Custom USB sticks bypassing Windows 7/8′s AutoRun protection measure going mainstream

July 30, 2013, 12:00 am

≫ Next: DIY commercially-available ‘automatic Web site hacking as a service’ spotted in the wild

≪ Previous: How much does it cost to buy one thousand Russian/Eastern European based malware-infected hosts?

$

0

0

By Dancho Danchev When Microsoft disabled AutoRun on XP and Vista back in February, 2011, everyone thought this was game over for the bad guys who were abusing the removable media distribution/infection vector in particular. However, pragmatic and market demand-driven opportunistic cybercrime-friendly vendors quickly realized that this has opened up a new business opportunity, that is, if they ever […]

---

DIY commercially-available ‘automatic Web site hacking as a service’ spotted in the wild

July 31, 2013, 12:00 am

≫ Next: ‘Malware-infected hosts as stepping stones’ service offers access to hundreds of compromised U.S based hosts

≪ Previous: Custom USB sticks bypassing Windows 7/8′s AutoRun protection measure going mainstream

$

0

0

By Dancho Danchev A newly launched underground market service, aims to automate the unethical penetration testing process, by empowering virtually all of its (paying) customers with what they claim is ‘private exploitation techniques’ capable of compromising any Web site. More details: Sample screenshots of the DIY automatic Web site hacking service+colors of the displayed output: […]

‘Malware-infected hosts as stepping stones’ service offers access to hundreds of compromised U.S based hosts

August 2, 2013, 12:00 am

≫ Next: New ‘Hacked shells as a service’ empowers cybercriminals with access to high page rank-ed Web sites

≪ Previous: DIY commercially-available ‘automatic Web site hacking as a service’ spotted in the wild

$

0

0

By Dancho Danchev Malware-infected hosts with clean IP reputation have always been a desirable underground market item. On the majority of occasions, they will either be abused as distribution/infection vector, used as cash cows, or as ‘stepping stones’, risk-forwarding the responsibility, and distorting the attribution process, as well as adding an additional OPSEC (Operational Security) layer […]

New ‘Hacked shells as a service’ empowers cybercriminals with access to high page rank-ed Web sites

August 2, 2013, 12:00 pm

≫ Next: Fake ‘iPhone Picture Snapshot Message’ themed emails lead to malware

≪ Previous: ‘Malware-infected hosts as stepping stones’ service offers access to hundreds of compromised U.S based hosts

$

0

0

By Dancho Danchev Whether it’s abusing the ‘Long Tail’ of the Web by systematically and efficiently exploiting tens of thousands of legitimate Web sites, or the quest to compromise few, but high-trafficked, high page rank empowered Web sites, compromised shell accounts are an inseparable part of the cybercrime ecosystem. Aiming to fill in a niche in […]

Fake ‘iPhone Picture Snapshot Message’ themed emails lead to malware

August 5, 2013, 12:00 am

≫ Next: Potentially Unwanted Applications and You

≪ Previous: New ‘Hacked shells as a service’ empowers cybercriminals with access to high page rank-ed Web sites

$

0

0

By Dancho Danchev We’ve just intercepted a currently circulating malicious spam campaign that’s attempting to trick iPhone owners into thinking that they’ve received a ‘picture snapshot message’. Once users execute the malicious attachment, their PCs automatically join the botnet operated by the cybercriminal/gang of cybercriminals, whose activities we’ve been closely monitoring over the last couple […]

Potentially Unwanted Applications and You

August 5, 2013, 8:30 am

≫ Next: Malicious Bank of America (BofA) ‘Statement of Expenses’ themed emails lead to client-side exploits and malware

≪ Previous: Fake ‘iPhone Picture Snapshot Message’ themed emails lead to malware

$

0

0

By Adam McNeil PUA’s (Potentially Unwanted Applications) are often nuisance applications which serve little purpose other than using your computer as a gateway for online advertisements or as a catalyst to deliver annoying applications that may pester you to the point where you want to throw your computer out a window.  Anti-Malware companies usually have […]

Malicious Bank of America (BofA) ‘Statement of Expenses’ themed emails lead to client-side exploits and malware

August 6, 2013, 12:00 am

≫ Next: Cybercriminals spamvertise fake ‘O2 U.K MMS’ themed emails, serve malware

≪ Previous: Potentially Unwanted Applications and You

$

0

0

By Dancho Danchev Bank of America (BofA) customers, watch what you click on! A currently ongoing malicious spam campaigns is attempting to entice BofA customers into clicking on the client-side exploit serving URLs found in legitimate looking ‘Statement of Expenses’ themed emails. Once users with outdated third-party applications and browser plugins click on the link, an […]

Cybercriminals spamvertise fake ‘O2 U.K MMS’ themed emails, serve malware

August 7, 2013, 10:00 am

≫ Next: One-stop-shop for spammers offers DKIM-verified SMTP servers, harvested email databases and training to potential customers

≪ Previous: Malicious Bank of America (BofA) ‘Statement of Expenses’ themed emails lead to client-side exploits and malware

$

0

0

By Dancho Danchev British users, watch what you execute on your PCs! An ongoing malicious spam campaign is impersonating U.K’s O2 mobile carrier, in an attempt to trick its customers into executing a fake ‘MMS message” attachment found in the emails. Once socially engineered users do so, their PCs automatically join the botnet operated by […]

---

One-stop-shop for spammers offers DKIM-verified SMTP servers, harvested email databases and training to potential customers

August 8, 2013, 11:00 am

≫ Next: Fake ‘Apple Store Gift Card’ themed emails serve client-side exploits and malware

≪ Previous: Cybercriminals spamvertise fake ‘O2 U.K MMS’ themed emails, serve malware

$

0

0

By Dancho Danchev In a series of blog posts, we’ve been highlighting the ease, automation, and sophistication of today’s customer-ized managed spam ‘solutions’, setting up the foundations for a successful fraudulent or purely malicious spam campaign, like the ones we intercept and protect against on a daily basis. From bulletproof spam-friendly SMTP servers, to segmented […]

Fake ‘Apple Store Gift Card’ themed emails serve client-side exploits and malware

August 9, 2013, 12:00 am

≫ Next: Newly launched managed ‘malware dropping’ service spotted in the wild

≪ Previous: One-stop-shop for spammers offers DKIM-verified SMTP servers, harvested email databases and training to potential customers

$

0

0

By Dancho Danchev Apple Store users, beware! A currently ongoing malicious spam campaign is attempting to trick users into thinking that they’ve successfully received a legitimate ‘Gift Card’ worth $200. What’s particularly interesting about this campaign is that the cybercriminal(s) behind it are mixing the infection vectors by relying on both a malicious attachment and […]

Newly launched managed ‘malware dropping’ service spotted in the wild

August 12, 2013, 12:00 am

≫ Next: Cybercrime-friendly underground traffic exchange helps facilitate fraudulent and malicious activity

≪ Previous: Fake ‘Apple Store Gift Card’ themed emails serve client-side exploits and malware

$

0

0

By Dancho Danchev Among the most common misconceptions about the way a novice cybercriminal would approach his potential victims has to do with the practice of having him looking for a ‘seed’ population to infect, so that he can then use the initially infected users as platform to scale his campaign. In reality though, that used […]

Cybercrime-friendly underground traffic exchange helps facilitate fraudulent and malicious activity

August 13, 2013, 12:00 am

≫ Next: From Vietnam with tens of millions of harvested emails, spam-ready SMTP servers and DIY spamming tools

≪ Previous: Newly launched managed ‘malware dropping’ service spotted in the wild

$

0

0

By Dancho Danchev Throughout the last couple of years, the persistent demand for geolocated traffic coming from both legitimate traffic exchanges or purely malicious ones — think traffic acquisition through illegally embedded iFrames — has been contributing to the growing market segment where traffic is bought, sold and re-sold, for the sole purpose of monetizing […]

From Vietnam with tens of millions of harvested emails, spam-ready SMTP servers and DIY spamming tools

August 14, 2013, 12:00 am

≫ Next: DIY Craigslist email collecting tools empower spammers with access to fresh/valid email addresses

≪ Previous: Cybercrime-friendly underground traffic exchange helps facilitate fraudulent and malicious activity

$

0

0

By Dancho Danchev How would a cybercriminal differentiate his unique value proposition (UVP) in order to attract new customers wanting to purchase commoditized underground market items like, for instance, harvested and segmented email databases? He’d impress them with comprehensiveness and ‘vertically integrated’ products and services. At least that’s what the cybercriminals behind the cybercrime-friendly market proposition […]

DIY Craigslist email collecting tools empower spammers with access to fresh/valid email addresses

August 15, 2013, 8:00 am

≫ Next: Bulletproof TDS/Doorways/Pharma/Spam/Warez hosting service operates in the open since 2009

≪ Previous: From Vietnam with tens of millions of harvested emails, spam-ready SMTP servers and DIY spamming tools

$

0

0

By Dancho Danchev In need of a good reason to start using Craigslist ‘real email anonymization’ option? We’re about to give you a pretty good one. For years, the popular classified Web site has been under fire from spammers using DIY email collecting tools, allowing them to easily obtain fresh and valid emails to later be abused in fraudulent/malicious campaigns. […]

Bulletproof TDS/Doorways/Pharma/Spam/Warez hosting service operates in the open since 2009

August 16, 2013, 12:00 am

≫ Next: DIY automatic cybercrime-friendly ‘redirectors generating’ service spotted in the wild

≪ Previous: DIY Craigslist email collecting tools empower spammers with access to fresh/valid email addresses

$

0

0

By Dancho Danchev Operating in the open since 2009, a bulletproof hosting provider continues offering services for white, grey, and black projects, as they like to describe them, and has been directly contributing to the epidemic growth of cybercrime to the present day through its cybercriminal-friendly services. From Traffic Distribution Systems (TDS), to doorways, pharmaceutical scams, spam domains and warez, […]

---

DIY automatic cybercrime-friendly ‘redirectors generating’ service spotted in the wild

August 19, 2013, 12:00 am

≫ Next: [Video] ThreatVlog, Episode 1: Tor and Apple exploits revealed

≪ Previous: Bulletproof TDS/Doorways/Pharma/Spam/Warez hosting service operates in the open since 2009

$

0

0

By Dancho Danchev Redirectors are a popular tactic used by cybercriminal on their way to trick Web filtering solutions. And just as we’ve seen in virtually ever segment of the underground marketplace, demand always meets supply. A newly launched, DIY ‘redirectors’ generating service, aims to make it easier for cybercriminals to hide the true intentions […]

[Video] ThreatVlog, Episode 1: Tor and Apple exploits revealed

August 20, 2013, 1:01 pm

≫ Next: [Video] ThreatVlog, Episode 2: Keyloggers and your privacy

≪ Previous: DIY automatic cybercrime-friendly ‘redirectors generating’ service spotted in the wild

$

0

0

What is Tor? Is it really secure? What about the Apple App Store approval process? Are all these applications really looked at? In today’s episode, Grayson Milbourne covers the exploitation of the Tor network through Firefox and a proof of concept showing just how insecure Apple app testing can be.

[Video] ThreatVlog, Episode 2: Keyloggers and your privacy

August 26, 2013, 9:50 am

≫ Next: Cybercriminals offer spam-ready SMTP servers for rent/direct managed purchase

≪ Previous: [Video] ThreatVlog, Episode 1: Tor and Apple exploits revealed

$

0

0

Commercial and black hat keyloggers can infect any device, from your PC at home to the phone in your hand.  What exactly are these programs trying to steal?  How can this data be used harmfully against you?  And what can you do to protect all your data and devices from this malicious data gathering?  In […]

Cybercriminals offer spam-ready SMTP servers for rent/direct managed purchase

August 28, 2013, 12:00 am

≫ Next: Cybercrime-friendly underground traffic exchanges help facilitate fraudulent and malicious activity – part two

≪ Previous: [Video] ThreatVlog, Episode 2: Keyloggers and your privacy

$

0

0

By Dancho Danchev We continue to observe an increase in underground market propositions for spam-ready bulletproof SMTP servers, with the cybercriminals behind them trying to differentiate their unique value proposition (UVP) in an attempt to attract more customers. Let’s profile the underground market propositions of what appears to be a novice cybercriminal offering such spam-ready […]

Cybercrime-friendly underground traffic exchanges help facilitate fraudulent and malicious activity – part two

August 29, 2013, 12:00 am

≫ Next: [Video] ThreatVlog, Episode 1: Tor and Apple exploits revealed

≪ Previous: Cybercriminals offer spam-ready SMTP servers for rent/direct managed purchase

$

0

0

By Dancho Danchev The list of monetization tactics a cybercriminal can take advantage of, once they manage to hijack a huge portion of Web traffic, is virtually limitless and is entirely based on his experience within the cybercrime ecosystem. Through the utilization of blackhat SEO (search engine optimization), RFI (Remote File Inclusion), DNS cache poisoning, or […]