Cybercrime-friendly service offers access to tens of thousands of compromised accounts

April 3, 2013, 12:00 am

≫ Next: Madi/Mahdi/Flashback OS X connected malware spreading through Skype

≪ Previous: Spamvertised ‘Re: Changelog as promised’ themed emails lead to malware

$

0

0

By Dancho Danchev Among the first things a cybercriminal will (automatically) do, once they gain access to a compromised host, is to retrieve account/credential data. From compromised FTP credentials, CPanel accounts, portfolios of domains, to hacked PayPal and Steam accounts, cybercriminals are actively utilizing compromised infrastructure as a foundation for the success of their fraudulent or malicious campaigns, as [...]

---

Madi/Mahdi/Flashback OS X connected malware spreading through Skype

April 4, 2013, 12:00 am

≫ Next: Cybercriminals selling valid ‘business card’ data of company executives across multiple verticals

≪ Previous: Cybercrime-friendly service offers access to tens of thousands of compromised accounts

$

0

0

By Dancho Danchev Over the past few days, we intercepted a malware campaign that spreads through Skype messages, exclusively coming from malware-infected friends or colleagues. Once users click on the shortened link, they’ll be exposed to a simple file download box, with the cybercriminals behind the campaign directly linking to the malicious executable. More details: [...]

Cybercriminals selling valid ‘business card’ data of company executives across multiple verticals

April 5, 2013, 12:00 am

≫ Next: A peek inside the ‘Zerokit/0kit/ring0 bundle’ bootkit

≪ Previous: Madi/Mahdi/Flashback OS X connected malware spreading through Skype

$

0

0

By Dancho Danchev Over the last couple of years, the industry’s and the media’s attention has been shifting from mass widespread malware campaigns to targeted attacks most commonly targeting human rights organizations, governments and the military, also known as advanced persistent threats (APTs). In this post, I’ll profile a recently spotted underground market advertisement, which [...]

A peek inside the ‘Zerokit/0kit/ring0 bundle’ bootkit

April 8, 2013, 12:00 am

≫ Next: DIY Skype ring flooder offered for sale

≪ Previous: Cybercriminals selling valid ‘business card’ data of company executives across multiple verticals

$

0

0

By Dancho Danchev In a diversified underground marketplace, where multiple market players interact with one another on a daily basis, there are the “me too” developers, and the true “innovators” whose releases have the potential to cause widespread damage, ultimately resulting in huge financial losses internationally. In this post, I’ll profile one such underground market [...]

DIY Skype ring flooder offered for sale

April 9, 2013, 12:00 am

≫ Next: Spamvertised ‘Your order for helicopter for the weekend’ themed emails lead to malware

≪ Previous: A peek inside the ‘Zerokit/0kit/ring0 bundle’ bootkit

$

0

0

By Dancho Danchev Thanks to the ease of generating a botnet, in 2013, stolen accounting data on a mass scale is a no longer a hot underground item, it’s a commodity, one that’s being offered by virtually all participants in the cybercrime ecosystem. What happens once a Skype account gets compromised? There are several possible [...]

Spamvertised ‘Your order for helicopter for the weekend’ themed emails lead to malware

April 10, 2013, 12:00 am

≫ Next: A peek inside a ‘life cycle aware’ underground market ad for a private keylogger

≪ Previous: DIY Skype ring flooder offered for sale

$

0

0

By Dancho Danchev Cybercriminals are currently mass mailing tens of thousands of emails, in an attempt to trick users into thinking that the order for their “air transportation services has been accepted and processed”. In reality though, once users execute the malicious attachments, their PCs will automatically become part of the botnet managed by the [...]

A peek inside a ‘life cycle aware’ underground market ad for a private keylogger

April 11, 2013, 12:00 am

≫ Next: BitCoin Jackers Ask: “What’s in Your Wallet?”

≪ Previous: Spamvertised ‘Your order for helicopter for the weekend’ themed emails lead to malware

$

0

0

By Dancho Danchev What’s greed to some cybercriminals, is profit maximization to others, especially in times when we’re witnessing the maturing state of the modern cybercrime ’enterprise’. Many enter this vibrant marketplace as vendors without really realizing that, thanks to the increasing transparency within the cybercrime ecosystem, their basic and valued added services will be directly benchmarked [...]

BitCoin Jackers Ask: “What’s in Your Wallet?”

April 11, 2013, 2:29 pm

≫ Next: American Airlines ‘You can download your ticket’ themed emails lead to malware

≪ Previous: A peek inside a ‘life cycle aware’ underground market ad for a private keylogger

$

0

0

By Adam McNeil With all the recent media coverage and extreme changes of the BitCoin value, it should come as no surprise that malware authors are trying to capitalize on the trends.  These people attempt to make money on all sorts of digital transactions and it’s probably a safe bet to expect their rapid expansion [...]

---

American Airlines ‘You can download your ticket’ themed emails lead to malware

April 12, 2013, 12:00 am

≫ Next: Cybercriminals offer spam-friendly SMTP servers for rent

≪ Previous: BitCoin Jackers Ask: “What’s in Your Wallet?”

$

0

0

By Dancho Danchev Cybercriminals are currently spamvertising tens of thousands of emails impersonating American Airlines in an attempt to trick its customers into thinking that they’ve received a download link for their E-ticket. Once they download and execute the malicious attachment, their PCs automatically join the botnet operated by the cybercriminal/gang of cybercriminals behind the campaign. More details: [...]

Cybercriminals offer spam-friendly SMTP servers for rent

April 15, 2013, 12:00 am

≫ Next: How mobile spammers verify the validity of harvested phone numbers – part two

≪ Previous: American Airlines ‘You can download your ticket’ themed emails lead to malware

$

0

0

By Dancho Danchev In times when modern cybercriminals take advantage of the built-in SMTP engines in their malware platforms, as well as efficient and systematic abuse of Web-based email service providers for mass mailing fraudulent or malicious campaigns, others seem to be interested in the resurrection of an outdated, but still highly effective way to [...]

How mobile spammers verify the validity of harvested phone numbers – part two

April 16, 2013, 12:00 am

≫ Next: A peek inside a (cracked) commercially available RAT (Remote Access Tool)

≪ Previous: Cybercriminals offer spam-friendly SMTP servers for rent

$

0

0

By Dancho Danchev Just as we anticipated earlier this year in our “How mobile spammers verify the validity of harvested phone number” post, mobile spammers and cybercriminals in general will continue ensuring that QA (Quality Assurance) is applied to their upcoming campaigns. This is done in an attempt to both successfully reach a wider audience and to [...]

A peek inside a (cracked) commercially available RAT (Remote Access Tool)

April 17, 2013, 12:00 am

≫ Next: DIY Russian mobile number harvesting tool spotted in the wild

≪ Previous: How mobile spammers verify the validity of harvested phone numbers – part two

$

0

0

By Dancho Danchev In an attempt to add an additional layer of legitimacy to their malicious software, cybercriminals sometimes simply reposition them as Remote Access Tools, also known as R.A.Ts. What they seem to be forgetting is that, no legitimate Remote Access Tool would posses any spreading capabilities, plus, has the capacity to handle tens of [...]

DIY Russian mobile number harvesting tool spotted in the wild

April 18, 2013, 12:00 am

≫ Next: DIY SIP-based TDoS tool/number validity checker offered for sale

≪ Previous: A peek inside a (cracked) commercially available RAT (Remote Access Tool)

$

0

0

By Dancho Danchev Earlier this year we profiled a newly released mobile/phone number harvesting application, a common tool in the arsenal of mobile spammers, as well as vendors of mobile spam services. Since the practice is an inseparable part of the mobile spamming process, cybercriminals continue periodically releasing new mobile number harvesting applications, update their features, but most interestingly, [...]

DIY SIP-based TDoS tool/number validity checker offered for sale

April 19, 2013, 12:00 am

≫ Next: CAPTCHA-solving Russian email account registration tool helps facilitate cybercrime

≪ Previous: DIY Russian mobile number harvesting tool spotted in the wild

$

0

0

By Dancho Danchev Over the past year, we observed an increase in publicly available managed TDoS (Telephony Denial of Service) services. We attribute this increase to the achieved ‘malicious economies of scale’ on behalf of the cybercriminals operating them, as well as the overall availability of proprietary/public DIY phone ring/SMS-based TDoS tools. What are cybercriminals up to in terms of [...]

CAPTCHA-solving Russian email account registration tool helps facilitate cybercrime

April 23, 2013, 12:00 am

≫ Next: Historical OSINT – The ‘Boston Marathon explosion’ and ‘Fertilizer plant explosion in Texas’ themed malware campaigns

≪ Previous: DIY SIP-based TDoS tool/number validity checker offered for sale

$

0

0

By Dancho Danchev Just how challenged are cybercriminals when they’re being exposed to CAPTCHAs in 2013? Not even bothering to “solve the problem” by themselves anymore, thanks to the cost-efficient, effective, and fully working process of outsourcing the CAPTCHA solving process to humans thereby allowing the cybercriminals to abuse any given Web property, as if it were multiple [...]

---

Historical OSINT – The ‘Boston Marathon explosion’ and ‘Fertilizer plant explosion in Texas’ themed malware campaigns

April 24, 2013, 12:00 am

≫ Next: Fake ‘DHL Delivery Report’ themed emails lead to malware

≪ Previous: CAPTCHA-solving Russian email account registration tool helps facilitate cybercrime

$

0

0

By Dancho Danchev Following the recent events, opportunistic cybercriminals have been spamvertising tens of thousands of malicious emails in an attempt to capitalize on on the latest breaking news. We’re currently aware of two “Boston marathon explosion” themed campaigns that took place last week, one of which is impersonating CNN, and another is using the “fertilizer plant [...]

Fake ‘DHL Delivery Report’ themed emails lead to malware

April 25, 2013, 12:00 am

≫ Next: Cybercriminals impersonate Bank of America (BofA), serve malware

≪ Previous: Historical OSINT – The ‘Boston Marathon explosion’ and ‘Fertilizer plant explosion in Texas’ themed malware campaigns

$

0

0

By Dancho Danchev Over the past couple of days, cybercriminals have launched two consecutive malware campaigns impersonating DHL in an attempt to trick users into thinking that they’ve received a parcel delivery notification. The first campaign comes with a malicious attachment, whereas in the second, the actual malicious archive is located on a compromised domain. [...]

Cybercriminals impersonate Bank of America (BofA), serve malware

April 26, 2013, 12:00 am

≫ Next: How fraudulent blackhat SEO monetizers apply Quality Assurance (QA) to their DIY doorway generators

≪ Previous: Fake ‘DHL Delivery Report’ themed emails lead to malware

$

0

0

By Dancho Danchev Relying on tens of thousands of fake “Your transaction is completed” emails, cybercriminals have just launched yet another malicious spam campaign attempting to socially engineer Bank of America’s (BofA) customers into executing a malicious attachment. Once unsuspecting users do so, their PCs automatically join the botnet operated by the cybercriminal/gang of cybercriminals operating [...]

How fraudulent blackhat SEO monetizers apply Quality Assurance (QA) to their DIY doorway generators

April 29, 2013, 12:00 am

≫ Next: Managed ‘Russian ransomware’ as a service spotted in the wild

≪ Previous: Cybercriminals impersonate Bank of America (BofA), serve malware

$

0

0

By Dancho Danchev How are cybercriminals most commonly abusing legitimate Web traffic? On the majority of occasions, some will either directly embed malicious iFrames on as many legitimate Web sites as possible, target server farms and the thousands of customers that they offer services to, or generate and upload invisible doorways on legitimate, high pagerank-ed Web properties, in an attempt [...]

Managed ‘Russian ransomware’ as a service spotted in the wild

April 30, 2013, 12:00 am

≫ Next: Fake Microsoft Security Scam

≪ Previous: How fraudulent blackhat SEO monetizers apply Quality Assurance (QA) to their DIY doorway generators

$

0

0

By Dancho Danchev In 2013, you no longer need to posses sophisticated programming skills to manage a ransomware botnet, potentially tricking tens of thousands of gullible users, per day, into initiating a micro-payment to pay the ransom for having their PC locked down. You’ve got managed ransomware services doing it for you. In this post I’ll profile a recently [...]