Are you the publisher? Claim or contact us about this channel


Embed this content in your HTML

Search

Report adult content:

click to rate:

Account: (login)

More Channels


Showcase


Channel Catalog


Channel Description:

Internet security threat updates and insights.

older | 1 | .... | 14 | 15 | (Page 16) | 17 | 18 | .... | 40 | newer

    0 0

    Throughout the years, cybercriminals have been perfecting the process of automatically abusing Web application vulnerabilities to achieve their fraudulent and malicious objectives. From the utilization of botnets and search engines to perform active reconnaissance, the general availability of DIY mass SQL injecting tools as well as proprietary malicious script injecting exploitation platforms, the results have been evident ever since in the form of tens of thousands of affected Web sites on a daily basis. We’ve recently spotted a publicly released, early stage Python source code for a Bing based SQL injection scanner based on Bing “dorks”. What’s the potential of this tool to […]

    The post Cybercriminals experiment with Android compatible, Python-based SQL injecting releases appeared first on Webroot Threat Blog.


    0 0

    In a series of blog posts, we’ve highlighted the ongoing commoditization of hacked/compromised/stolen account data (user names and passwords), the direct result of today’s efficiency-oriented cybercrime ecosystem, the increasing availability of sophisticated commercial/leaked DIY undetectable malware generating tools, malware-infected hosts as a service, log files on demand services, as well as basic data mining concepts applied on behalf of the operator of a particular botnet. What are cybercriminals up to these days in terms of obtaining such type of data? Monetization through penetration pricing on their way to achieve stolen asset liquidity, so hosts can be sold before its owner becomes […]

    The post Newly launched E-shop offers access to hundreds of thousands of compromised accounts appeared first on Webroot Threat Blog.


    0 0

    Among the most common misconceptions regarding the exploitation (hacking) of Web sites, is that no one would exclusively target *your* Web site, given that the there are so many high profile Web sites to hack into. In reality though, thanks to the public/commercial availability of tools relying on the exploitation of remote Web application vulnerabilities, the insecurely configured Web sites/forums/blogs, as well as the millions of malware-infected hosts internationally, virtually every Web site that’s online automatically becomes a potential target. They also act as a driving force the ongoing data mining to accounting data to be later on added to some […]

    The post Google-dorks based mass Web site hacking/SQL injecting tool helps facilitate malicious online activity appeared first on Webroot Threat Blog.


    0 0

    Whenever a user gets socially engineered, they unknowingly undermine the confidentiality and integrity of their system, as well as any proactive protection they have in place, in exchange for quick gratification or whatever it is they are seeking. This is exactly how unethical companies entice unsuspecting victims to download their new “unheard of” applications. They promise users the moon, and only ask in return that users install a basic free application. Case in point, our sensors picked up yet another deceptive ad campaign that entices users into installing privacy violating applications, most commonly known as PUAs or Potentially Unwanted Applications. […]

    The post Deceptive ads lead to the SpyAlertApp PUA (Potentially Unwanted Application) appeared first on Webroot Threat Blog.


    0 0

    From Bitcoin accepting services offering access to compromised malware infected hosts and vertical integration to occupy a larger market share, to services charging based on malware executions, we’ve seen multiple attempts by novice cybercriminals to introduce unique value propositions (UVP). These are centered on differentiating their offering in an over-supplied cybercrime-friendly market segment. And that’s just for starters. A newly launched service is offering access to malware infecting hosts, DDoS for hire/on demand, as well as crypting malware before the campaign is launched. All in an effort to differentiate its unique value proposition not only by vertically integrating, but also emphasizing […]

    The post Cybercriminals differentiate their ‘access to compromised PCs’ service proposition, emphasize on the prevalence of ‘female bot slaves’ appeared first on Webroot Threat Blog.


    0 0

    In a series of blog posts, we’ve highlighted the emergence of easy to use, publicly obtainable, cracked or leaked, DIY (Do It Yourself) DDoS (Distributed Denial of Service) attack tools. These services empower novice cybercriminals with easy to use tools, enabling them to monetize in the form of ‘vendor’ type propositions for DDoS for hire services. Not surprisingly, we continue to observe the growth of this emerging (international) market segment, with its participants continuing to professionalize, while pitching their services to virtually anyone who’s willing to pay for them. However, among the most common differences between the international underground marketplace and, for […]

    The post New vendor of ‘professional DDoS for hire service’ spotted in the wild appeared first on Webroot Threat Blog.


    0 0

    In a professional cybercrime ecosystem, largely resembling that of a legitimate economy, market participants constantly strive to optimize their campaigns, achieve stolen assets liquidity, and most importantly, aim to reach a degree of efficiency that would help them gain market share. Thus, help them secure multiple revenue streams. Despite the increased transparency on the Russian/Easter European underground market — largely thanks to improved social networking courtesy of the reputation-aware cybercriminals wanting to establish themselves as serious vendors — certain newly joining vendors continue being a victim of their market-irrelevant ‘biased exclusiveness’ in terms of the unique value propositon (UVP) presented […]

    The post Source code for proprietary spam bot offered for sale, acts as force multiplier for cybercrime-friendly activity appeared first on Webroot Threat Blog.


    0 0

    We’ve intercepted a currently trending malicious iframe campaign, affecting hundreds of legitimate Web sites, that’s interestingly part of the very same infrastructure from May, 2013′s analysis of the compromise of an Indian government Web site. The good news? Not only have we got you proactively covered, but also, the iframe domain is currently redirecting to a client-side exploit serving URL that’s offline. Let’s provide some actionable intelligence on the malicious activity that is known to have originated from the same iframe campaign in the past month, indicating that the cybercriminal(s) behind it are actively multi-tasking on multiple fronts. iframe URL: karenbrowntx.com […]

    The post Low Quality Assurance (QA) iframe campaign linked to May’s Indian government Web site compromise spotted in the wild appeared first on Webroot Threat Blog.


    0 0

    A typical campaign attempting to trick users into installing Potentially Unwanted Software (PUA), would usually consist of a single social engineering vector, which on the majority of cases would represent something in the lines of a catchy “Play Now/Missing Video Plugin” type of advertisement. Not the one we’ll discuss in this blog post. Relying on deceptive “visual social engineering” practices, a popular French torrent portal is knowingly — the actual directory structure explicitly says /fakeplayer — enticing users into installing the BubbleDock/Downware/DownloadWare PUA. What kind of social engineering tactics is the portal relying on? Let’s find out. Sample screenshot of […]

    The post Popular French torrent portal tricks users into installing the BubbleDock/Downware/DownloadWare PUA (Potentially Unwanted Application) appeared first on Webroot Threat Blog.


    0 0

    Our sensors just picked up an interesting Web site infection that’s primarily targeting Brazilian users. It appears that the Web site of the Brazilian Jaqueira prefecture has been compromised, and is exposing users to a localized (to Portuguese) Web page enticing them into installing a malicious version of Adobe’s Flash player. Not surprisingly, we’ve also managed to identify approximately 63 more Brazilian Web sites that are victims to the same infection. Sample screenshot of the landing page serving the localized Adobe Flash Player: Sample screenshot of the embedded redirector at a sample compromised Web site: Sample affected Web site: jaqueira.pe.gov.br […]

    The post Web site of Brazilian ‘Prefeitura Municipal de Jaqueira’ compromised, leads to fake Adobe Flash player appeared first on Webroot Threat Blog.


    0 0

    Sharing is caring. In this post, I’ll put the spotlight on a currently circulating, massive — thousands of sites affected — malicious iframe campaign, that attempts to drop malicious software on the hosts of unaware Web site visitors through a cocktail of client-side exploits. The campaign, featuring a variety of evasive tactics making it harder to analyze, continues to efficiently pop up on thousands of legitimate Web sites. Ultimately hijacking the legitimate traffic hitting them and  successfully undermining the confidentiality and integrity of the affected users’ hosts. Sample redirection chains: hxxp://www.cibonline.org/cache/mod_poll/7c7478fde2f89a23.php -> hxxp://www.haphuongfoundation.net/vietnam/language/pdf_fonts/www/all2.php -> hxxp://www.profili-benton.si/templates/beez/1.php -> hxxp://www3.omq97dncl0enuzc91.4pu.com -> hxxp://find-and-go.com/?uid=11245&isRedirected=1 -> hxxp://5.199.169.39/piwik/piwik.php?idsite=6 […]

    The post Malicious multi-hop iframe campaign affects thousands of Web sites, leads to a cocktail of client-side exploits appeared first on Webroot Threat Blog.


    0 0

    Telephony Denial of Service Attacks (TDoS) continue representing a growing market segment within the Russian/Eastern European underground market, with more vendors populating it with propositions for products and services aiming to disrupt the phone communications of prospective victims. From purely malicious in-house infrastructure — dozens of USB hubs with 3G USB modems using fraudulently obtained, non-attributable SIM cards — abuse of legitimate infrastructure, like Skype, ICQ, a mobile carrier’s legitimate service functionality, or compromised accounts of SIP account owners, the market continues growing to the point where even Distributed Denial of Service Attack (DDoS) providers start ‘vertically integrating’. A new, […]

    The post Vendor of TDoS products/services releases new multi-threaded SIP-based TDoS tool appeared first on Webroot Threat Blog.


    0 0

    Cybercriminals are currently mass mailing tens of thousands of malicious emails, supposedly including a photo attachment that’s been “Sent from an iPhone”. The social engineering driven spam campaign is, however, the latest attempt by a cybercriminal/group of cybercriminals that we’ve been monitor for a while, to attempt to trick gullible users into unknowingly joining the botnet operated by the malicious actor(s) behind the campaign. Detection rate for the spamvertised attachment: MD5: 46e077f058f5a6eddee3c851f8e56838 – detected by 36 out of 47 antivirus scanners as Trojan.Win32.Neurevt.jl; Trojan:Win32/Neurevt.A. Once executed, the sample creates the following Registry Keys on the affected hosts: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File […]

    The post Cybercriminals spamvertise tens of thousands of fake ‘Sent from my iPhone’ themed emails, expose users to malware appeared first on Webroot Threat Blog.


    0 0

    Want to file for mileage reimbursement through a STD-261 form? You may want to skip the tens of thousands of malicious emails currently in circulation, attempting to trick users into executing the malicious attachment. Once downloaded, your PC automatically joins the botnet operated by the cybercriminal(s) behind the campaign, undermining the confidentiality and integrity of the host. Sample screenshot of the spamvertised email: Detection rate for the spamvertised attachment: MD5: 3aaa04b0762d8336379b8adedad5846b – detected by 21 out of 47 antivirus scanners as Trojan.Win32.Bublik.bkri; TrojanDownloader:Win32/Upatre.A. Once executed, the sample starts listening on ports 8412 and 3495. It also creates the following Mutexes: Local\{B0B9FAFD-CA9C-4B54-DBC9-BE58FA349D4A} […]

    The post Fake ‘Annual Form (STD-261) – Authorization to Use Privately Owned Vehicle on State Business’ themed emails lead to malware appeared first on Webroot Threat Blog.


    0 0

    In need of a good reason to immediately improve the strength of your Origin password, in case you don’t want to lose access to your inventory of games, as well as your gaming reputation? We’re about to give you a pretty good one. A newly released proxy-supporting Origin brute-forcing tool is not just efficiency verifying an end user’s understanding of basic security practices, but also, has built-in option for parsing an affected user’s inventory of games, as well as related gaming information. Why would a cybercriminal want to gain access to someone’s gaming account in the first place, besides the […]

    The post ‘Newly released proxy-supporting Origin brute-forcing tools targets users with weak passwords’ appeared first on Webroot Threat Blog.


    0 0

    We’ve just intercepted a currently circulating malicious spam campaign impersonating WhatsApp — yet again — in an attempt to trick its users into thinking that they’ve received a voice mail. Once socially engineered users execute the malicious attachment found in the fake emails, their PCs automatically join the botnet operated by the cybercriminal(s) behind the campaign. Sample screenshot of the spamvertised malicious email: Detection rate for the spamvertised attachment: MD5: 41ca9645233648b3d59cb52e08a4e22a – detected by 10 out of 47 antivirus scanners as TrojanDownloader:Win32/Kuluoz.D. Once executed, it phones back to: hxxp://103.4.18.215:8080/460326245047F2B6E405E92260B09AA0E35D7CA2B1 70.32.79.44 84.94.187.245 172.245.44.180 103.4.18.215 172.245.44.2 We’re also aware of the following […]

    The post Fake WhatsApp ‘Voice Message Notification’ themed emails expose users to malware appeared first on Webroot Threat Blog.


    0 0

    HSBC customers, watch what you execute on your PCs. A circulating malicious spam campaign attempts to socially engineer you into thinking that you’ve received a legitimate ‘payment e-Advice’. In reality, once you execute the attachment, your PC automatically joins the botnet operated by the cybercriminal(s) behind the campaign. Sample screenshot of the spamvertised email: Detection rate for the spamvertised attachment: MD5: 2fbf89a24a43e848b581520d8a1fab27 – detected by 24 out of 47 antivirus scanners as Trojan.Win32.Bublik.blgc. Once executed, the sample starts listening on ports 3670 and 6652. It creates the following Mutexes on the affected hosts: Local\{B0B9FAFD-CA9C-4B54-DBC9-BE58FA349D4A} Local\{B0B9FAFC-CA9D-4B54-DBC9-BE58FA349D4A} Local\{D15F4CEE-7C8F-2AB2-DBC9-BE58FA349D4A} Local\{D15F4CE9-7C88-2AB2-DBC9-BE58FA349D4A} Local\{0BB5ADEF-9D8E-F058-DBC9-BE58FA349D4A} Local\{911F9FCD-AFAC-6AF2-DBC9-BE58FA349D4A} Global\{2E06BA86-8AE7-D5EB-DBC9-BE58FA349D4A} […]

    The post Cybercriminals impersonate HSBC through fake ‘payment e-Advice’ themed emails, expose users to malware appeared first on Webroot Threat Blog.


    0 0

    In this edition of the Webroot ThreatVlog, Grayson Milbourne talks about ways to keep your mobile device secure from the physical aspect. As our lives become more and more mobile focused, with an increasing amount of private information being stored on tablets and phones, it is always smart to remain vigilant to possible security breaches direct into the phone.

    The post ThreatVlog Episode 10: Mobile security tips appeared first on Webroot Threat Blog.


    0 0

    Over the last two months, we’ve been closely monitoring — and proactively protecting from — the malicious campaigns launched by cybercriminals who are no strangers to the concept of social engineering topic rotation. Their purpose is to extend a campaign’s life cycle, or to generally increase a botnet’s infected population by spamming out tens of thousands of fake emails, exposing users to malicious software. The most recent campaign launched by the same cybercriminal(s), is once again impersonating T-Mobile U.K in an attempt to trick mobile users into thinking that they’ve received a legitimate MMS Gallery notification. In reality though, once the […]

    The post Fake ‘MMS Gallery’ notifications impersonate T-Mobile U.K, expose users to malware appeared first on Webroot Threat Blog.


    0 0

    Recently we heard of a rogue fake antivirus that takes screenshots and webcam images in an attempt to further scare you into succumbing to it’s scam. We gathered a sample and sure enough, given some time it will indeed use the webcam and take a picture of what’s in front of the camera at that time. This variant is called “Antivirus Security Pro” and it’s as nasty as you can get. The rogue locks down any of the Advanced Boot Options: Safe Mode, Safe mode with Networking, Safe mode with Command prompt, directory services restore mode, ect. As soon as […]

    The post Rogue antivirus that takes webcam pictures of you appeared first on Webroot Threat Blog.


older | 1 | .... | 14 | 15 | (Page 16) | 17 | 18 | .... | 40 | newer