Articles on this Page
- 04/30/13--12:34: _Fake Microsoft Secu...
- 05/01/13--00:00: _FedWire ‘Your Wire ...
- 05/02/13--00:00: _A peek inside a CVE...
- 05/03/13--00:00: _New IRC/HTTP based ...
- 05/03/13--13:00: _Rootkit infection s...
- 05/06/13--00:00: _New version of DIY ...
- 05/07/13--00:00: _Citibank ‘Merchant ...
- 05/08/13--00:00: _Fake Amazon ‘Your K...
- 05/09/13--00:00: _Cybercriminals impe...
- 05/10/13--09:00: _Android.TechnoReape...
- 05/10/13--12:00: _Cybercriminals offe...
- 05/13/13--00:00: _Newly launched E-sh...
- 05/14/13--00:00: _New subscription-ba...
- 05/15/13--00:00: _Fake ‘Free Media Pl...
- 05/15/13--11:30: _New versatile and r...
- 05/16/13--08:56: _Android.RoidSec: Th...
- 05/17/13--00:00: _Newly launched ‘Mag...
- 05/17/13--12:00: _Commercial ‘form gr...
- 05/20/13--00:00: _DIY malware cryptor...
- 05/21/13--00:00: _CVs and sensitive i...
- 04/30/13--12:34: Fake Microsoft Security Scam
- 05/01/13--00:00: FedWire ‘Your Wire Transfer’ themed emails lead to malware
- 05/03/13--00:00: New IRC/HTTP based DDoS bot wipes out competing malware
- 05/07/13--00:00: Citibank ‘Merchant Billing Statement’ themed emails lead to malware
- 05/10/13--09:00: Android.TechnoReaper Downloader Found on Google Play
- 05/10/13--12:00: Cybercriminals offer HTTP-based keylogger for sale, accept Bitcoin
- 05/14/13--00:00: New subscription-based ‘stealth Bitcoin miner’ spotted in the wild
- 05/16/13--08:56: Android.RoidSec: This app is an info stealing “sync-hole”!
- 05/17/13--12:00: Commercial ‘form grabbing’ rootkit spotted in the wild
- 05/20/13--00:00: DIY malware cryptor as a Web service spotted in the wild – part two
- 05/21/13--00:00: CVs and sensitive info soliciting email campaign impersonates NATO
By Roy Tobin Recently we have seen an increase in fake Microsoft scams, which function by tricking people into thinking that their PC is infected. With these types of scams there are a number of things to remember. 1. Microsoft will never call you telling you that your PC is infected 2. Never allow strangers [...]
By Dancho Danchev Over the last day, cybercriminals have launched yet another massive email campaign to impersonate FedWire in an attempt to trick users into thinking that their wire transfer was processed incorrectly. Once they execute the malicious attachment, their PCs automatically become part of the botnet operated by the cybercriminal/gang of cybercriminals. More details: Sample [...]
By Dancho Danchev On a regular basis we profile various DIY (do it yourself) releases offered for sale on the underground marketplace with the idea to highlight the re-emergence of this concept which allows virtually anyone obtaining the leaked tools, or purchasing them, to launch targeted malware attacks. Can DIY exploit generating tools be considered [...]
By Dancho Danchev Everyday, new vendors offering malicious software enter the underground marketplace. And although many will fail to differentiate their underground market proposition in market crowded with reputable, trusted and verified sellers, others will quickly build their reputation on the basis of their “innovative” work, potentially stealing some market share and becoming rich by offering the [...]
Recently we have seen an increase in fake installer scams attempting to trick computer users into installing disguised rootkits directly on their machines. In this post, we want to highlight how a scam like this can be installed and infect a machine, including behavior to watch out for as well as how to remedy the situation [...]
rmelick20135-2-2013 11-37-20 AM5-2-2013 11-37-38 AM5-2-2013 11-37-51 AM5-2-2013 11-38-03 AM5-2-2013 11-39-30 AM5-2-2013 11-39-13 AM5-2-2013 11-38-58 AM5-2-2013 11-38-40 AM5-2-2013 11-38-20 AM5-2-2013 11-39-59 AM5-2-2013 11-39-46 AM
By Dancho Danchev Need a compelling reason to perform search engine reconnaissance on your website, for the purpose of securing it against eventual compromise? We’re about to give you a good one. A new version of a well known mass website hacking tool has been recently released, empowering virtually anyone who buys it with the capability to [...]
By Dancho Danchev Over the past 24 hours, we’ve intercepted yet another spam campaign impersonating Citibank in an attempt to socially engineer Citibank customers into thinking that they’ve received a Merchant Billing Statement. Once users execute the malicious attachment found in the fake emails, their PCs automatically join the botnet operated by the cybercriminal/cybercriminals. More details: [...]
By Dancho Danchev Kindle users, watch what you click on! Cybercriminals are currently mass mailing tens of thousands of fake Amazon “You Kindle E-Book Order” themed emails in an attempt to trick Kindle users into clicking on the malicious links found in these messages. Once they do so, they’ll be automatically exposed to the client-side exploits [...]
By Dancho Danchev Cybercriminals are currently spamvertising tens of thousands of bogus emails impersonating New York State’s Department of Motor Vehicles (DMV) in an attempt to trick users into thinking they’ve received an uniform traffic ticket, that they should open, print and send to their town’s court. In reality, once users open and execute the malicious attachment, [...]
By Nathan Collier We have found a new threat we are calling Android.TechnoReaper. This malware has two parts: a downloader available on the Google Play Market and the spyware app it downloads. The downloaders are disguised as font installing apps, as seen below: Once you install the app, it looks like a nice app used […]
By Dancho Danchev In 2013, Liberty Reserve and Web Money remain the payment method of choice for the majority of Russian/Eastern European cybercriminals. Cybercrime-as-a-Service underground market propositions, malware crypters, R.A.Ts (Remote Access Trojans), brute-forcing tools etc. virtually every underground market product/service is available for purchase through the use of these ubiquitous virtual currencies. What’s the situation on the international underground […]
By Dancho Danchev On the majority of occasions, Cybercrime-as-a-Service vendors will sell access to malware-infected hosts to virtually anyone who pays for them, without bothering to know what happens once the transaction takes place. A newly launched E-shop for malware-infected hosts, however, has introduced a novel approach for calculating the going rate for the hacked PCs. Basically, […]
By Dancho Danchev Bitcoin, the digital peer-to-peer based currency, is an attractive target for cybercriminals, who persistently look for new monetization tactics to apply to their massive, but easily generated botnets. Not surprisingly, thanks to the buzz surrounding it, fraudulent Internet actors have begun to look for efficient ways to take advantage of the momentum. A logical […]
By Dancho Danchev Our sensors just picked up a rogue advertisement served through the Yieldmanager ad network, which exposes users to fake Adobe Flash Player HD ads, ultimately dropping a copy of the potentially unwanted application (PUA)/adware, known as Somoto Better Installer. More details: Sample screenshot of the actual advertisement: Surprisingly, once users click, they’re presented […]
By Cameron Palan and Nathan Collier Recently, we discovered a new malicious Android application called Android.MouaBot. This malicious software is a bot contained within another basic app; in this case, a Chinese calculator application. Behind the scenes, it automatically sends an SMS message to an auto-reply number which replies back to the phone with a […]
By Nathan Collier Android.RoidSec has the package name “cn.phoneSync”, but an application name of “wifi signal Fix”. From a ‘Malware 101′ standpoint, you would think the creators would have a descriptive package name that matches the application name. Not so, in this case. So what is Android.RoidSec? It’s a nasty, malicious app that sits in […]
By Dancho Danchev The gang of cybercriminals behind the ‘Magic Malware‘ has launched yet another malicious spam campaign, attempting to trick U.K users into thinking they’ve received a notification for a “New MMS” message. In reality, once users execute the malicious attachment, it will download and drop additional malware on the affected hosts, giving the cybercriminals […]
By Dancho Danchev Trust is vital. It’s also the cornerstone for the growth of E-commerce in general, largely thanks to the mass acceptable of a trusted model for processing financial data and personally identifiable information. For years, the acceptance and mass implementation of PKI (Public Key Infrastructure) has been a driving force that resulted in a pseudo-secure […]
By Dancho Danchev With more Web-based DIY malware crypters continuing to pop up online, both novice and experienced cybercriminals can easily obfuscate any malicious sample into an undetected — through signatures based scanning not behavioral detection — piece of malware, successfully bypassing perimeter based defenses currently in place. In this post I’ll profile a recently launched service, […]
By Dancho Danchev Want to join the North Atlantic Treaty Organization (NATO)? You may want to skip the CVs/personally identifiable information soliciting campaign that I’m about to profile in this post, as you’d be involuntarily sharing your information with what looks like an intelligence gathering operation. More details: Sample screenshot of the fake NATO Employment Application Form: A copy […]