Articles on this Page
- 05/22/13--00:00: _New commercially av...
- 05/23/13--00:00: _Fake ‘Export Licens...
- 05/23/13--09:30: _Recent spike in FBI...
- 05/24/13--00:00: _Compromised Indian ...
- 05/29/13--00:00: _Cybercriminals resu...
- 05/30/13--00:00: _Marijuana-themed DD...
- 05/31/13--00:00: _Fake ‘Vodafone U.K ...
- 06/03/13--00:00: _Compromised FTP/SSH...
- 06/04/13--00:00: _New E-shop sells ac...
- 06/05/13--12:00: _Pharmaceutical scam...
- 06/06/13--00:00: _iLivid ads lead to ...
- 06/07/13--00:00: _Hacked Origin, Upla...
- 06/10/13--00:00: _Scammers impersonat...
- 06/11/13--04:16: _Fake ‘Unsuccessful ...
- 06/11/13--08:00: _How not to install ...
- 06/12/13--00:00: _Tens of thousands o...
- 06/13/13--00:00: _Rogue ads lead to S...
- 06/14/13--00:00: _How cybercriminals ...
- 07/03/13--06:30: _Android.Bankun: Ban...
- 07/03/13--12:00: _Deceptive ads targe...
- 05/23/13--00:00: Fake ‘Export License/Payment Invoice’ themed emails lead to malware
- 05/23/13--09:30: Recent spike in FBI Ransomware striking worldwide
- 05/30/13--00:00: Marijuana-themed DDoS for hire service spotted in the wild
- 06/04/13--00:00: New E-shop sells access to thousands of hacked PCs, accepts Bitcoin
- 06/11/13--04:16: Fake ‘Unsuccessful Fax Transmission’ themed emails lead to malware
- 06/11/13--08:00: How not to install Adobe Flash Player
- 06/12/13--00:00: Tens of thousands of spamvertised emails lead to W32/Casonline
By Dancho Danchev Just as we anticipated in our previous analysis of a commercially available Bitcoin miner, cybercriminals continue “innovating” on this front by releasing more advanced and customizable invisible Bitcoin miners for fellow cybercriminals to take advantage of. In this post, we’ll profile yet another invisible Bitcoin miner, once again available for purchase on the international cybercrime-friendly marketplace, emphasize on […]
By Dancho Danchev We have just intercepted yet another currently ongoing malicious spam campaign, enticing users into executing a fake Export License/Payment Invoice. Once gullible and socially engineering users do so, their PCs automatically join the botnet operated by the cybercriminals. More details: Detection rate for the malicious executable: MD5: 4e7dc191117a6f30dd429cc619041552 – detected by 33 out […]
By Israel Chavarria Recently we have seen a spike of this ransomware in the wild and it appears as though its creators are not easily giving up. This infection takes your computer hostage and makes it look as though the authorities are after you, when in reality this is all just an elaborate attempt to […]
By Dancho Danchev Our sensors recently picked up a Web site infection, affecting the Web site of the Ministry of Micro And Medium Enterprises (MSME DI Jaipur). And although the Black Hole Exploit Kit serving URL is currently not accepting any connections, it’s known to have been used in previous client-side exploit serving campaigns. Let’s profile the […]
By Dancho Danchev Over the past week, the cybercriminals behind the recently profiled ‘Citibank Merchant Billing Statement‘ themed campaign, resumed operations, and launched yet another massive spam campaign impersonating Citibank, in an attempt to trick its customers into executing the malicious attachment found in the fake emails. More details: Sample screenshot of the spamvertised email: […]
By Dancho Danchev Largely thanks to the increasing availability of easy to use DIY (do-it-yourself) DDoS bots, we continue to observe an increase in international cybercrime-friendly market propositions for ‘DDoS for hire’ services. And whereas these services can never match the bandwidth capabilities and vendor experience offered by their Russian/Eastern European counterparts, they continue to […]
By Dancho Danchev We have just intercepted yet another spamvertised malware serving campaign, this time impersonating Vodafone U.K, in an attempt to trick the company’s customers into thinking that they’ve received an image. In reality, once users execute the malicious attachments, their PCs automatically join the botnet operated by the cybercriminal. More details: Detection rate […]
By Dancho Danchev Utilizing the very best in ‘malicious economies of scale’ concepts, cybercriminals have recently released a privilege-escalating Web-controlled mass iFrame embedding platform that’s not just relying on compromised FTP/SSH accounts, but also automatically gains root access on the affected servers in an attempt to target each and every site hosted there. Similar to […]
By Dancho Danchev Remember the E-shop offering access to hacked PCs, based on malware ‘executions’ that we profiled last month? We have recently spotted a newly launched, competing E-shop, once again selling access to hacked PCs worldwide, based on malware ‘executions’. However, this time, there’s no limit to the use of (competing) bot killers, meaning […]
By Dancho Danchev Opportunistic pharmaceutical scammers are currently spamvertising tens of thousands of bogus emails impersonating Facebook’s Notification System in an attempt to trick users into clicking on the links, supposedly coming from a trusted source. Once users click on the links found in the fake emails, they’re exposed to counterfeit pharmaceutical items available for purchase […]
By Dancho Danchev Our sensors recently picked up an advertisement using Yieldmanager’s ad network, enticing users into downloading the iLivid PUA (Potentially Unwanted Application) on their PCs. Operated by Bandoo Media Inc., the application installs the privacy invading “Searchqu Toolbar”. More details: Sample screenshot of the advertisement: Sample screenshot of the download page: Detection rate for iLivid – MD5: 468bbe0dc83496cad49597a47341c786 - detected […]
By Dancho Danchev Aiming to capitalize on the multi-billion gaming market, cybercriminals actively data mine their botnets for accounting credentials, not just for popular gaming platforms, but also the actual activation keys for some of the most popular games on the market. A newly launched e-shop aims to monetize stolen accounting credentials, not just for […]
By Dancho Danchev Opportunistic scammers have just launched a targeted spam campaign impersonating the UN Refugee Agency (UNHCR) in an attempt to trick users into handing over their complete credit card details as they supposedly make a donation to support Syria’s refugees. Needless to say, this scam is seeking full access to your credit card details through a fraudulent […]
By Dancho Danchev Have you sent an eFax recently? Watch out for an ongoing malicious spam campaign that tries to convince you that there’s been an unsuccessful fax transmission. Once socially engineered users execute the malicious attachment found in the fake emails, their PCs automatically join the botnet of the cybercriminals behind the campaign. More […]
By Dan Para It seems simple enough, I want to install Adobe Flash Player so I search for “flash player download and click on the first result, right? Ignoring the second link which doesn’t have a five star rating and 37 reviews, I’m brought to a page called downloadinfo.com. I click the download button, click […]
rmelick2013search1downloadinfooptimum downloaderrealplayerSolid SavingsUnit LayersOptimizer ProInstallingGoogle ToolbarVLC Player - whatoptional software included
By Dancho Danchev Fraudsters are currently spamvertising tens of thousands of emails enticing users into installing rogue, potentially unwanted (PUAs) casino software. Most commonly known as W32/Casonline, this scam earns revenue through the rogue online gambling software’s affiliate network. More details: Sample screenshots of the landing URLs: Spamvertised URLs: hxxp://luckynuggetcasino.com – 18.104.22.168 hxxp://888casino.com – 22.214.171.124 hxxp://spinpalace.com – 126.96.36.199 hxxp://alljackpotscasino.com – […]
By Dancho Danchev Our sensors just picked up yet another rogue ad enticing users into installing the SafeMonitorApp, a potentially unwanted application (PUA) that socially engineers users into giving away their privacy through deceptive advertising of the rogue application’s “features”. More details: Sample screenshot of the landing page, featuring a bogus ‘Norton Secured’ Seal: Sample screenshot […]
By Dancho Danchev In 2013, the use of basic Quality Assurance (QA) practices has become standard practice for cybercrininals when launching a new campaign. In an attempt to increase the probability of a successful outcome for their campaigns — think malware infection, increased visitor-to-malware infected conversion, improved conversion of blackhat SEO acquired traffic leading to the purchase of counterfeit pharmaceutical items etc. — […]
By Nathan Collier There’s one variant of Android.Bankun that is particularly interesting to me. When you look at the manifest it doesn’t have even one permission. Even wallpaper apps have internet permissions. Having no permissions isn’t a red flag for being malicious though. In fact, it may even make you lean towards it being legitimate. […]
nathancollier7-2-2013 2-03-42 PM7-2-2013 2-03-57 PM7-2-2013 2-04-03 PM7-2-2013 2-04-14 PM7-2-2013 2-04-21 PM7-2-2013 2-04-28 PM7-2-2013 2-04-40 PM7-2-2013 2-04-49 PM7-2-2013 2-04-57 PM
By Dancho Danchev We’ve just intercepted yet another campaign serving deceptive ads, this time targeting German-speaking users into downloading and installing the privacy-invading ‘FLV Player’ Potentially Unwanted Application (PUA), part of Somoto’s pay-per-install network. More details: Sample screenshot of the actual rogue ad telling users that they should update their current media player: Sample screenshot […]