Are you the publisher? Claim or contact us about this channel


Embed this content in your HTML

Search

Report adult content:

click to rate:

Account: (login)

More Channels


Showcase


Channel Catalog


Channel Description:

Internet security threat updates and insights.

older | 1 | .... | 18 | 19 | (Page 20) | 21 | 22 | .... | 40 | newer

    0 0

    Deceptive vendors of PUAs (Potentially Unwanted Applications) continue relying on a multitude of traffic acquisition tactics, which in combination with the ubiquitous for the market segment ‘visual social engineering‘, continue tricking tens of thousands of users into installing the privacy-violating applications. With the majority of PUA campaigns, utilizing legitimately looking Web sites, as well as deceptive EULAs (End User License Agreements), in 2014, the risk-forwarding practice for the actual privacy-violation, continues getting forwarded to the socially engineered end user. We’ve recently intercepted a rogue portfolio consisting of hundreds of thousands of blackhat SEO friendly, legitimate applications, successfully exposing users to the Sevas-S PUA, through a […]

    The post Legitimate software apps impersonated in a blackhat SEO-friendly PUA (Potentially Unwanted Application) serving campaign appeared first on Webroot Threat Blog.


    0 0

    Recently we’ve seen a big change in the encrypting ransomware family and we’re going to shed light on some of the newest variants and the stages of evolution that have led the high profile malware to where it is today. For those that aren’t aware of what encrypting ransomware is, its a cryptovirus that encrypts all your data from local hard drives, network shared drives, removable hard drives and USB. The encryption is done using an RSA -2048 asymmetric public key which makes decryption without the key impossible. Paying the ransom will net you the key which in turn leads to getting […]

    The post Evolution of Encrypting Ransomware appeared first on Webroot Threat Blog.


    0 0

    With millions of Android users continuing to acquire new apps through Google Play, cybercriminals continue looking for efficient and profitable ways to infiltrate Android’s marketplace using a variety of TTPs (tactics, techniques and procedures). Largely relying on the ubiquitous for the cybercrime ecosystem, affiliate network based revenue sharing scheme, segmented cybercrime-friendly underground traffic exchanges, as well as mass and efficient compromise of legitimate Web sites, for the purpose of hijacking legitimate traffic, the market segment for Android malware continues flourishing. We’ve recently spotted, yet another, commercially available DIY cybercrime-friendly (legitimate) APK injecting/decompiling app. The tool is capable of facilitating premium-rate SMS fraud on […]

    The post DIY cybercrime-friendly (legitimate) APK injecting/decompiling app spotted in the wild appeared first on Webroot Threat Blog.


    0 0

    Recently, a new Android threat named Android.Koler has begun popping up in the news.  According to an article by ARS Technica, it reacts similar to other pieces of ransomware often found on Windows machines.  A popup will appear and state “Your Android phone viewed illegal porn. To unlock it, pay a $300 fine”.  This nasty little piece of malware is infecting people who visit certain adult websites on their phone. The site claims you need to install a video player to view the adult content. Although I can’t say for sure since I haven’t seen the malicious sites, I’m guessing […]

    The post Android.Koler – Android based ransomware appeared first on Webroot Threat Blog.


    0 0

    In a cybercrime ecosystem, dominated by client-side exploits serving Web malware exploitation kits, cybercriminals continue relying on good old fashioned social engineering tricks in an attempt to trick gullible end users into knowingly/unknowingly installing malware. In a series of blog posts, we’ve been highlighting the existence of DIY (do-it-yourself), social engineering driven, Java drive-by type of Web based platforms, further enhancing the current efficient state of social engineering driven campaigns. Let’s take a peek inside yet another Web based DIY Java applet distribution platform, discuss its features, and directly connect to the Rodecap botnet, whose connections with related malicious campaigns have been established in several previously […]

    The post Malicious DIY Java applet distribution platforms going mainstream – part two appeared first on Webroot Threat Blog.


    0 0

    On Monday, an executive at Symantec declared “AV is dead.” He went on to repeat to several media outlets that protecting customers on their PC and Mac computers had become an impossible battle that they were ready to concede. He indicated that Symantec desktop AV products are only able to stop viruses and malware about 45% of the time. Based on this analysis, what the exec was really saying was “Symantec AV is dead!” What really should have been communicated was that traditional signature-based AV protection does not work – the criminals have figured out how to get around it. […]

    The post Symantec’s “AV is Dead” Is Not News appeared first on Webroot Threat Blog.


    0 0

    Cybercriminals continue populating their botnets through the persistent spamvertising of tens of thousands of legitimately looking malicious emails, impersonating popular brands, in an attempt to trick socially engineered users into clicking on the malicious links found within the emails. We’ve recently intercepted an actively circulating spamvertised campaign which is impersonating HM’s Revenue & Customs Department and enticing users into clicking on the malware-serving links found in the emails. More details: Sample screenshot of the spamvertised email: Malicious URL redirection chain: hxxp://shotoku.ed.jp/attc.html -> hxxp://85.143.166.215/2p/p.exe Related malicious MD5s known to have been downloaded from the same IP (85.143.166.215): MD5: c1d33139ad48ff5bb58273396eea364b MD5: da9ce0b472be4568d5749ea6fc6d6099 MD5: 552b4880e0ab13784ab2c0ba06f4e1fd […]

    The post Spamvertised ‘Error in calculation of your tax’ themed emails lead to malware appeared first on Webroot Threat Blog.


    0 0

    Since the WSJ report was released, endpoint security solutions have received a lot of media attention. As many have started to ask “Is AV really dead?”, I felt it was a good idea to talk about it from my perspective. Let’s get this out of the way right off the bat: no, AV is not dead. However, what is dead, and has been for many years now, is the traditional, reactive AV protection approach that uses signature-based detection. Within the security industry, it is common knowledge that this approach to threat prevention doesn’t scale to address the tactics used by […]

    The post AV Isn’t Dead. It’s Evolving. appeared first on Webroot Threat Blog.


    0 0

    Cybercriminals continuing to systematically release DIY (do-it-yourself) cybercrime-friendly offerings in an effort to achieve a ‘malicious economies of scale’ type of fraudulent model which is a concept that directly intersects with our ‘Cybercrime Trends – 2013‘ observations. We’ve recently spotted yet another subscription-based, DIY keylogging based botnet/malware generating tool. Let’s take a peek inside its Web based interface, and expose the cybercrime-friendly infrastructure behind it. More details: Sample screenshots of the DIY keylogging platform: Next to the standard keylogging features, the botnet/malware generating tool also comes with DDoS functionality. What’s particularly interesting about this tool is that its primary hosting location exposes a cybercrime-friendly […]

    The post A peek inside a subscription-based DIY keylogging based type of botnet/malware generating tool appeared first on Webroot Threat Blog.


    0 0

    PayPal users, watch what you click on! We’ve recently intercepted a currently circulating malicious spamvertised campaign which is impersonating PayPal in an attempt to trick socially engineered end users into clicking on the malware-serving links found in the emails. More details:   Sample screenshot of the spamvertised email: Malicious URL redirection chain: hxxp://hoodflixxx.com/PP_det.html -> hxxp://62.76.43.78/p2p/PP_detalis_726716942049.pdf.exe Detection rate for a sample malware MD5: aa1762e9ba4b552421971ef2e4de9208 – detected by 2 out of 51 antivirus scanners as Spyware.Zbot.ED. Once executed, the sample starts listening on ports 9296, and 3198. It also drops the following malicious MD5: e8007be046dcc5b6f8e29d4d8233fd78 on the affected hosts. It then phones back to […]

    The post Spamvertised ‘Notification of payment received’ themed emails lead to malware appeared first on Webroot Threat Blog.


    0 0

    Relying on the systematic and persistent spamvertising of tens of thousands of fake emails, as well as the impersonation of popular brands for the purpose of socially engineering gullible users into downloading and executing malicious attachments found in these emails, cybercriminals continue populating their botnets. We’ve recently intercepted a currently circulating malicious campaign, impersonating JJ Black Consultancy. More details: Sample screenshot of the spamvertised email: Detection rate for a sampled malware: MD5: 57b83c8e86591dedd1f7a626bf97eff9 – detected by 3 out of 52 antivirus scanners as Win32/PSW.Fareit.E. Once executed, the sample starts listening on ports 5954, and 7489. It also drops the following malicious […]

    The post Malicious JJ Black Consultancy ‘Computer Support Services’ themed emails lead to malware appeared first on Webroot Threat Blog.


    0 0

    Cybercriminals continue diversifying their portfolios of standardized fraudulent services, in an attempt to efficiently monetize their malicious ‘know-how’, further contributing to the growth of the cybercrime ecosystem. In a series of blog posts highlighting the emergence of the boutique cybercrime-friendly E-shops, we’ve been emphasizing on the over-supply of compromised/stolen accounting data, efficiently aggregated through the TTPs (tactics, techniques and procedures) described in our “Cybercrime Trends – 2013” observations. We’ve recently spotted a newly launched all-in-one cybercrime-friendly E-shop, offering a diversified portfolio of managed/DIY services/products, exposing a malicious infrastructure worth keeping an eye on. Let’s take a peek inside the E-shop’s inventory […]

    The post A peek inside a newly launched all-in-one E-shop for cybercrime-friendly services appeared first on Webroot Threat Blog.


    0 0

    In a cybercrime ecosystem dominated by DIY (do-it-yourself) malware/botnet generating releases, populating multiple market segments on a systematic basis, cybercriminals continue seeking new ways to acquire and efficiently monetize fraudulently obtained accounting data, for the purpose of achieving a positive ROI (Return on Investment) on their fraudulent operations. In a series of blog posts, we’ve been detailing the existence of commercially available server-based malicious script/iframe injecting/embedding releases/platforms utilizing legitimate infrastructure for the purpose of hijacking legitimate traffic, ultimately infecting tens of thousands of legitimate users. We’ve recently spotted a long-run Web-based managed malicious/iframe injecting/embedding service relying on compromised accounting data for legitimate traffic acquisition […]

    The post Long run compromised accounting data based type of managed iframe-ing service spotted in the wild appeared first on Webroot Threat Blog.


    0 0

    Webroot, the market leader in cloud-based, real-time Internet threat detection, recently returned from the fifth annual Automation Nation in Orlando, hosted by LabTech Software.  Labtech, a robust remote monitoring and management (RMM) platform design and built for managed service providers, hosted the event at the Hilton Bonnet Creek from June 2nd through the 4th.  Hosting over 425 MSP partners and 600 attendees, the event has grown significantly since the previous years.  This was Webroot’s first time attending the conference, coming in as a Diamond Sponsor. Kicking off the event, Webroot CMO David Duncan helped present during the keynote with the […]

    The post Webroot returns from Automation Nation 2014 appeared first on Webroot Threat Blog.


    0 0

    Despite the prevalence of Web based client-side exploitation tools as the cybercrime ecosystem’s primary infection vector, in a series of blog posts, we’ve been emphasizing on the emergence of managed/hosted/DIY malicious Java applet generating tools/platforms, highlighting the existence of a growing market segment relying on ‘visual social engineering’ vectors for the purpose of tricking end users into executing malicious/rogue/fake Java applets, ultimately joining a cybercriminal’s botnet. We’ve recently spotted yet another Web based Java drive-by generating tool, and decided to take a peek inside the malicious infrastructure supporting it. Sample screenshot of the malicious Web-based Java drive-by generating tool: Among the tool’s […]

    The post Malicious Web-based Java applet generating tool spotted in the wild appeared first on Webroot Threat Blog.


    0 0

    Cybercriminals continue spamvertising tens of thousands of malicious emails on their way to socially engineer gullible end users, ultimately increasing their botnet’s infected population through the systematic and persistent rotation of popular brands. We’ve recently intercepted a currently circulating malicious campaign enticing users into executing the fake attachment. More details: Detection rate for a sampled malware: MD5: 8b54dedf5acc19a4e9060f0be384c74d – detected by 43 out of 54 antivirus scanners as Backdoor.Win32.Androm.elwa Once executed, the sample starts listening on port 30073. It then creates the following Mutexes on the affected hosts: Local\{6FC54A61-D264-7CF8-D58B-19468FF29DE4} Local\{21D28140-1945-32EF-D58B-19468FF29DE4} Local\{3C2F38F1-A0F4-2F12-D58B-19468FF29DE4} Global\{29B0195A-815F-3A8D-D58B-19468FF29DE4} Global\{1D55DC30-4435-0E68-D58B-19468FF29DE4} Global\{B9D945F4-DDF1-AAE4-1BA9-177341D093D1} Global\{B9D945F4-DDF1-AAE4-1FA9-177345D093D1} Global\{B9D945F4-DDF1-AAE4-7BA8-177321D193D1} Global\{B9D945F4-DDF1-AAE4-43AB-177319D293D1} Global\{B9D945F4-DDF1-AAE4-6BAB-177331D293D1} Global\{B9D945F4-DDF1-AAE4-87AB-1773DDD293D1} Global\{B9D945F4-DDF1-AAE4-B3AB-1773E9D293D1} […]

    The post Spamvertised ‘June invoice” themed emails lead to malware appeared first on Webroot Threat Blog.


    0 0

    Webroot, the market leader in cloud-based, real-time Internet threat detection, recently returned from the 18th annual Electronic Entertainment Expo, or E3 for short, hosted by the Entertainment Software Association.  Used by many of the video game manufacturers across the various platforms, as well as hardware and software developers, the trade show is used to show off the next generation of games-related products.  Hosted at the Los Angeles Convention Center, the 2014 conference had over 50,000 reported attendees between June 9th and 12th, 2014. With this being Webroot’s first appearance at E3, the company was on site to show off Webroot’s […]

    The post Successful Launch of Webroot for Gamer at E3 appeared first on Webroot Threat Blog.


    0 0

    Cybercriminals continue to efficiently populate their botnets, through the systematic and persistent spamvertising of tens of thousands of fake emails, for the purpose of socially engineering gullible end users into executing the malicious attachments found in the rogue emails. We’ve recently intercepted a currently circulating malicious campaign, impersonating Barkeley Futures Limited, tricking users into thinking that they’ve received a legitimate “Customer Daily Statement”. More details: Sample screenshot of the spamvertised email: Detection rate for a sampled malware: MD5: b05ae71f23148009c36c6ce0ed9b82a7 – detected by 29 out of 54 antivirus scanners as Trojan-Ransom.Win32.Foreign.kxka Once executed, the sample starts listening on ports 16576. It then […]

    The post Spamvertised ‘Customer Daily Statement’ themed emails lead to malware appeared first on Webroot Threat Blog.


    0 0

    Relying on the systematic release of DIY (do-it-yourself) mobile malware generating tools, commercial availability of mobile malware releases intersecting with the efficient exploitation of legitimate Web sites through fraudulent underground traffic exchanges, as well as the utilization of cybercrime-friendly affiliate based revenue sharing schemes, cybercriminals continue capitalizing on the ever-growing Android mobile market segment for the purpose of achieving a positive ROI (return on investment) for their fraudulent activities. We’ve recently spotted yet another underground market proposition offering access to Android-based infected devices. Let’s take a peek inside its Web-based command and control interface, discuss its features, as well as the proposition’s relevance […]

    The post A peek inside a commercially available Android-based botnet for hire appeared first on Webroot Threat Blog.


    0 0

    Online dating can be rough, and no matter how many safeguards are in place in the multiple legitimate dating websites out there, the scammers are getting around the blocks and still luring in potential victims.  While the reports of these types of scams are out there (even with copy and paste examples of the e-mails used), people still fall for the scams every day.  In this particular case, it was my profile on eHarmony that was targeted, and this is my recount of it. It started with a potential match; a profile with a collection of tasteful photos of a […]

    The post A peek inside the online romance scam. appeared first on Webroot Threat Blog.


older | 1 | .... | 18 | 19 | (Page 20) | 21 | 22 | .... | 40 | newer