Fake Microsoft Security Scam

April 30, 2013, 12:34 pm

≫ Next: FedWire ‘Your Wire Transfer’ themed emails lead to malware

≪ Previous: Managed ‘Russian ransomware’ as a service spotted in the wild

$

0

0

By Roy Tobin Recently we have seen an increase in fake Microsoft scams, which function by tricking people into thinking that their PC is infected.  With these types of scams there are a number of things to remember. 1.       Microsoft will never call you telling you that your PC is infected 2.       Never allow strangers [...]

---

FedWire ‘Your Wire Transfer’ themed emails lead to malware

May 1, 2013, 12:00 am

≫ Next: A peek inside a CVE-2013-0422 exploiting DIY malicious Java applet generating tool

≪ Previous: Fake Microsoft Security Scam

$

0

0

By Dancho Danchev Over the last day, cybercriminals have launched yet another massive email campaign to impersonate FedWire in an attempt to trick users into thinking that their wire transfer was processed incorrectly. Once they execute the malicious attachment, their PCs automatically become part of the botnet operated by the cybercriminal/gang of cybercriminals. More details: Sample [...]

A peek inside a CVE-2013-0422 exploiting DIY malicious Java applet generating tool

May 2, 2013, 12:00 am

≫ Next: New IRC/HTTP based DDoS bot wipes out competing malware

≪ Previous: FedWire ‘Your Wire Transfer’ themed emails lead to malware

$

0

0

By Dancho Danchev On a regular basis we profile various DIY (do it yourself) releases offered for sale on the underground marketplace with the idea to highlight the re-emergence of this concept which allows virtually anyone obtaining the leaked tools, or purchasing them, to launch targeted malware attacks. Can DIY exploit generating tools be considered [...]

New IRC/HTTP based DDoS bot wipes out competing malware

May 3, 2013, 12:00 am

≫ Next: Rootkit infection sporadically redirects search results in hopes users ‘just live with it’

≪ Previous: A peek inside a CVE-2013-0422 exploiting DIY malicious Java applet generating tool

$

0

0

By Dancho Danchev Everyday, new vendors offering malicious software enter the underground marketplace. And although many will fail to differentiate their underground market proposition in market crowded with reputable, trusted and verified sellers, others will quickly build their reputation on the basis of their “innovative” work, potentially stealing some market share and becoming rich by offering the [...]

Rootkit infection sporadically redirects search results in hopes users ‘just live with it’

May 3, 2013, 1:00 pm

≫ Next: New version of DIY Google Dorks based mass website hacking tool spotted in the wild

≪ Previous: New IRC/HTTP based DDoS bot wipes out competing malware

$

0

0

Recently we have seen an increase in fake installer scams attempting to trick computer users into installing disguised rootkits directly on their machines. In this post, we want to highlight how a scam like this can be installed and infect a machine, including behavior to watch out for as well as how to remedy the situation [...]

New version of DIY Google Dorks based mass website hacking tool spotted in the wild

May 6, 2013, 12:00 am

≫ Next: Citibank ‘Merchant Billing Statement’ themed emails lead to malware

≪ Previous: Rootkit infection sporadically redirects search results in hopes users ‘just live with it’

$

0

0

By Dancho Danchev Need a compelling reason to perform search engine reconnaissance on your website, for the purpose of securing it against eventual compromise? We’re about to give you a good one. A new version of a well known mass website hacking tool has been recently released, empowering virtually anyone who buys it with the capability to [...]

Citibank ‘Merchant Billing Statement’ themed emails lead to malware

May 7, 2013, 12:00 am

≫ Next: Fake Amazon ‘Your Kindle E-Book Order’ themed emails circulating in the wild, lead to client-side exploits and malware

≪ Previous: New version of DIY Google Dorks based mass website hacking tool spotted in the wild

$

0

0

By Dancho Danchev Over the past 24 hours, we’ve intercepted yet another spam campaign impersonating Citibank in an attempt to socially engineer Citibank customers into thinking that they’ve received a Merchant Billing Statement. Once users execute the malicious attachment found in the fake emails, their PCs automatically join the botnet operated by the cybercriminal/cybercriminals. More details: [...]

Fake Amazon ‘Your Kindle E-Book Order’ themed emails circulating in the wild, lead to client-side exploits and malware

May 8, 2013, 12:00 am

≫ Next: Cybercriminals impersonate New York State’s Department of Motor Vehicles (DMV), serve malware

≪ Previous: Citibank ‘Merchant Billing Statement’ themed emails lead to malware

$

0

0

By Dancho Danchev Kindle users, watch what you click on! Cybercriminals are currently mass mailing tens of thousands of fake Amazon “You Kindle E-Book Order” themed emails in an attempt to trick Kindle users into clicking on the malicious links found in these messages. Once they do so, they’ll be automatically exposed to the client-side exploits [...]

---

Cybercriminals impersonate New York State’s Department of Motor Vehicles (DMV), serve malware

May 9, 2013, 12:00 am

≫ Next: Android.TechnoReaper Downloader Found on Google Play

≪ Previous: Fake Amazon ‘Your Kindle E-Book Order’ themed emails circulating in the wild, lead to client-side exploits and malware

$

0

0

By Dancho Danchev Cybercriminals are currently spamvertising tens of thousands of bogus emails impersonating New York State’s Department of Motor Vehicles (DMV) in an attempt to trick users into thinking they’ve received an uniform traffic ticket, that they should open, print and send to their town’s court. In reality, once users open and execute the malicious attachment, [...]

Android.TechnoReaper Downloader Found on Google Play

May 10, 2013, 9:00 am

≫ Next: Cybercriminals offer HTTP-based keylogger for sale, accept Bitcoin

≪ Previous: Cybercriminals impersonate New York State’s Department of Motor Vehicles (DMV), serve malware

$

0

0

By Nathan Collier We have found a new threat we are calling Android.TechnoReaper. This malware has two parts: a downloader available on the Google Play Market and the spyware app it downloads. The downloaders are disguised as font installing apps, as seen below: Once you install the app, it looks like a nice app used […]

Cybercriminals offer HTTP-based keylogger for sale, accept Bitcoin

May 10, 2013, 12:00 pm

≫ Next: Newly launched E-shop for hacked PCs charges based on malware ‘executions’

≪ Previous: Android.TechnoReaper Downloader Found on Google Play

$

0

0

By Dancho Danchev In 2013, Liberty Reserve and Web Money remain the payment method of choice for the majority of Russian/Eastern European cybercriminals. Cybercrime-as-a-Service underground market propositions, malware crypters, R.A.Ts (Remote Access Trojans), brute-forcing tools etc. virtually every underground market product/service is available for purchase through the use of these ubiquitous virtual currencies. What’s the situation on the international underground […]

Newly launched E-shop for hacked PCs charges based on malware ‘executions’

May 13, 2013, 12:00 am

≫ Next: New subscription-based ‘stealth Bitcoin miner’ spotted in the wild

≪ Previous: Cybercriminals offer HTTP-based keylogger for sale, accept Bitcoin

$

0

0

By Dancho Danchev On the majority of occasions, Cybercrime-as-a-Service vendors will sell access to malware-infected hosts to virtually anyone who pays for them, without bothering to know what happens once the transaction takes place. A newly launched E-shop for malware-infected hosts, however, has introduced a novel approach for calculating the going rate for the hacked PCs. Basically, […]

New subscription-based ‘stealth Bitcoin miner’ spotted in the wild

May 14, 2013, 12:00 am

≫ Next: Fake ‘Free Media Player’ distributed via rogue ‘Adobe Flash Player HD’ advertisement

≪ Previous: Newly launched E-shop for hacked PCs charges based on malware ‘executions’

$

0

0

By Dancho Danchev Bitcoin, the digital peer-to-peer based currency, is an attractive target for cybercriminals, who persistently look for new monetization tactics to apply to their massive, but easily generated botnets. Not surprisingly, thanks to the buzz surrounding it, fraudulent Internet actors have begun to look for efficient ways to take advantage of the momentum. A logical […]

Fake ‘Free Media Player’ distributed via rogue ‘Adobe Flash Player HD’ advertisement

May 15, 2013, 12:00 am

≫ Next: New versatile and remote-controlled “Android.MouaBot” malware found in the wild

≪ Previous: New subscription-based ‘stealth Bitcoin miner’ spotted in the wild

$

0

0

By Dancho Danchev Our sensors just picked up a rogue advertisement served through the Yieldmanager ad network, which exposes users to fake Adobe Flash Player HD ads, ultimately dropping a copy of the potentially unwanted application (PUA)/adware, known as Somoto Better Installer. More details: Sample screenshot of the actual advertisement: Surprisingly, once users click, they’re presented […]

New versatile and remote-controlled “Android.MouaBot” malware found in the wild

May 15, 2013, 11:30 am

≫ Next: Android.RoidSec: This app is an info stealing “sync-hole”!

≪ Previous: Fake ‘Free Media Player’ distributed via rogue ‘Adobe Flash Player HD’ advertisement

$

0

0

By Cameron Palan and Nathan Collier Recently, we discovered a new malicious Android application called Android.MouaBot. This malicious software is a bot contained within another basic app; in this case, a Chinese calculator application. Behind the scenes, it automatically sends an SMS message to an auto-reply number which replies back to the phone with a […]

---

Android.RoidSec: This app is an info stealing “sync-hole”!

May 16, 2013, 8:56 am

≫ Next: Newly launched ‘Magic Malware’ spam campaign relies on bogus ‘New MMS’ messages

≪ Previous: New versatile and remote-controlled “Android.MouaBot” malware found in the wild

$

0

0

By Nathan Collier Android.RoidSec has the package name “cn.phoneSync”, but an application name of “wifi signal Fix”. From a ‘Malware 101′ standpoint, you would think the creators would have a descriptive package name that matches the application name. Not so, in this case. So what is Android.RoidSec? It’s a nasty, malicious app that sits in […]

Newly launched ‘Magic Malware’ spam campaign relies on bogus ‘New MMS’ messages

May 17, 2013, 12:00 am

≫ Next: Commercial ‘form grabbing’ rootkit spotted in the wild

≪ Previous: Android.RoidSec: This app is an info stealing “sync-hole”!

$

0

0

By Dancho Danchev The gang of cybercriminals behind the ‘Magic Malware‘ has launched yet another malicious spam campaign, attempting to trick U.K users into thinking they’ve received a notification for a “New MMS” message. In reality, once users execute the malicious attachment, it will download and drop additional malware on the affected hosts, giving the cybercriminals […]

Commercial ‘form grabbing’ rootkit spotted in the wild

May 17, 2013, 12:00 pm

≫ Next: DIY malware cryptor as a Web service spotted in the wild – part two

≪ Previous: Newly launched ‘Magic Malware’ spam campaign relies on bogus ‘New MMS’ messages

$

0

0

By Dancho Danchev Trust is vital. It’s also the cornerstone for the growth of E-commerce in general, largely thanks to the mass acceptable of a trusted model for processing financial data and personally identifiable information. For years, the acceptance and mass implementation of PKI (Public Key Infrastructure) has been a driving force that resulted in a pseudo-secure […]

DIY malware cryptor as a Web service spotted in the wild – part two

May 20, 2013, 12:00 am

≫ Next: CVs and sensitive info soliciting email campaign impersonates NATO

≪ Previous: Commercial ‘form grabbing’ rootkit spotted in the wild

$

0

0

By Dancho Danchev With more Web-based DIY malware crypters continuing to pop up online, both novice and experienced cybercriminals can easily obfuscate any malicious sample into an undetected — through signatures based scanning not behavioral detection — piece of malware, successfully bypassing perimeter based defenses currently in place. In this post I’ll profile a recently launched service, […]

CVs and sensitive info soliciting email campaign impersonates NATO

May 21, 2013, 12:00 am

≫ Next: New commercially available DIY invisible Bitcoin miner spotted in the wild

≪ Previous: DIY malware cryptor as a Web service spotted in the wild – part two

$

0

0

By Dancho Danchev Want to join the North Atlantic Treaty Organization (NATO)? You may want to skip the CVs/personally identifiable information soliciting campaign that I’m about to profile in this post, as you’d be involuntarily sharing your information with what looks like an intelligence gathering operation. More details: Sample screenshot of the fake NATO Employment Application Form: A copy […]