Articles on this Page
- 07/04/13--00:00: _Newly launched unde...
- 07/08/13--12:00: _Novel ransomware ta...
- 07/09/13--00:00: _Spamvertised ‘Expor...
- 07/10/13--00:00: _Cybercriminals spam...
- 07/11/13--00:00: _New commercially av...
- 07/12/13--00:00: _Fake ‘iGO4 Private ...
- 07/12/13--13:57: _“The implications a...
- 07/15/13--00:00: _Tens of thousands o...
- 07/16/13--07:27: _Master Key Bug Patc...
- 07/16/13--12:00: _Spamvertised ‘Vodaf...
- 07/17/13--12:00: _New commercially av...
- 07/17/13--12:52: _New Rogue “Antiviru...
- 07/18/13--06:00: _New Mac Malware Use...
- 07/19/13--10:00: _Rogue ads targeting...
- 07/22/13--00:00: _Yet another commerc...
- 07/23/13--00:00: _Deceptive ‘Media Pl...
- 07/24/13--00:00: _Newly launched ‘HTT...
- 07/25/13--00:00: _Fake ‘Copy of Vodaf...
- 07/26/13--00:00: _Rogue ads lead to t...
- 07/29/13--15:00: _How much does it co...
- 07/12/13--13:57: “The implications are huge!” – The Master Key Bug
- 07/17/13--12:52: New Rogue “Antivirus System” locks you out of safe mode
- 07/18/13--06:00: New Mac Malware Uses Right-to-Left Override To Trick Users
By Dancho Danchev In May of 2012, we highlighted the increasing public availability of managed SMS spam services that can send hundreds of thousands of SMS messages across multiple verticals. These services are assisted through the use of proprietary or publicly obtainable phone number harvesting and verifying DIY applications. In this post, I’ll profile one of the most […]
By Dancho Danchev From managed ransomware as a service ‘solutions‘ to DIY ransomware generating tools, this malicious market segment is as hot as ever with cybercriminals continuing to push new variants, and sometimes, literally introducing novel approaches to monetize locked PCs. In this case, by forcing their users to complete a survey before they receive the […]
By Dancho Danchev We’ve just intercepted a currently circulating malicious spam campaign consisting of tens of thousands of fake ‘Export License/Invoice Copy’ themed emails, enticing users into executing the malicious attachment. Once the socially engineered users do so, their PCs automatically become part of the botnet operated by the cybercriminals behind the campaign. More details: Sample […]
By Dancho Danchev Cybercriminals are currently mass mailing tens of thousands of fake emails impersonating the Westminster Hotel, in an attempt to trick users into thinking that they’ve received a legitimate booking confirmation. In reality through, once the socially engineered users execute the malicious attachments, their PCs automatically join the botnet operated by the cybercriminals behind the […]
By Dancho Danchev For many years now, cybercriminals have been efficiency abusing both legitimate compromised and automatically registered FTP accounts (using CAPTCHA outsourcing) in an attempt to monetize the process by uploading cybercrime-friendly ‘doorways’ or plain simple malicious scripts to be used later on in their campaigns. This practice led to the emergence of DIY (do-it-yourself) tools and managed service platforms […]
By Dancho Danchev In a clear demonstration of low QA (Quality Assurance) applied to an ongoing malicious spam campaign, the cybercriminals behind the recently profiled ‘Cybercriminals spamvertise tens of thousands of fake ‘Your Booking Reservation at Westminster Hotel’ themed emails, serve malware‘ campaign, have launched yet another spam campaign. Despite the newly introduced themed attempting […]
By Nathan Collier and Cameron Palan Last week, Bluebox Security reported they’d found a new flaw with the Android OS, saying “The implications are huge!”. The bug, also known as the “Master Key” bug or “bug 8219321”, can be exploited as a way to modify Android application files, specifically the code within them, without breaking […]
nathancollierAndroid Master Key
By Dancho Danchev Looking for legitimate online gambling services? You may want to skip the rogue online casinos that I’ll highlight in this post. Over the past few days, we intercepted multiple spam campaigns launched by the same party, enticing users into downloading fake online casinos most commonly known as the Win32/PrimeCasino/Win32/Casonline PUA (Potentially Unwanted Application). More details: […]
By Nathan Collier Last Friday we blogged about the radical Android OS bug 8219321, better known as the “Master Key” bug, which was reported by Bluebox Security. Check out last weeks blog if you haven’t already: “The implications are huge!” – The Master Key Bug. We mentioned how we have been diligently working on protecting those […]
nathancollier7-16-2013 8-32-56 AM
By Dancho Danchev We’ve intercepted two, currently circulating, malicious spam campaigns enticing users into executing the malicious attachments found in the fake emails. This time the campaigns are impersonating Vodafone U.K or pretending to be a legitimate email generated by Sage 50′s Payroll software. More details: Sample screenshot of the spamvertised email: What’s particularly interesting about […]
By Dancho Danchev Thanks to the fact that users not only continue to use weak passwords, but also, re-use them across multiple Web properties, brute-forcing continues to be an effective tactic in the arsenal of every cybercriminal. With more malicious underground market releases continuing to utilize this technique in an attempt to empower potential cybercriminals with […]
By Tyler Moffitt Recently we’ve seen a new fake security product running around that has made improvements to the standard rogue. Typical rogues are annoying, but relatively easy to take care of. Previously, all you had to do was boot into safe mode with networking and remove the files and registry entries (or install Webroot). […]
tylermoffittExecutable HijackScanning of real filesProactive DefensePersonal SecurityInternet SecurityConfigurationActivationPaymentSafe Mode with Command PromptCreate new admin accountInstall Webroot in new accountStart Control Active ProcessesThe virus is already being monitoredAfter you block and scan, Webroot will remove it
By Michael Sweeting After a relatively long lag period without seeing any particular new and exciting Mac malware, last week we saw the surfacing of a new and interesting method of compromising the OSX system. Malware authors have taken a new approach by altering file extensions of malicious .app packages in order to trick users […]
masweeting7-18-2013 8-07-37 AM7-18-2013 8-07-49 AM7-18-2013 8-08-00 AM7-18-2013 8-08-12 AM7-18-2013 8-08-38 AM
By Dancho Danchev German Web users, watch what you install on your PCs! Our sensors just picked up yet another rogue/deceptive ad campaign enticing visitors to install the bogus PC performance enhancing software known as ‘PCPerformer’, which in reality is a Potentially Unwanted Application (PUA), that tricks users into installing (the Delta Toolbar in particular) on […]
By Dancho Danchev Cybercriminals continue releasing new, commercially available, stealth Bitcoin/Litecoin mining tools, empowering novice cybercriminals with the ability to start monetizing the malware-infected hosts part of their botnets, or the ones they have access to which they’ve purchased through a third-party malware-infected hosts selling service. What’s so special about the latest mining tool that popped […]
By Dancho Danchev Our sensors continue picking up deceptive advertisements that expose gullible and socially engineered users to privacy-invading applications and toolbars, most commonly known as Potentially Unwanted Applications (PUAs). The latest detected campaign utilizes multiple legitimately looking banners in an attempt to trick users into thinking that their media player needs to be updated. […]
By Dancho Danchev A newly launched managed ‘HTTP-based botnet setup as a service’ aims to attract novice cybercriminals who’ve just purchased their first commercially available malware bot — or managed to obtain a cracked/leaked version of it — but still don’t have the necessary experience to operate, and most importantly, host the command and control […]
By Dancho Danchev Cybercriminals continue targeting U.K based Internet users in an attempt to trick them into thinking that they’ve received a legitimate email from Vodafone U.K. We’ve intercepted two, currently circulating, malicious spam campaign that once again impersonate Vodafone U.K, this time relying on a bogus “Copy of Vodafone U.K” themed messages, the ubiquitous ‘MMS […]
By Dancho Danchev Remember the Win32/Somoto.BetterInstaller Potentially Unwanted Application (PUA)? We’ve just intercepted the latest rogue ad-campaign launched by a participant in their affiliate network, potentially exposing socially engineered users to privacy-invading risks without their knowledge. More details: Sample screenshot of the actual ad: Sample screenshot of the landing page: Rogue URL: hxxp://www.softigloo.com/nlp/e/matomy/free_media_player – 220.127.116.11 Detection […]
By Dancho Danchev For years, many of the primary and market-share leading ‘malware-infected hosts as a service’ providers have become used to selling exclusive access to hosts from virtually the entire World, excluding the sale and actual infection of Russian and Eastern European based hosts. This sociocultural trend was then disrupted by the Carberp gang, which started targeting […]