Articles on this Page
- 04/03/13--00:00: _Cybercrime-friendly...
- 04/04/13--00:00: _Madi/Mahdi/Flashbac...
- 04/05/13--00:00: _Cybercriminals sell...
- 04/08/13--00:00: _A peek inside the ‘...
- 04/09/13--00:00: _DIY Skype ring floo...
- 04/10/13--00:00: _Spamvertised ‘Your ...
- 04/11/13--00:00: _A peek inside a ‘li...
- 04/11/13--14:29: _BitCoin Jackers Ask...
- 04/12/13--00:00: _American Airlines ‘...
- 04/15/13--00:00: _Cybercriminals offe...
- 04/16/13--00:00: _How mobile spammers...
- 04/17/13--00:00: _A peek inside a (cr...
- 04/18/13--00:00: _DIY Russian mobile ...
- 04/19/13--00:00: _DIY SIP-based TDoS ...
- 04/23/13--00:00: _CAPTCHA-solving Rus...
- 04/24/13--00:00: _Historical OSINT – ...
- 04/25/13--00:00: _Fake ‘DHL Delivery ...
- 04/26/13--00:00: _Cybercriminals impe...
- 04/29/13--00:00: _How fraudulent blac...
- 04/30/13--00:00: _Managed ‘Russian ra...
- 04/04/13--00:00: Madi/Mahdi/Flashback OS X connected malware spreading through Skype
- 04/08/13--00:00: A peek inside the ‘Zerokit/0kit/ring0 bundle’ bootkit
- 04/09/13--00:00: DIY Skype ring flooder offered for sale
- 04/11/13--14:29: BitCoin Jackers Ask: “What’s in Your Wallet?”
- 04/15/13--00:00: Cybercriminals offer spam-friendly SMTP servers for rent
- 04/18/13--00:00: DIY Russian mobile number harvesting tool spotted in the wild
- 04/19/13--00:00: DIY SIP-based TDoS tool/number validity checker offered for sale
- 04/25/13--00:00: Fake ‘DHL Delivery Report’ themed emails lead to malware
- 04/26/13--00:00: Cybercriminals impersonate Bank of America (BofA), serve malware
- 04/30/13--00:00: Managed ‘Russian ransomware’ as a service spotted in the wild
By Dancho Danchev Among the first things a cybercriminal will (automatically) do, once they gain access to a compromised host, is to retrieve account/credential data. From compromised FTP credentials, CPanel accounts, portfolios of domains, to hacked PayPal and Steam accounts, cybercriminals are actively utilizing compromised infrastructure as a foundation for the success of their fraudulent or malicious campaigns, as [...]
By Dancho Danchev Over the past few days, we intercepted a malware campaign that spreads through Skype messages, exclusively coming from malware-infected friends or colleagues. Once users click on the shortened link, they’ll be exposed to a simple file download box, with the cybercriminals behind the campaign directly linking to the malicious executable. More details: [...]
By Dancho Danchev Over the last couple of years, the industry’s and the media’s attention has been shifting from mass widespread malware campaigns to targeted attacks most commonly targeting human rights organizations, governments and the military, also known as advanced persistent threats (APTs). In this post, I’ll profile a recently spotted underground market advertisement, which [...]
By Dancho Danchev In a diversified underground marketplace, where multiple market players interact with one another on a daily basis, there are the “me too” developers, and the true “innovators” whose releases have the potential to cause widespread damage, ultimately resulting in huge financial losses internationally. In this post, I’ll profile one such underground market [...]
By Dancho Danchev Thanks to the ease of generating a botnet, in 2013, stolen accounting data on a mass scale is a no longer a hot underground item, it’s a commodity, one that’s being offered by virtually all participants in the cybercrime ecosystem. What happens once a Skype account gets compromised? There are several possible [...]
By Dancho Danchev Cybercriminals are currently mass mailing tens of thousands of emails, in an attempt to trick users into thinking that the order for their “air transportation services has been accepted and processed”. In reality though, once users execute the malicious attachments, their PCs will automatically become part of the botnet managed by the [...]
By Dancho Danchev What’s greed to some cybercriminals, is profit maximization to others, especially in times when we’re witnessing the maturing state of the modern cybercrime ’enterprise’. Many enter this vibrant marketplace as vendors without really realizing that, thanks to the increasing transparency within the cybercrime ecosystem, their basic and valued added services will be directly benchmarked [...]
By Adam McNeil With all the recent media coverage and extreme changes of the BitCoin value, it should come as no surprise that malware authors are trying to capitalize on the trends. These people attempt to make money on all sorts of digital transactions and it’s probably a safe bet to expect their rapid expansion [...]
By Dancho Danchev Cybercriminals are currently spamvertising tens of thousands of emails impersonating American Airlines in an attempt to trick its customers into thinking that they’ve received a download link for their E-ticket. Once they download and execute the malicious attachment, their PCs automatically join the botnet operated by the cybercriminal/gang of cybercriminals behind the campaign. More details: [...]
By Dancho Danchev In times when modern cybercriminals take advantage of the built-in SMTP engines in their malware platforms, as well as efficient and systematic abuse of Web-based email service providers for mass mailing fraudulent or malicious campaigns, others seem to be interested in the resurrection of an outdated, but still highly effective way to [...]
By Dancho Danchev Just as we anticipated earlier this year in our “How mobile spammers verify the validity of harvested phone number” post, mobile spammers and cybercriminals in general will continue ensuring that QA (Quality Assurance) is applied to their upcoming campaigns. This is done in an attempt to both successfully reach a wider audience and to [...]
By Dancho Danchev In an attempt to add an additional layer of legitimacy to their malicious software, cybercriminals sometimes simply reposition them as Remote Access Tools, also known as R.A.Ts. What they seem to be forgetting is that, no legitimate Remote Access Tool would posses any spreading capabilities, plus, has the capacity to handle tens of [...]
By Dancho Danchev Earlier this year we profiled a newly released mobile/phone number harvesting application, a common tool in the arsenal of mobile spammers, as well as vendors of mobile spam services. Since the practice is an inseparable part of the mobile spamming process, cybercriminals continue periodically releasing new mobile number harvesting applications, update their features, but most interestingly, [...]
By Dancho Danchev Over the past year, we observed an increase in publicly available managed TDoS (Telephony Denial of Service) services. We attribute this increase to the achieved ‘malicious economies of scale’ on behalf of the cybercriminals operating them, as well as the overall availability of proprietary/public DIY phone ring/SMS-based TDoS tools. What are cybercriminals up to in terms of [...]
By Dancho Danchev Just how challenged are cybercriminals when they’re being exposed to CAPTCHAs in 2013? Not even bothering to “solve the problem” by themselves anymore, thanks to the cost-efficient, effective, and fully working process of outsourcing the CAPTCHA solving process to humans thereby allowing the cybercriminals to abuse any given Web property, as if it were multiple [...]
By Dancho Danchev Following the recent events, opportunistic cybercriminals have been spamvertising tens of thousands of malicious emails in an attempt to capitalize on on the latest breaking news. We’re currently aware of two “Boston marathon explosion” themed campaigns that took place last week, one of which is impersonating CNN, and another is using the “fertilizer plant [...]
By Dancho Danchev Over the past couple of days, cybercriminals have launched two consecutive malware campaigns impersonating DHL in an attempt to trick users into thinking that they’ve received a parcel delivery notification. The first campaign comes with a malicious attachment, whereas in the second, the actual malicious archive is located on a compromised domain. [...]
By Dancho Danchev Relying on tens of thousands of fake “Your transaction is completed” emails, cybercriminals have just launched yet another malicious spam campaign attempting to socially engineer Bank of America’s (BofA) customers into executing a malicious attachment. Once unsuspecting users do so, their PCs automatically join the botnet operated by the cybercriminal/gang of cybercriminals operating [...]
By Dancho Danchev How are cybercriminals most commonly abusing legitimate Web traffic? On the majority of occasions, some will either directly embed malicious iFrames on as many legitimate Web sites as possible, target server farms and the thousands of customers that they offer services to, or generate and upload invisible doorways on legitimate, high pagerank-ed Web properties, in an attempt [...]
By Dancho Danchev In 2013, you no longer need to posses sophisticated programming skills to manage a ransomware botnet, potentially tricking tens of thousands of gullible users, per day, into initiating a micro-payment to pay the ransom for having their PC locked down. You’ve got managed ransomware services doing it for you. In this post I’ll profile a recently [...]