French Android Users Hit again by SMS Trojan

August 21, 2012, 9:40 am

≫ Next: Cybercriminals spamvertise bogus greeting cards, serve exploits and malware

≪ Previous: IRS themed spam campaign leads to Black Hole exploit kit

$

0

0

By Nathan Collier Earlier this year, the SMS Trojan Foncy was discovered targeting French-speaking Android Users. Now, we’ve come across a new Trojan targeting them using a similar SMS scam.  The app pretends to be an app called BlackMart Alpha, which is already a little shady since it’s used to download apps that may otherwise [...]

---

Cybercriminals spamvertise bogus greeting cards, serve exploits and malware

August 21, 2012, 2:14 pm

≫ Next: Beware of Fake Adobe Flash Apps

≪ Previous: French Android Users Hit again by SMS Trojan

$

0

0

By Dancho Danchev Think you’ve received an online greeting card from 123greetings.com? Think twice! Over the past couple of days, cybercriminals have spamvertised millions of emails impersonating the popular e-card service 123greetings.com in an attempt to trick end and corporate users into clicking on client-side exploits and malware serving links, courtesy of the Black Hole [...]

Beware of Fake Adobe Flash Apps

August 23, 2012, 12:15 pm

≫ Next: Spamvertised ‘Federal Tax Payment Rejected’ themed emails lead to Black Hole exploit kit

≪ Previous: Cybercriminals spamvertise bogus greeting cards, serve exploits and malware

$

0

0

By Joe McManus Last week Adobe announced that they would no longer be supporting Flash for Android. Adobe will be removing Flash from the Android Marketplace and users should be wary of fake Flash apps for their Android Devices.  Now to be fair to Adobe, they are not taking flash away from the Android platform [...]

Spamvertised ‘Federal Tax Payment Rejected’ themed emails lead to Black Hole exploit kit

August 24, 2012, 10:30 am

≫ Next: Spamvertised ‘Fwd: Scan from a Hewlett-Packard ScanJet’ emails lead to Black Hole exploit kit

≪ Previous: Beware of Fake Adobe Flash Apps

$

0

0

By Dancho Danchev Remember the IRS (Internal Revenue Service) themed malicious campaign profiled at Webroot’s Threat Blog earlier this month? Over the past 24 hours, the cybercriminals behind the campaign resumed mass mailing of the same IRS email template, exposing millions of users to the threats posed by the social engineering driven campaign. More details: [...]

Spamvertised ‘Fwd: Scan from a Hewlett-Packard ScanJet’ emails lead to Black Hole exploit kit

August 27, 2012, 12:00 am

≫ Next: Spamvertised ‘Royal Mail Shipping Advisory’ themed emails serve malware

≪ Previous: Spamvertised ‘Federal Tax Payment Rejected’ themed emails lead to Black Hole exploit kit

$

0

0

By Dancho Danchev Over the last couple of hours, cybercriminals have started spamvertising millions of emails pretending to be coming from HP ScanJet scanner, in an attempt to trick end and and corporate users into downloading and viewing the malicious .html attachment. Upon viewing, the document loads the invisible iFrame script, ultimately redirecting the user [...]

Spamvertised ‘Royal Mail Shipping Advisory’ themed emails serve malware

August 28, 2012, 12:00 am

≫ Next: Cybercriminals impersonate Intuit Market, mass mail millions of exploits and malware serving emails

≪ Previous: Spamvertised ‘Fwd: Scan from a Hewlett-Packard ScanJet’ emails lead to Black Hole exploit kit

$

0

0

By Dancho Danchev British users, beware! Cybercriminals are currently mass mailing millions of emails impersonating the Royal Mail Service in an attempt to trick users into executing the malicious attachment found in the email. Once they do so, the malware opens a backdoor on the targeted hosts allowing cybercriminals to take complete control over the [...]

Cybercriminals impersonate Intuit Market, mass mail millions of exploits and malware serving emails

August 29, 2012, 12:00 am

≫ Next: Cybercriminals spamvertise PayPay themed ‘Notification of payment received’ emails, serve malware

≪ Previous: Spamvertised ‘Royal Mail Shipping Advisory’ themed emails serve malware

$

0

0

By Dancho Danchev Over the past 24 hours, cybercriminals have spamvertised millions of emails impersonating Intuit Market, in an attempt to trick end and corporate users into clicking on the malicious links found in the emails. Upon clicking on them, users are exposed to the client-side exploits served by the Black Hole web malware exploitation [...]

Cybercriminals spamvertise PayPay themed ‘Notification of payment received’ emails, serve malware

August 30, 2012, 12:00 am

≫ Next: Cybercriminals impersonate UPS, serve malware

≪ Previous: Cybercriminals impersonate Intuit Market, mass mail millions of exploits and malware serving emails

$

0

0

By Dancho Danchev Cybercriminals are currently spamvertising millions of emails impersonating PayPal, in an attempt to trick PayPal users into executing the malicious attachment found in the emails. Using ‘Notification of payment received‘ subjects, the campaign is relying on the end user’s gullibility in an attempt to infect them with malware. Once executed, it grants [...]

---

Cybercriminals impersonate UPS, serve malware

August 31, 2012, 12:00 am

≫ Next: Spamvertised ‘Wire Transfer Confirmation’ themed emails lead to Black Hole exploit kit

≪ Previous: Cybercriminals spamvertise PayPay themed ‘Notification of payment received’ emails, serve malware

$

0

0

By Dancho Danchev Cybercriminals are currently mass mailing millions of emails impersonating the United Parcel Service (UPS) in an attempt to trick users into downloading and executing the malicious file hosted on a compromised web site. More details: Sample screenshot of the spamvertised email: Spamvertised URL: hxxp://buzzstar.co.uk/JUVNEFNQVI.htm Actual download location of the malicious archive: hxxp://buzzstar.co.uk/Label_Copy_UPS.zip [...]

Spamvertised ‘Wire Transfer Confirmation’ themed emails lead to Black Hole exploit kit

September 4, 2012, 12:00 am

≫ Next: Intuit themed ‘QuickBooks Update: Urgent’ emails lead to Black Hole exploit kit

≪ Previous: Cybercriminals impersonate UPS, serve malware

$

0

0

By Dancho Danchev Over the past 24 hours, cybercriminals started spamvertising millions of emails impersonating the United Parcel Service (UPS) in an attempt to trick end and corporate users into previewing a malicious .html attachment. Upon previewing it, a tiny iFrame attempts to contact a client-side exploits serving a landing URL, courtesy of the Black [...]

Intuit themed ‘QuickBooks Update: Urgent’ emails lead to Black Hole exploit kit

September 5, 2012, 10:04 am

≫ Next: Cybercriminals resume spamvertising bogus greeeting cards, serve exploits and malware

≪ Previous: Spamvertised ‘Wire Transfer Confirmation’ themed emails lead to Black Hole exploit kit

$

0

0

By Dancho Danchev It didn’t take long before the cybercriminals behind the recently profiled ‘Intuit Marketplace’ themed campaign resume impersonating Intuit, with a newly launched round consisting of millions of Intuit themed emails. The theme this time? Convincing users that in order to access QuickBooks they would have to install the non-existent Intuit Security Tool. [...]

Cybercriminals resume spamvertising bogus greeeting cards, serve exploits and malware

September 6, 2012, 12:00 am

≫ Next: Cybercriminals abuse Skype’s SMS sending feature, release DIY SMS flooders

≪ Previous: Intuit themed ‘QuickBooks Update: Urgent’ emails lead to Black Hole exploit kit

$

0

0

By Dancho Danchev Remember the recently profiled 123greetings.com themed malicious campaign? It appears that over the past 24 hours, the cybercriminals behind it have resumed spamvertising millions of emails pointing to additional compromised URls in a clear attempt to improve their click-through rates. More details: Sample screenshot of the spamvertised email: Sample screenshot of the [...]

Cybercriminals abuse Skype’s SMS sending feature, release DIY SMS flooders

September 7, 2012, 12:00 am

≫ Next: New Russian service sells access to thousands of automatically registered accounts

≪ Previous: Cybercriminals resume spamvertising bogus greeeting cards, serve exploits and malware

$

0

0

By Dancho Danchev Cybercriminals are masters of abusing legitimate infrastructure for their malicious purposes. From phishing sites and Black Hole exploit kit landing URLs hosted on compromised servers, abuse of legitimate web email service providers’ trusted DKIM verified ecosystem, to the systematic release of DIY spamming tools utilizing a publicly obtainable database of user names [...]

New Russian service sells access to thousands of automatically registered accounts

September 10, 2012, 12:00 am

≫ Next: A Primer for Secure Coding in PHP and MySQL

≪ Previous: Cybercriminals abuse Skype’s SMS sending feature, release DIY SMS flooders

$

0

0

By Dancho Danchev What happens when a cybercriminal cannot efficiently gain access to thousands of working accounts at popular Web services, either through data mining a botnet’s population, or through phishing campaigns? He’ll just start systematically abusing the legitimate services by automatically and efficiently registering thousands of bogus accounts, thanks to the easy to use [...]

A Primer for Secure Coding in PHP and MySQL

September 13, 2012, 9:24 am

≫ Next: Wirenet: The Password-Stealing Trojan Lands on Linux and OS X

≪ Previous: New Russian service sells access to thousands of automatically registered accounts

$

0

0

PHP is an incredibly popular language for creating dynamic web applications — websites such as Facebook are built on it. This can be attributed to many reasons; it is easy to learn, easy to install and does not require the user to compile code. An unfortunate side effect of the ease of development with PHP [...]

---

Wirenet: The Password-Stealing Trojan Lands on Linux and OS X

September 14, 2012, 12:00 am

≫ Next: Spamvertised ‘Your Fedex invoice is ready to be paid now’ themed emails lead to Black Hole Exploit kit

≪ Previous: A Primer for Secure Coding in PHP and MySQL

$

0

0

No matter what people think about it, the increasing exposure of Linux and OS X to malicious code is strictly related to the worldwide exposure of those operating systems on desktops and laptops. In the last couple of years, more and more home users decided to switch to Linux (e.g. Ubuntu Linux, just to name [...]

Spamvertised ‘Your Fedex invoice is ready to be paid now’ themed emails lead to Black Hole Exploit kit

September 14, 2012, 9:16 am

≫ Next: New Russian DIY SMS flooder using ICQ’s SMS sending feature spotted in the wild

≪ Previous: Wirenet: The Password-Stealing Trojan Lands on Linux and OS X

$

0

0

By Dancho Danchev Over the past 24 hours, cybercriminals have launched yet another massive spam run, this time impersonating FedEx in an attempt to trick its customers into clicking on a malware and exploits-serving URL found in the malicious email. More details: Screenshot of the spamvertised email: Screenshot of a sample Java script obfuscation: Sample [...]

New Russian DIY SMS flooder using ICQ’s SMS sending feature spotted in the wild

September 17, 2012, 12:00 am

≫ Next: Spamvertised ‘US Airways reservation confirmation’ themed emails serve exploits and malware

≪ Previous: Spamvertised ‘Your Fedex invoice is ready to be paid now’ themed emails lead to Black Hole Exploit kit

$

0

0

By Dancho Danchev In order to emphasize on the growing trend of cybercriminals abusing legitimate infrastructure for their malicious purposes, last week, I profiled a DIY SMS flooder using Skype’s SMS-sending capability to launch a DoS (denial of service attack) against a user’s mobile device. This week, I’ll continue providing factual evidence for the emergence [...]

Spamvertised ‘US Airways reservation confirmation’ themed emails serve exploits and malware

September 18, 2012, 12:00 am

≫ Next: A New Zero-Day Vulnerability in Internet Explorer

≪ Previous: New Russian DIY SMS flooder using ICQ’s SMS sending feature spotted in the wild

$

0

0

By Dancho Danchev Cybercriminals are currently spamvertising millions of emails impersonating U.S Airways, in an attempt to trick users into clicking on the malicious links found in the legitimately looking emails. Let’s dissect the malicious campaign, and expose its dynamics. More details: Sample screenshot of the spamvertised US Airways themed email: Spamvertised compromised URL: hxxp://raintree.on.ca/depdetails.html [...]

A New Zero-Day Vulnerability in Internet Explorer

September 18, 2012, 4:35 pm

≫ Next: Cybercriminals impersonate FDIC, serve client-side exploits and malware

≪ Previous: Spamvertised ‘US Airways reservation confirmation’ themed emails serve exploits and malware

$

0

0

By Brenden Vaughan A new zero-day vulnerability exploit has been identified in Microsoft’s Internet Explorer web browser versions 9 and below running on Windows XP, Vista and 7. Internet Explorer 10, which comes bundled with Windows 8, is not affected. The exploit could allow remote execution of malicious code from compromised websites. Referred to as [...]