Articles on this Page
- 09/19/12--00:00: _Cybercriminals impe...
- 09/20/12--10:24: _Managed Ransomware-...
- 09/21/12--00:00: _A peek inside a bou...
- 09/24/12--00:00: _New E-shop selling ...
- 09/27/12--00:00: _From Russia with iP...
- 09/28/12--00:00: _New Russian DIY DDo...
- 10/01/12--00:00: _Russian cybercrimin...
- 10/08/12--12:01: _Upcoming Webroot pr...
- 10/12/12--00:00: _Recently launched E...
- 10/12/12--12:00: _New Russian service...
- 10/15/12--00:00: _‘Vodafone Europe: Y...
- 10/15/12--12:00: _Cybercriminals impe...
- 10/16/12--00:00: _‘Your video may hav...
- 10/16/12--12:00: _Cybercriminals spam...
- 10/17/12--00:00: _American Airlines t...
- 10/17/12--12:00: _Bogus Facebook noti...
- 10/18/12--00:00: _Spamvertised ‘KLM E...
- 10/18/12--12:00: _‘Intuit Payroll Con...
- 10/19/12--00:00: _Malware campaign sp...
- 10/19/12--12:00: _‘Regarding your Fri...
- 09/20/12--10:24: Managed Ransomware-as-a-Service spotted in the wild
- 09/21/12--00:00: A peek inside a boutique cybercrime-friendly E-shop – part four
- 09/24/12--00:00: New E-shop selling stolen credit cards data spotted in the wild
- 09/27/12--00:00: From Russia with iPhone selling affiliate networks
- 09/28/12--00:00: New Russian DIY DDoS bot spotted in the wild
- 10/01/12--00:00: Russian cybercriminals release new DIY SMS flooder
- 10/12/12--12:00: New Russian service sells access to compromised Steam accounts
- 10/15/12--00:00: ‘Vodafone Europe: Your Account Balance’ themed emails serve malware
- 10/16/12--00:00: ‘Your video may have illegal content’ themed emails serve malware
- 10/17/12--00:00: American Airlines themed emails lead to the Black Hole Exploit Kit
- 10/17/12--12:00: Bogus Facebook notifications lead to malware
- 10/18/12--00:00: Spamvertised ‘KLM E-ticket’ themed emails serve malware
By Dancho Danchev Over the past 24 hours, cybercriminals started spamvertising millions of emails impersonating the Federal Deposit Insurance Corporation (FDIC), in an attempt to trick businesses into installing a bogus and non-existent security tool promoted in the emails. Upon clicking on the links, users are exposed to the client-side exploits served by the Black Hole [...]
By Dancho Danchev Over the past several quarters, we’ve witnessed the rise of the so called Police Ransomware also known as Reveton. From fully working host lock down tactics, to localization in multiple languages and impersonation of multiple international law enforcement agencies, its authors proved that they have the means and the motivation to continue [...]
By Dancho Danchev Over the past couple of months, I’ve been periodically profiling the monetization tactics applied by novice cybercriminals, a market segment of less technically sophisticated individuals looking for ways to cash out on their fraudulent Web activities. The rise of this market segment can be contributed to the rise of managed cybercrime-friendly services [...]
By Dancho Danchev What happens once a cybercriminal has managed to obtain access to your credit card data by either compromising an insecure database, or through crimeware dropped on an affected host? Would he purchase blank plastic and holograms and embed the stolen data in an attempt to cash out as much money as possible, [...]
By Dancho Danchev With affiliate networks continuing to represent among the few key growth factors of the cybercrime ecosystem, it shouldn’t be surprising that cybercriminals continue introducing new services and goods with questionable quality and sometimes unknown origins on the market, with the idea to entice potential network participants into monetizing the traffic they can [...]
By Dancho Danchev Over the last couple of years, the modular and open source nature of today’s modern DDoS (distributed denial of service) bots inevitably resulted in the rise of the DDoS for hire and DDoS extortion monetization schemes within the cybercrime ecosystem. These maturing business models require constant innovation on behalf of the cybercriminals [...]
By Dancho Danchev Just like in every market, in the underground ecosystem demand too, meets supply on a regular basis. Thanks to the systematically released DIY SMS flooding applications, cybercriminals have successfully transformed this market segment into a growing and professionally oriented niche market. From the active abuse of the features offered by legitimate infrastructure [...]
By Dancho Danchev Are you in London next week? If so, don’t forget to attend my presentation at this year’s RSA Europe conference, hosted in the magnificent Hilton Metropole Hotel. More details: Hotel’s address: 225 Edgware Road, London W2 1JU, United Kingdom Presentation details: Track ID: HT-308 Date: Thursday, 11th of October, 2012 Time: 13:30 – 14:20 hrs Topic: Cyber [...]
By Dancho Danchev Largely relying on sophisticated and legitimate-looking phishing campaigns, next to active data mining of a botnet’s infected population, today’s cybercriminals are in a perfect position to monetize these fraudulently obtained assets in the form of compromised accounts. From compromised social networking accounts, to direct access to compromised servers and desktop PCs, the [...]
By Dancho Danchev For years, cybercriminals have been trying to capitalize on the multi-billion dollar PC gaming market. From active development of game cracks and patches aiming to bypass the distribution protection embedded within the games, to today’s active data mining of a botnet’s infected population looking for gaming credentials in an attempt to resell [...]
By Dancho Danchev Cybercriminals are currently spamvertising millions of emails, impersonating Vodafone Europe, in an attempt to trick their customers into executing the malicious file attachment found in the email. More details: Sample screenshot of the spamvertised email: Detection rate: Vodafone_Account_Balance.pdf.exe – MD5: 8601ece8b0c79ec3d4396f07319bbff1 – detected by 36 out of 42 antivirus scanners as Trojan-Ransom.Win32.PornoAsset.xen; Worm:Win32/Gamarue.F [...]
By Dancho Danchev Over the past 24 hours, cybercriminals spamvertised millions of email addresses, impersonating UPS, in an attempt to trick end users into viewing the malicious .html attachment. Upon viewing, the file loads a tiny iFrame attempting to serve client-side exploit served by the latest version of the Black Hole Exploit kit, which ultimately [...]
By Dancho Danchev Cybercriminals are currently spamvertising millions of emails impersonating Google’s YouTube team, in an attempt to trick end and corporate users into executing the malicious attachment found in the email. Upon execution, the samples opens a backdoor on the affected host, allowing full access to the targeted host by the cybercriminals behind the [...]
By Dancho Danchev Over the past week, cybercriminals have been spamvertising millions of emails impersonating Amazon.com in an attempt to trick customers into thinking that they’ve received a Shipping Confirmation for a Vizio XVT3D04, HD 40-Inch 720p 100 Hz Cinema 3D LED-LCD HDTV FullHD and Four Pairs of 3D Glasses. Once users click on any of the [...]
By Dancho Danchev Over the past 24 hours, cybercriminals launched yet another massive spam campaign, this time impersonating American Airlines in an attempt to trick its customers into clicking on a malicious link found in the mail. Upon clicking on the link, users are exposed to the client-side exploits served by the Black Hole Exploit [...]
By Dancho Danchev In an attempt to trick users into getting themselves infected with malware, cybercriminals are currently spamvertising millions of emails impersonating Facebook. More details: Sample screenshot of the spamvertised email: Detection rate for the spamvertised attachment: Your_Friend_New_photos-updates.jpeg.exe – MD5: 8601ece8b0c79ec3d4396f07319bbff1 – detected by 36 out of 43 antivirus scanners as Win32/TrojanDownloader.Wauchos.A; Trojan-Ransom.Win32.PornoAsset.xen Webroot [...]
By Dancho Danchev KLM customers, beware! Cybercriminals are currently spamvertising millions of legitimate-looking emails, in an attempt to trick current and prospective KLM customers into executing the malicious attachment found in the email. More details: Sample screenshot of the spamvertised ‘KLM E-ticket’ themed email: Second screenshot of the spamvertised ‘KLM E-ticket’ themed email: Detection rate [...]
By Dancho Danchev Over the past 24 hours, cybercriminals launched two consecutive massive email campaigns, impersonating Intui Payroll’s Direct Deposit Service system, in an attempt to trick end and corporate users into clicking on the malicious links found in the mails. Upon clicking on any of links found in the emails, users are exposed to [...]
By Dancho Danchev Trust is vital, and cybercriminals know that there’s a higher probability that you will click on a link sent by a trusted friend, not from a complete stranger. Yesterday, one of my Facebook friends sent me a direct message indicating that his host has been compromised, and is currently being used to [...]
By Dancho Danchev Cybercriminals are currently spamvertising millions of emails, impersonating Friendster, in an attempt to trick its current and prospective users into clicking on a malicious link found in the email. Upon clicking on the link, users are exposed to the client-side exploits served by the latest version of the Black Hole exploit kit. [...]