and Webroot's Threat Blog with his research featured in Techmeme, ZDNet, CNN, PCWorld, SCMagazine, TheRegister, NYTimes, CNET, ComputerWorld and H+Magazine.

He's been active on Twitter^[1], LinkedIn^[2] and Facebook^[3] and has made all of his research throughout the years publicly accessible on the Internet Archive^[4].

He has presented at RSA Europe 2012^[5], CyberCamp 2016 in Spain^[6], InfoSec 2012 in London, GCHQ^[7] in Cheltenham and Interpol^[8] in Lyon, France.

Danchev has been an active security blogger since 2007. He is a cybersecurity researcher and a WhoisXML API threat researcher.^[9][10][11] He is known for reporting on the Chinese hacktivist attack on CNN in 2008, with additional reports on the Operation Ababil attack on Wells Fargo U.S. Bank and PNC Bank and the New York Times advertisement attack in 2009.^[12]

At ZDNet’s Zero Day blog, he co-wrote articles and analyses on East European criminal activity and online scams. Danchev’s research often focused on cyber terrorism activities of terrorist groups and monitoring the activities of the Koobface worm which targeted users of social networking sites, including Facebook.

He then started working for Webroot.^[13] In 2021 he started^[14] working for CyberNews.

Danchev went missing in 2011, according to reports, after his blog post on the collection of his research on terrorist organizations' use of the internet for jihad.^[15] With help from the security community and security professionals he then resurfaced^[16] in January 2011.

Key career points

Trojan information database

• Presented at the GCHQ with the Honeynet Project^[17]
• SCMagazine Who to Follow on Twitter for 2011
• Participated in a Top Secret GCHQ Program called "Lovely Horse"^[18]
• Identified a major victim^[19] of the SolarWinds Attack - PaloAltoNetworks
• Found malware^[20] on the Web Site of Flashpoint^[21]
• Tracked monitored and profiled the Koobface Botnet^[22] and exposed one botnet operator
• Made it to Slashdot^[23] two times^[24]
• His personal blog got 5.6M page views since December, 2005
• His old Twitter Account got 11,000 followers^[25]
• He had an average of 7,000 RSS readers on my blog
• He had his own vinyl "Blue Sabbath Black Cheer / Griefer – We Hate You / Dancho Danchev Suck My Dick"^[26] made by a Canadian artist
• He's currently running Astalavista.box.sk
• Listed as a major competitor by Jeffrey Carr's Taia Global

Early teenage hacker years

His first teenage hacker group which he created and worked alone was called S1F^[27] (Sekurity is Futile). He is also known to have been moderating Blackcode Security Raver's^[28] newsletter^[29]. He originally began writing security and hacking articles which were published on NewOrder^[30]. During that time he was also writing articles for Frame4 Security Systems where he wrote the infamous "The Complete Windows Trojans Paper"^[31] including WindowSecurity.com^[32] and was running an information security section at HiComm Bulgaria a popular technology magazine. He also contributed an article for CIO.bg^[33]. He was also a member of different H/C/P/A (Hacking/Cracking/Phreaking/Anarchy) groups at the time. His first commercial position was at the anti-trojan vendor DiamondCS's Trojan Defense Suite where he assisted in the building of the Trojan Information Database^[34]. He later bought the software copyright and sold it to LockDownCorp which was a competing anti-trojans vendor where he started working at on his way to collect malicious software releases and improve the vendor's market position as a leading anti-trojans vendor. He continued his work on the Trojan Database^[35] and began producing detailed information on various malicious software releases that he was collecting as part of his work.

Education

Danchev studied in Vasil Levski Secondary School in Troyan, Bulgaria and later in The Netherlands at Hogschool Zuyd in Sittard, and Hogeschool In Holland in Rotterdam.^{[citation needed]}

Work career

InfoSec

Danchev is known to have been moderating DiamondCS's Trojan Defense Suite newsletter in 1999.^[36] He then joined the Netherlands-based company Frame4 Security Systems where he wrote the infamous "The Complete Windows Trojans Paper". He then worked for TechGenix's^[37] WindowSecurity.com where he wrote "Building and Implementing a Successful Information Security Policy" paper. Danchev is known to have been running Astalavista Security Group's Astalavista.com^[38] in 2003 Web site and Astalavista.box.sk Web site in 2021. He presently works at WhoisXML API as a DNS Threat Researcher.

He is known to have worked at the following companies and organizations:

• 1999 - DiamondCS
• 2000 - LockDownCorp
• 2002 - Frame4 Security Systems

• 2003 - TechGenix
• 2003 - ASTALAVISTA IT Engineering GmbH^[39]
• 2008 - ZDNet
• 2012 - Webroot
• 2014 - Wandera
• 2017 - GroupSense
• 2018 - KCS GROUP EUROPE LIMITED
• 2019 - Treadstone 71
• 2019 - Armadillo Phone
• 2020 - Astalavista.box.sk
• 2021 - WhoisXML API

He has also contributed to ITSecurity.com's Security Clinic^[40] and was a newsletter moderator at Blackcode Ravers^[41].

Disappearance

Hitman request for Danchev on the Darkode forum

In September 2010, Danchev went missing under mysterious circumstances amid concerns about his safety. Prior to his disappearance, he had expressed concerns about surveillance by Bulgarian law enforcement and intelligence services. Despite efforts to contact him through various means, including phone and email, he could not be reached. ZDNet published a letter and photos he had sent, seeking information on his whereabouts. While anonymous sources indicated he was alive but facing difficulties, the exact details of his disappearance remain unknown.^[15]

According to Internet Anthropologist^[42] who tried to track him and find out using his law enforcement contacts his legal contact in Sofia Bulgaria told him that he was in a psychiatric clinic as his mother requested the hospitalization due to his belief that he was under surveillance. The same information was confirmed by Krypt3ia^[43] and Threatpost who approached a press officer^[44] at the U.S. Embassy in Sofia, Bulgaria who told him that they were unaware of his case, but would look into reports of his arrest. The hospital where Danchev was held confirmed that he will be released^[45] within four or six weeks but declined to comment. He sent an email letter^[46] describing the situation to a colleague prior to his disappearance just in case something might happen including a photo of a supposed surveillance device in his bathroom.

In 2013 the infamous Darkode forum got breached and based on public information by the ones who breached it there was a Hitman request^[47] for Danchev Danchev in the forum.

This was covered by Slashdot,^[48] ZDNet,^[49] CSO Online,^[50] SC Magazine,^[51] Gizmodo,^[52] Gawker,^[53] PC Mag,^[54] Techdirt^[55] and TG Daily.

Cybercrime Underground

Phoenix exploit kit

The numerous occasions Danchev's work and research has been quoted and referenced by Russia based cybercriminals and cybercrime gangs.

• Dancho Danchev and Brian Krebs got married message^[56]
• Koobface Botnet C&C channel referencing him in the network communication^[57]
• SpyEye blog post referencing him^[58]
• Darkode Leak mentioning his kidnapping and Ivan Kaspersky's kidnapping^[59]
• U.S Treasure Department web site redirected to his personal Blogger profile^[60]
• Scareware serving campaign using a message referencing him^[61]

Astalavista.com

Astalavista.com

Danchev is known to have been running Astalavista Security Group's Astalavista.com^[62] in since 2003. He was responsible for producing the monthly security newsletter.^[63]

He has interviewed the following people from the security industry and the Scene.

• Proge — http://www.progenic.com/
• Jason Scott — http://www.textfiles.com/
• Kevin Townsend — http://www.Itsecurity.com/
• Richard Menta — http://www.bankinfosecurity.com
• MrYowler — http://www.cyberarmy.net/
• Prozac — http://www.astalavista.com/
• Candid Wuest — http://www.trojan.ch/
• Anthony Aykut — http://www.frame4.com/
• Dave Wreski — http://www.linuxsecurity.com/
• Mitchell Rowtow — http://www.securitydocs.com/
• Eric (SnakeByte) — http://www.snake-basket.de/
• Björn Andreasson — http://www.warindustries.com/
• Bruce — http://www.dallascon.com/
• Nikolay Nedyalkov — http://www.iseca.org/
• Roman Polesek — http://www.hakin9.org/en/
• John Young — http://www.cryptome.org/
• Eric Goldman — http://www.ericgoldman.org/
• Robert — http://www.cgisecurity.com/
• Johannes B. Ullrich — http://isc.sans.org/
• Daniel Brandt — http://google-watch.org/
• David Endler — http://www.tippingpoint.com/
• Vladimir, 3APA3A — http://security.nnov.ru/

Astalavista.box.sk

In 2020 Danchev announced the official re-launch^[64] of the infamous Astalavista.box.sk hacking search engine web site with a forum community targeting security experts and hackers.

On April 7, 2021, an article was published on Medium.com^[65] by Dancho Danchev stating that the site is back up and running. Danchev has released several versions of the web site.^[66][67][68]

Koobface botnet

dancho danchev

In October 2009 the gang redirected Facebook's Internet Protocol (IP) netspace^[69] to his blog.

In February 2010 Danchev posted an article called "10 things you didn't know about the Koobface gang"^[70] where he discussed some of the key aspects of the Koobface botnet. In May 2010 the group responded^[71] to his article in a step by step fashion response within the source code of all the malware-infected hosts that were distributing the malicious software.

In January The Register released^[72] an article stating that five Koobface gang suspects were named by The New Times^[73] following Danchev's investigation.

In January 2012 Danchev gave an interview^[74] to DW where he discussed his findings into the Koobface botnet.

In February 2012 Danchev posted an OSINT (Open Source Intelligence) analysis called "Who's Behind the Koobface Gang?"^[75] where he provided personally identifiable information on one of the botnet masters behind the Koobface botnet.

2008 Developments

koobface botnet

In 2006 he released his Malware Future Trends^[76] paper where he also presented his findings on the current and future trends of malicious software. He also elaborated on the fact that TrendMicro's^[77] web site got infected with malware including the fact that the United Nations^[78] web site was susceptible to a SQL injection flaw.

He also offered in-depth coverage on the rise of the Storm Worm^[79] botnet. He also found that the Whitehouse.org^[80] web site was serving malware. He also found a malware campaign that's exploiting a Flash zero day^[81] flaw. He also did some research on the GPCode^[82] malicious software. He also offered insights into the DNS hijacking of PhotoBucket^[83] by Turkish hacktivists. He also uncovered that the infamous ZeuS^[84] crimeware kit was vulnerable to a zero day flaw. He also provided an analysis into the mass web site defacement by Russian hackers of over three hundred Lithuanian^[85] web sites.

He was also featured in Computerworld on Russia's^[86] cyber militia mobilizing itself to attack Georgia. His research into a Facebook^[87] themed phishing campaign also got featured on Wired. His research on a fake Microsoft Patch Tuesday^[88] email spam campaign delivering malware was also featured in CNET. He was also among the first security researchers to raise awareness on a mass cyber attack involving abuse of input validation^[89] flaws on thousands of legitimate Web sites which was featured in Computerworld.

He also offered an insight into how hackers took Comcast.net^[90] offline which was featured in InfoWorld.

His research on a recently exploited Adobe Flash^[91] zero day vulnerability was also featured in Securityfocus. He also offered insights into the U.S Air Force^[92] efforts to build an offensive botnet and was featured in CNET. His research into the Storm Worm^[93] botnet was also featured in CNET. His research into India's CAPTCHA^[94] solving economy was also featured on BoingBoing.

2009 Developments

In 2009 Dancho Danchev was referenced three times in Foreignpolicy^[95] on his findings of a fake Russia based gas company that was facilitating cybercrime activities including a reference on his research into ransomware^[96] using mobile payments and a reference for his research into DDoS^[97] attacks. He was also featured in The Register^[98] with his research on what he described as the "Ukrainian Fan Club" with his research emphasizing on the connection between the scareware attack campaign on the web site of the NYTimes and the click fraud botnet known as the Bahama botnet. He was also featured in a separate article in InfoWorld^[99] on the topic of the "Ukrainian Fan Club" where his research established a connection between the cybercrime gang and an active scareware distributing campaign. His research on Iran's cyber attack campaigns was also featured in PCWorld^[100].

Interviews

Danchev is known to have given an interview to Russian OSINT^[101]. Danchev is also known to have given an interview to LinuxSecurity.com^[102].

Research achievements

cyber wars

• Danchev is known to have participated in a Top Secret GCHQ Program to monitor hackers online based on a document part of Edward Snowden's archive.^[103]
• Danchev is known to have discovered a major SolarWinds supply chain attack victim which is PaloAlto Networks.^[104]
• Danchev is also known to have contributed to research involving the Avalanche and the Mumba botnets.^[105]
• Danchev is known to have contributed to the use of search engines by Cyber Criminals in the context of blackhat SEO (search engine optimization) and malicious search engine results poisoning research.^[106]
• Danchev is known to have contributed research on the Luthuanian cyber attacks and the Russia vs Georgia cyber attacks.^[107]
• Danchev is known to have been running and maintaining the "Diverse Portfolio of Fake Security Software" blog posts on scareware blog posts series.^[108]

Awards

• Jessy H. Neal Award for Best Blog for ZDNet's Zero Day Blog in 2010^[109]
• SCMagazine Social Media Award for "Five to Follow on Twitter" in 2011^[110]

External links

Danchev Danchev's Blog

Gallery

• 
  cyber camp
• 
  cyber camp 01
• 
  cyber security talks
• 
  cyber camp 02
• 
  rsa europe

References

1. "Twitter". Twitter. Retrieved 2024-04-25.
2. "LinkedIn". LinkedIn.com.
3. "Facebook". Facebook. Retrieved 2024-04-25.
4. "Archive.org". Archive.org. Retrieved 2024-04-25.
5. "Cyber Jihad vs Cyberterrorism - Separating Hype from Reality". Speakerdeck. Retrieved 2024-04-25.
6. "Exposing Koobface - The World's Largest Botnet". Speakerdeck. Retrieved 2024-04-25.
7. "Who's Who in Cybercrime for 2007?". Speakerdeck. Retrieved 2024-04-25.
8. "Exposing the Dynamic Money Mule Recruitment Ecosystem". Speakerdeck. Retrieved 2024-04-25.
9. "Who Could Be Behind the Latest GitHub-Hosted Malware Infrastructure?". circleid.com. Retrieved 2023-07-17.
10. "Koobface Makes a Comeback". circleid.com. Retrieved 2023-07-17.
11. "Predator Surveillance Software May Not Be Lawful at All". circleid.com. Retrieved 2023-07-17.
12. "Hackers expand massive IFRAME attack to prime sites". NetworkWorld. Archived from the original on 2020-10-20. Retrieved 2023-07-17.
13. "Welcome to the team, Dancho!". Webroot Blog. 5 January 2012. Retrieved 2024-01-25.
14. "Dancho Danchev". Cybernews. Retrieved 2024-01-26.
15. Zetter, Kim. "Security Researcher, Cybercrime Foe Goes Missing". Wired. ISSN 1059-1028. Retrieved 2023-07-17.
16. "Dancho Danchev returns". SCMagazine. 21 January 2011. Retrieved 2024-01-26.
17. "Who's Who in Cybercrime for 2007?". Speakerdeck. Retrieved 2024-04-25.
18. "Lovely Horse" (PDF). Cryptome. Retrieved 2024-04-25.
19. "Robust Indicators of Compromise for SUNBURST". Netresec. 11 January 2021. Retrieved 2024-04-25.
20. "After-Action Report: Flashpoint Remediation of 0-Day Exploit on Our Public-Facing Website". Flashpoint. 22 April 2019. Retrieved 2024-04-25.
21. "Flashpoint: Our site was not dishing malware". SCMagazine. 23 April 2019. Retrieved 2024-04-25.
22. "Dancho Danchev unmasks man behind the Koobface Botnet". CSO Online. Retrieved 2024-04-25.
23. "The Strange Disappearance of Dancho Danchev". Slashdot. 14 January 2011. Retrieved 2024-04-25.
24. "Future Trends of Malware". Slashdot. 11 January 2006. Retrieved 2024-04-25.
25. "Twitter". Twitter. Archived from the original on 2015-01-23. Retrieved 2024-04-25.
26. "Blue Sabbath Black Cheer / Griefer – We Hate You / Dancho Danchev Suck My Dick". Discogs. Retrieved 2024-04-25.
27. "Security is Futile - For All of Your Security Needs". LDProxy.com. Archived from the original on 2001-02-08.
28. "BC-Newsletter-1.zip". Packetstormsecurity.com.
29. "black2.zip". Packetstormsecurity.com.
30. "The Maniac". Neworder.box.sk. Archived from the original on 2003-11-26.
31. "The Complete Windows Trojans Paper". Frame4 Security Systems. Archived from the original on 2006-05-10.
32. "Dancho Danchev". WindowSecurity.com. Archived from the original on 2015-04-27.
33. "Кибертероризмът и кибервойните – до колко реален е проблемът?". CIO.bg (in Bulgarian). Archived from the original on 2009-06-20.
34. "tlibrary.zip". Packetstormsecurity.com.
35. "Trojan Information Database". LockDownCorp. Archived from the original on 2004-01-04.
36. "Trojan Defense Suite". DiamondCS. Archived from the original on 1999-10-12.
37. "Dancho Danchev". TechGenix. Retrieved 2024-01-26.
38. "Team Astalavista Group". Astalavista.ch. Archived from the original on 2004-02-16.
39. "Team Astalavista Group". Astalavista.ch. Archived from the original on 2004-02-16.
40. "Dancho Danchev". ITSecurity.com. Archived from the original on 2004-06-01. Retrieved 2024-04-25.
41. "Blackcode". Blackcode. Archived from the original on 1999-11-27. Retrieved 2024-04-25.
42. "Dancho Danchev Missing". Internet Anthropologist Think Tank. Archived from the original on 2011-01-20. Retrieved 2024-04-25.
43. "The NRS, Dancho Danchev, and A Beautiful Mind". Krypt3ia. 17 January 2011. Retrieved 2024-01-26.
44. "ZDNet Security Blogger Goes Missing in Bulgaria". Threatpost. 14 January 2011. Retrieved 2024-01-26.
45. "Dancho Danchev: Missing cybersecurity expert". SCMagazine. 20 January 2011. Retrieved 2024-01-26.
46. "Cybercrime Blogger Resurfaces After Mysterious Disappearance". Gizmodo. 21 January 2011. Retrieved 2024-01-26.
47. "Darkode Repository". Cybercrime Tracker. Retrieved 2024-01-26.
48. "The Strange Disappearance of Dancho Danchev". Slashdot. 14 January 2011. Retrieved 2024-01-27.
49. "We need help with the strange disappearance of Dancho Danchev". ZDNet. Retrieved 2024-01-27.
50. "Update on Dancho Danchev". CSO Online. Retrieved 2024-01-27.
51. "Dancho Danchev: Missing cybersecurity expert". SC Magazine. 20 January 2011. Retrieved 2024-01-27.
52. "ZDNet Blogger Disappears Mysteriously in Bulgaria". Gizmodo. 14 January 2011. Retrieved 2024-01-27.
53. "Cybercrime Blogger Vanishes After Finding Tracking Device In His Bathroom". Archived from the original on 2011-01-16.
54. "ZDNet Security Blogger Mysteriously Disappears". PC Mag. 14 January 2011. Retrieved 2024-01-27.
55. "Bulgarian Security/Cybercrime Researcher Missing For Months". Techdirt. 14 January 2011. Retrieved 2024-01-27.
56. "Krebs, KrebsOnSecurity, As Malware Memes". Krebsonsecurity.com. 22 May 2013. Retrieved 2024-04-25.
57. "The Heart of KOOBFACE C&C and Social Network Propagation" (PDF). Kaspersky.com. p. 25. Retrieved 2024-04-25.
58. "SpyEye, ZeuS Users Target Tracker Sites". Krebsonsecurity.com. 9 March 2011. Retrieved 2024-04-25.
59. "Dancho Danchev". Darkode Cybercrime Tracker. Retrieved 2024-04-25.
60. "U.S. Treasury Site Compromise Linked to the NetworkSolutions Mass WordPress Blogs Compromise". Dancho Danchev's Blog - Mind Streams of Information Security Knowledge. 4 May 2010. Retrieved 2024-04-25.
61. "From Ukrainian Blackhat SEO Gang With Love - Part". Dancho Danchev's Blog - Mind Streams of Information Security Knowledge. 9 June 2009. Retrieved 2024-04-25.
62. PC Mag. Ziff Davis. 2005. p. 73. ISSN 0888-8507.
63. "Astalavista". Packetstormsecurity. Retrieved 2024-01-26.
64. "Astalavista.box.sk". Astalavista.box.sk. Archived from the original on 2020-03-13. Retrieved 2024-04-25.
65. "Astalavista.box.sk — We're Back! Introducing the World's first search engine for hackers!". Medium. 7 April 2021.
66. "Astalavista.box.sk". Astalavista.box.sk. Archived from the original on 2020-05-07.
67. "Astalavista.box.sk". Astalavista.box.sk. Archived from the original on 2021-03-03. Retrieved 2024-04-25.
68. "Astalavista.box.sk". Astalavista.box.sk. Archived from the original on 2021-03-03. Retrieved 2024-04-25.
69. "Koobface Botnet Redirects Facebook's IP Space to my Blog". Dancho Danchev's Blog - Mind Streams of Information Security Knowledge. 21 October 2009. Retrieved 2024-04-25.
70. "10 things you didn't know about the Koobface gang". ZDNet.com. Retrieved 2024-04-25.
71. "Koobface Gang Responds to the "10 Things You Didn't Know About the Koobface Gang Post"". Dancho Danchev's Blog - Mind Streams of Information Security Knowledge. 17 May 2010. Retrieved 2024-04-25.
72. "Five Koobface botnet suspects named by New York Times". The Register. Retrieved 2012-01-18.
73. Richmond, Riva (17 January 2012). "Web Gang Operating in the Open". The New York Times. Retrieved 2024-04-25.
74. "Cybercriminals unveiled". DW.com. Retrieved 2024-04-25.
75. "Who's Behind the Koobface Botnet? - An OSINT Analysis". Dancho Danchev's Blog - Mind Streams of Information Security Knowledge. 9 January 2012. Retrieved 2024-04-25.
76. "De toekomst van malware". Security.nl (in Dutch).
77. "Website Trend Micro infecteert bezoekers met malware". Security.nl (in Dutch).
78. "500.000 websites gehackt in grootschalige aanval". Security.nl (in Dutch).
79. "I Love You maakt rentree dankzij Storm worm". Security.nl (in Dutch).
80. "Whitehouse.org infecteert bezoekers met malware". Security.nl (in Dutch).
81. "Waarschuwing: Flash-lek op grote schaal misbruikt". Security.nl (in Dutch).
82. "Puisterige+Russische+tieners+achter+gijzelvirus" ""Puisterige Russische tieners achter gijzelvirus"". Security.nl (in Dutch).
83. "Turkse hackers kapen DNS Photobucket". Security.nl (in Dutch).
84. "Achilleshiel in Zeus crimeware-toolkit nekt hackers". Security.nl (in Dutch).
85. "Russische hackers bekladden 300 Letse overheidssites". Security.nl (in Dutch).
86. "Russian hacker 'militia' mobilizes to attack Georgia". Computerworld.com. Archived from the original on 2013-12-19.
87. "Fraudsters Target Facebook With Phishing Scam". Wired.com.
88. "Fake Microsoft e-mail contains Trojan virus". CNET.com.
89. "Hackers expand massive IFrame attack to prime sites". Computerworld.com.
90. "Hackers knocked Comcast.net offline". InfoWorld.com.
91. "Adobe investigates Flash Player attacks". Securityfocus.com. Archived from the original on 2011-10-11.
92. "Carpet bombing networks in cyberspace". CNET.com.
93. "Storm worm e-mail says U.S. attacked Iran". CNET.com.
94. "India's underground CAPTCHA-breaking economy". BoingBoing.
95. ""In gaz we trust": a fake Russian energy company facilitating cybercrime". Foreignpolicy.com.
96. "Don't pay your ransom via SMS". Foreignpolicy.com.
97. "Is "aggregate-and-forget" the future of cyber-extortion?". Foreignpolicy.com.
98. "NYT scareware scam linked to click fraud botnet". TheRegister.
99. "Microsoft declares war on 'scareware'". InfoWorld.com.
100. "With Unrest in Iran, Cyber-attacks Begin". PCWorld.com.
101. "Интервью с болгарским хакером Данчо Данчевым специально для Russian OSINT: Киберкрайм в 2021". Russian OSINT. Archived from the original on 2021-04-13.
102. "Open Source Intelligence, Security Hacking, and Security Blogger Dancho Danchev". LinuxSecurity.com. Retrieved 2024-04-25.
103. "LOVELY HORSE – GCHQ Wiki Overview". The Intercept. Archived from the original on 2019-04-14.
104. "Robust Indicators of Compromise for SUNBURST". NETRESEC. 11 January 2021. Retrieved 2024-01-25.
105. "The "Mumba" Botnet Disclosed" (PDF). AVG. Retrieved 2023-07-18.
106. "Web hacks of 2007 and how to protect your web applications in 2008 with OWASP" (PDF). OWASP. Retrieved 2023-07-18.
107. "International Cyber Incidents Legal Considerations" (PDF). CCDCEO. Retrieved 2023-07-18.
108. "Malzilla: Exploring scareware and drive-by malware" (PDF). HolisticInfoSec. Retrieved 2023-07-18.
109. "2010 Jesse H. Neal Award Winners". Ad Age. Retrieved 2023-07-17.
110. "SC Social Media Awards". SCMagazine. 16 February 2011. Retrieved 2022-07-17.