Bogus Better Business Bureau themed notifications serve client-side exploits and malware

November 14, 2012, 11:00 pm

≫ Next: Cybercriminals spamvertise bogus eFax Corporate delivery messages, serve multiple malware variants

≪ Previous: ‘PayPal Account Modified’ themed emails lead to Black Hole Exploit Kit

$

0

0

By Dancho Danchev Cybercriminals are currently spamvertising millions of emails impersonating the Better Business Bureau (BBB), in an attempt to trick users into clicking on a link to a non-existent report. Upon clicking on the link, users are exposed to the client-side exploits served by the latest version of the Black Hole Exploit Kit. More [...]

---

Cybercriminals spamvertise bogus eFax Corporate delivery messages, serve multiple malware variants

November 15, 2012, 11:00 pm

≫ Next: Bogus IRS ‘Your tax return appeal is declined’ themed emails lead to malware

≪ Previous: Bogus Better Business Bureau themed notifications serve client-side exploits and malware

$

0

0

By Dancho Danchev Cybercriminals are currently mass mailing millions of emails trying to trick recipients into executing malicious attachments pitched as recently arrived fax messages. Upon running the malicious executables, users are exposed to a variety of dropped malware variants in a clear attempt by the cybercriminals to add additional layers of monetization to the [...]

Bogus IRS ‘Your tax return appeal is declined’ themed emails lead to malware

November 18, 2012, 11:00 pm

≫ Next: ‘Copies of Missing EPLI Policies’ themed emails lead to Black Hole Exploit Kit

≪ Previous: Cybercriminals spamvertise bogus eFax Corporate delivery messages, serve multiple malware variants

$

0

0

By Dancho Danchev In March 2012, we intercepted an IRS themed malicious campaign that was serving client-side exploits to prospective users in an attempt to drop malware on the affected hosts. This week, we intercepted three consecutive campaigns using the exact same email template used in the March campaign. What has changed? Are the cybercriminals [...]

‘Copies of Missing EPLI Policies’ themed emails lead to Black Hole Exploit Kit

November 19, 2012, 11:00 pm

≫ Next: Cybercriminals spamvertise bogus ‘Microsoft License Orders’ serve client-side exploits and malware

≪ Previous: Bogus IRS ‘Your tax return appeal is declined’ themed emails lead to malware

$

0

0

By Dancho Danchev Attempting to achieve a higher click-through rate for their exploits and malware serving malicious campaign, cybercriminals are currently spamvertising millions of emails attempting to trick users into thinking they’ve become part of a private conversation about missing EPLI policies. In reality, clicking on any of the links in the oddly formulated email [...]

Cybercriminals spamvertise bogus ‘Microsoft License Orders’ serve client-side exploits and malware

November 20, 2012, 11:00 pm

≫ Next: Cybercriminals resume spamvertising ‘Payroll Account Cancelled by Intuit’ themed emails, serve client-side exploits and malware

≪ Previous: ‘Copies of Missing EPLI Policies’ themed emails lead to Black Hole Exploit Kit

$

0

0

By Dancho Danchev Cybercriminals are currently mass mailing millions of emails impersonating Microsoft Corporation in an attempt to trick users into clicking on a link in a bogus ‘License Order” confirmation email. Upon clicking on the link, users are exposed to the client-side exploits served by the latest version of the Black Hole Exploit Kit. [...]

Cybercriminals resume spamvertising ‘Payroll Account Cancelled by Intuit’ themed emails, serve client-side exploits and malware

November 21, 2012, 11:00 pm

≫ Next: Cybercriminals spamvertise millions of FDIC ‘Your activity is discontinued’ themed emails, serve client-side exploits and malware

≪ Previous: Cybercriminals spamvertise bogus ‘Microsoft License Orders’ serve client-side exploits and malware

$

0

0

By Dancho Danchev Cybercriminals have resumed spamvertising the Intuit Direct Deposit Service Informer themed malicious emails, which we intercepted and profiled earlier this month. While using an identical email template, the cybercriminals behind the campaign have introduced new client-side exploits serving domains, which ultimately lead to the latest version of the Black Hole Exploit Kit. [...]

Cybercriminals spamvertise millions of FDIC ‘Your activity is discontinued’ themed emails, serve client-side exploits and malware

November 22, 2012, 11:00 pm

≫ Next: Cybercriminals release stealthy DIY mass iFrame injecting Apache 2 modules

≪ Previous: Cybercriminals resume spamvertising ‘Payroll Account Cancelled by Intuit’ themed emails, serve client-side exploits and malware

$

0

0

By Dancho Danchev A currently ongoing spam campaign attempts to trick users into thinking that their ability to send Domestic Wire Transfers has been disabled. Impersonating the Federal Deposit Insurance Corporation (FDIC), the cybercriminals behind the campaign are potentially earning thousands of dollars in the process of monetizing the anticipated traffic. Once users click on [...]

Cybercriminals release stealthy DIY mass iFrame injecting Apache 2 modules

November 25, 2012, 11:00 pm

≫ Next: Multiple ‘Inter-company’ invoice themed campaigns serve malware and client-side exploits

≪ Previous: Cybercriminals spamvertise millions of FDIC ‘Your activity is discontinued’ themed emails, serve client-side exploits and malware

$

0

0

By Dancho Danchev What would an attacker do if they were attempting to inject malicious iFrames on as many Web sites as possible? Would they rely on search engines’ reconnaissance as a foundation fo their efficient exploitation process, data mine a botnet’s infected population for accounting data related to CPanel, FTP and SSH accounts, purchase access to [...]

---

Multiple ‘Inter-company’ invoice themed campaigns serve malware and client-side exploits

November 26, 2012, 11:00 pm

≫ Next: Bogus Facebook ‘pending notifications’ themed emails serve client-side exploits and malware

≪ Previous: Cybercriminals release stealthy DIY mass iFrame injecting Apache 2 modules

$

0

0

By Dancho Danchev Over the past few weeks, cybercriminals have been persistently spamvertising ‘Inter-company invoice’ themed emails, in an attempt to trick users into viewing the malicious .html attachment, or unpack and execute the malicious binary found in the attached archives. Upon clicking on the link, users are exposed to the client-side exploits served by [...]

Bogus Facebook ‘pending notifications’ themed emails serve client-side exploits and malware

November 26, 2012, 11:00 pm

≫ Next: Cybercriminals target U.K users with bogus ‘Pay by Phone Parking Receipts’ serve malware

≪ Previous: Multiple ‘Inter-company’ invoice themed campaigns serve malware and client-side exploits

$

0

0

By Dancho Danchev Facebook users, watch out! A recently launched malicious spam campaign is impersonating Facebook, Inc. in an attempt to trick its one billion users into thinking that they’ve received a notification alerting them on activities they may have missed on Facebook. Upon clicking on any of the links found in the email, users [...]

Cybercriminals target U.K users with bogus ‘Pay by Phone Parking Receipts’ serve malware

November 27, 2012, 11:00 am

≫ Next: Bogus DHL ‘Express Delivery Notifications’ serve malware

≪ Previous: Bogus Facebook ‘pending notifications’ themed emails serve client-side exploits and malware

$

0

0

By Dancho Danchev U.K users, beware! Cybercriminals are currently mass mailing yet another malicious spam campaign, enticing users into viewing a bogus list of parking transactions. Upon executing the malicious attachment, the malware opens a backdoor on the affected host, allowing the cybercriminals behind the campaign complete access to the host. More details: Sample screenshot [...]

Bogus DHL ‘Express Delivery Notifications’ serve malware

November 27, 2012, 11:00 pm

≫ Next: Cybercriminals impersonate Vodafone U.K, spread malicious MMS notifications

≪ Previous: Cybercriminals target U.K users with bogus ‘Pay by Phone Parking Receipts’ serve malware

$

0

0

By Dancho Danchev From UPS, USPS to DHL, bogus and malicious parcel tracking confirmations are a common social engineering technique often used by cybercriminals to trick users into clicking on malicious links or executing malicious attachments found in the spamvertised emails. Continuing what appears to be a working social engineering tactic, cybercriminals are currently mass [...]

Cybercriminals impersonate Vodafone U.K, spread malicious MMS notifications

November 28, 2012, 11:00 am

≫ Next: Cybercriminals impersonate T-Mobile U.K, serve malware

≪ Previous: Bogus DHL ‘Express Delivery Notifications’ serve malware

$

0

0

By Dancho Danchev Over the past couple of days, cybercriminals have launched yet another massive spam campaign, once again targeting U.K users. Time time, they are impersonating Vodafone U.K, in an attempt to trick its customers into executing a bogus MMS attachment found in the malicious emails. Upon execution, the sample opens a backdoor on [...]

Cybercriminals impersonate T-Mobile U.K, serve malware

November 28, 2012, 11:00 pm

≫ Next: Bogus ‘Meeting Reminder” themed emails serve malware

≪ Previous: Cybercriminals impersonate Vodafone U.K, spread malicious MMS notifications

$

0

0

By Dancho Danchev Cybercriminals are currently impersonating T-Mobile U.K, in an attempt to trick its customers into downloading a bogus billing information report. Upon execution, the malware opens a backdoor on the affected host, allowing the cybercriminals behind the campaign complete access to the infected PC. More details: Sample screenshot of the spamvertised email: Sample [...]

Bogus ‘Meeting Reminder” themed emails serve malware

November 29, 2012, 11:00 am

≫ Next: Bogus ‘Intuit Software Order Confirmations’ lead to Black Hole Exploit Kit

≪ Previous: Cybercriminals impersonate T-Mobile U.K, serve malware

$

0

0

By Dancho Danchev Cybercriminals are mass mailing malicious emails about a meeting you wouldn’t want to attend – unless you want to compromise the integrity of your computer. Once executed, the malicious attachment opens a backdoor on the affected host, allowing the cybercriminals behind the campaign to gain complete access to the affected host. Naturally, [...]

---

Bogus ‘Intuit Software Order Confirmations’ lead to Black Hole Exploit Kit

November 29, 2012, 11:00 pm

≫ Next: Bogus ‘End of August Invoices’ themed emails serve malware and client-side exploits

≪ Previous: Bogus ‘Meeting Reminder” themed emails serve malware

$

0

0

By Dancho Danchev Sticking to their well proven practice of systematically rotating impersonated brands, the cybercriminals behind a huge majority of the malicious campaigns that we’ve been profiling recently are once again impersonating Intuit in an attempt to trick its customers into clicking on links exposing them to the client-side exploits served by the Black [...]

Bogus ‘End of August Invoices’ themed emails serve malware and client-side exploits

November 30, 2012, 11:00 am

≫ Next: DIY malicious domain name registering service spotted in the wild

≪ Previous: Bogus ‘Intuit Software Order Confirmations’ lead to Black Hole Exploit Kit

$

0

0

By Dancho Danchev Cybercriminals have recently launched yet another massive spam campaign attempting to trick users into clicking on malicious links or executing malicious attachments found in the spamvertised emails. More details: Sample screenshot of the spamvertised email: Sample detection rate for the malicious attachment: MD5: 8b194d05c7e7f96a37b1840388231791 – detected by 39 out of 44 antivirus scanners [...]

DIY malicious domain name registering service spotted in the wild

December 2, 2012, 11:00 pm

≫ Next: Fake ‘FedEx Tracking Number’ themed emails lead to malware

≪ Previous: Bogus ‘End of August Invoices’ themed emails serve malware and client-side exploits

$

0

0

By Dancho Danchev Security researchers and security vendors are constantly profiling and blocking the malicious operations launched by organized crime groups on the Internet. In an attempt to increase the life cycle of their malicious campaigns, cybercriminals rely on a set of domains hosted on bulletproof servers. In addition to this tactic, they also rely on fast-fluxing, a technique [...]

Fake ‘FedEx Tracking Number’ themed emails lead to malware

December 3, 2012, 11:00 pm

≫ Next: Bogus ‘Facebook Account Cancellation Request’ themed emails serve client-side exploits and malware

≪ Previous: DIY malicious domain name registering service spotted in the wild

$

0

0

By Dancho Danchev At the end of October, a cybercriminal or group of cybercriminals launched three massive spam campaigns in an attempt to trick users into clicking on a deceptive link and downloading a malicious attachment. Upon execution, the malware phones back to the command and control servers operated by the party that launched it, [...]

Bogus ‘Facebook Account Cancellation Request’ themed emails serve client-side exploits and malware

December 4, 2012, 11:00 pm

≫ Next: Phishing For Bank Account Information

≪ Previous: Fake ‘FedEx Tracking Number’ themed emails lead to malware

$

0

0

By Dancho Danchev Facebook users, watch what you click on! Cybercriminals are currently mass mailing bogus “Facebook Account Cancellation Requests“, in an attempt to trick Facebook’s users into clicking on the malicious link found in the email. Upon clicking on the link, users are exposed to client-side exploits which ultimately drop malware on the affected [...]