Black Hole Exploit Kit author’s ‘vertical market integration’ fuels growth in malicious Web activity

January 7, 2013, 11:00 pm

≫ Next: Spamvertised AICPA themed emails serve client-side exploits and malware

≪ Previous: Novel Approach to Malware Discovery in today’s Threat Landscape

$

0

0

By Dancho Danchev Historical cybercrime performance activity of multiple gangs and individuals has shown us that, in order for them to secure multiple revenue streams, they have the tendency to multi-task on multiple fronts while operating and serving the needs of customers within different cybercrime-friendly market segments. A logical question emerges in the context of [...]

---

Spamvertised AICPA themed emails serve client-side exploits and malware

January 8, 2013, 11:00 pm

≫ Next: ‘Please confirm your U.S Airways online registration’ themed emails lead to Black Hole Exploit Kit

≪ Previous: Black Hole Exploit Kit author’s ‘vertical market integration’ fuels growth in malicious Web activity

$

0

0

By Dancho Danchev Certified Public Accountants (CPAs) are a common target for cybercriminals. Throughout 2012, we intercepted several campaigns directly targeting CPAs in an attempt to trick them into clicking on the malicious links found in the emails. Once they click on any of the links, they’re automatically exposed to the client-side exploits served by the [...]

‘Please confirm your U.S Airways online registration’ themed emails lead to Black Hole Exploit Kit

January 9, 2013, 11:00 pm

≫ Next: Malicious DIY Java applet distribution platforms going mainstream

≪ Previous: Spamvertised AICPA themed emails serve client-side exploits and malware

$

0

0

By Dancho Danchev In 2012, fake flight reservation confirmations and bogus E-ticket verifications were a popular social engineering theme for cybercriminals. On numerous occasions, we intercepted related campaigns attempting to trick customers into clicking on malicious links, which ultimately exposed them to the client-side exploits served by the latest version of the Black Hole Exploit Kit. Apparently, [...]

Malicious DIY Java applet distribution platforms going mainstream

January 10, 2013, 11:00 pm

≫ Next: Fake ‘ADP Speedy Notifications’ lead to client-side exploits and malware

≪ Previous: ‘Please confirm your U.S Airways online registration’ themed emails lead to Black Hole Exploit Kit

$

0

0

By Dancho Danchev Despite the fact that on the majority of occasions cybercriminals tend to rely on efficient and automated exploitation techniques like the ones utilized by the market leading Black Hole Exploit Kit, they are no strangers to good old fashioned ‘visual social engineering’ tricks. Throughout 2012, we emphasized on the emerging trend of [...]

Fake ‘ADP Speedy Notifications’ lead to client-side exploits and malware

January 13, 2013, 11:00 pm

≫ Next: Cybercriminals release automatic CAPTCHA-solving bogus Youtube account generating tool

≪ Previous: Malicious DIY Java applet distribution platforms going mainstream

$

0

0

By Dancho Danchev Over the past week, cybercriminals have resumed spamvertising fake “ADP Immediate Notifications” in an attempt to trick users into clicking on the malicious links found in the emails. The links point to the latest version of the Black Hole Exploit Kit, and consequently, exploit CVE-2013-0422, affecting the latest version of Java. With no [...]

Cybercriminals release automatic CAPTCHA-solving bogus Youtube account generating tool

January 14, 2013, 11:00 pm

≫ Next: ‘Batch Payment File Declined’ EFTPS themed emails lead to Black Hole Exploit Kit

≪ Previous: Fake ‘ADP Speedy Notifications’ lead to client-side exploits and malware

$

0

0

By Dancho Danchev For years, thanks to the currently mature human-driven ecosystem offering CAPTCHA-solving as a service, cybercriminals have been persistently and automatically abusing major Web properties by undermining the “chain of trust” that these properties rely on so extensively. Still living in a world supposedly dominated by malware-infected bots, this myopia has resulted in the [...]

‘Batch Payment File Declined’ EFTPS themed emails lead to Black Hole Exploit Kit

January 15, 2013, 11:00 pm

≫ Next: Cybercriminals resume spamvertising fake Vodafone ‘A new picture or video message’ themed emails, serve malware

≪ Previous: Cybercriminals release automatic CAPTCHA-solving bogus Youtube account generating tool

$

0

0

By Dancho Danchev Cybercriminals are currently mass mailing tens of thousands of emails, impersonating the EFTPS (Electronic Federal Tax Payment System), in an attempt to trick its users into clicking on exploits and malware serving malicious links found in the emails. More details: Sample screenshot of the spamvertised email: Sample compromised URLs used in the [...]

Cybercriminals resume spamvertising fake Vodafone ‘A new picture or video message’ themed emails, serve malware

January 16, 2013, 11:00 pm

≫ Next: Leaked DIY malware generating tool spotted in the wild

≪ Previous: ‘Batch Payment File Declined’ EFTPS themed emails lead to Black Hole Exploit Kit

$

0

0

By Dancho Danchev Over the past 24 hours, cybercriminals resumed spamvertising fake Vodafone MMS themed emails, in an attempt to trick the company’s customers into executing the malicious attachment found in these emails. More details: Sample screenshot of the spamvertised email: Detection rate for the malicious executable: MD5: bafebf4cdf640520e6266eb05b55d7c5 – detected by 21 out of [...]

---

Leaked DIY malware generating tool spotted in the wild

January 18, 2013, 9:28 pm

≫ Next: Email hacking for hire going mainstream – part three

≪ Previous: Cybercriminals resume spamvertising fake Vodafone ‘A new picture or video message’ themed emails, serve malware

$

0

0

By Dancho Danchev How easy is it to create an undetected piece of malware these days? Too easy to be true! With more DIY malware botnets and DIY malware generating tools continuing to leak at public cybercrime-friendly forums, today’s novice cybercriminals have access to sophisticated point’n'click malware generating tools that were once only available in [...]

Email hacking for hire going mainstream – part three

January 20, 2013, 11:00 pm

≫ Next: Android malware spreads through compromised legitimate Web sites

≪ Previous: Leaked DIY malware generating tool spotted in the wild

$

0

0

By Dancho Danchev Just as we anticipated on two occasions in 2012, managed email hacking for hire services continue popping-up at publicly accessible cybercrime-friendly communities, a trend that’s largely driven by the demand for such services by unethical competition, “friends”, or current/ex-spouses. Often pitched as “forgotten password recovery” services, they rely on social engineering, brute-forcing, and [...]

Android malware spreads through compromised legitimate Web sites

January 21, 2013, 11:00 pm

≫ Next: Fake Intuit ‘Direct Deposit Service Informer’ themed emails lead to Black Hole Exploit Kit

≪ Previous: Email hacking for hire going mainstream – part three

$

0

0

By Dancho Danchev Over the past 24 hours, our sensor networks picked up an interesting website infection affecting a popular Bulgarian website for branded watches, which ultimately redirects and downloads premium rate SMS Android malware on the visiting user devices. The affected Bulgarian website is only the tip of the iceberg, based on the diversified portfolio of malicious domains known [...]

Fake Intuit ‘Direct Deposit Service Informer’ themed emails lead to Black Hole Exploit Kit

January 22, 2013, 11:00 pm

≫ Next: Fake LinkedIn ‘Invitation Notifications’ themed emails lead to client-side exploits and malware

≪ Previous: Android malware spreads through compromised legitimate Web sites

$

0

0

By Dancho Danchev Cybercriminals are currently spamvertising tens of thousands of fake emails, impersonating Intuit, in an attempt to trick its customers and users into clicking on the malicious links found in the emails. Once users click on any of the links, they’re exposed to the client-side exploits served by the latest version of the [...]

Fake LinkedIn ‘Invitation Notifications’ themed emails lead to client-side exploits and malware

January 23, 2013, 11:00 pm

≫ Next: Novice cybercriminals experiment with DIY ransomware tools

≪ Previous: Fake Intuit ‘Direct Deposit Service Informer’ themed emails lead to Black Hole Exploit Kit

$

0

0

By Dancho Danchev LinkedIn users, watch what you click on! Over the past 24 hours, cybercriminals have launched yet another massive spam campaign, impersonating LinkedIn, in an attempt to trick its users into clicking on the malicious links found in the bogus “Invitation Notification” themed emails. Once they click on the links, users are automatically [...]

Novice cybercriminals experiment with DIY ransomware tools

January 24, 2013, 11:00 pm

≫ Next: Bogus ‘Your Paypal Transaction Confirmation’ themed emails lead to Black Hole Exploit Kit

≪ Previous: Fake LinkedIn ‘Invitation Notifications’ themed emails lead to client-side exploits and malware

$

0

0

By Dancho Danchev For years, the DIY (do-it-yourself) trend has been evident across the entire cybercrime ecosystem. From the early exploits generating DIY tools that set the foundations for the upcoming “malicious economies of scale” trend to emerge, to the ongoing leaks of DIY botnet and malware generating tools that were once only available to advanced [...]

Bogus ‘Your Paypal Transaction Confirmation’ themed emails lead to Black Hole Exploit Kit

January 27, 2013, 11:00 pm

≫ Next: Fake ‘FedEx Online Billing – Invoice Prepared to be Paid’ themed emails lead to Black Hole Exploit Kit

≪ Previous: Novice cybercriminals experiment with DIY ransomware tools

$

0

0

By Dancho Danchev Financial institutions and online payment processors are a common target for cybercriminals, who systematically brand-jack and abuse the reputation of their trusted brands, in an attempt to scam or serve malware to their customers. Over the past 24 hours, cybercriminals have launched yet another spam campaign, impersonating PayPal, in an attempt to [...]

---

Fake ‘FedEx Online Billing – Invoice Prepared to be Paid’ themed emails lead to Black Hole Exploit Kit

January 28, 2013, 11:00 pm

≫ Next: A peek inside a DIY password stealing malware

≪ Previous: Bogus ‘Your Paypal Transaction Confirmation’ themed emails lead to Black Hole Exploit Kit

$

0

0

By Dancho Danchev Users of FedEx’s Online Billing service, watch out! Cybercriminals are currently mass mailing tens of thousands of emails impersonating the company, in an attempt to trick its customers into clicking on exploits and malware dropping links found in the legitimate-looking emails. More details: Sample screenshot of the spamvertised email: Sample client-side exploits serving [...]

A peek inside a DIY password stealing malware

January 29, 2013, 11:00 pm

≫ Next: Malicious ‘Facebook Account Cancellation Request” themed emails serve client-side exploits and malware

≪ Previous: Fake ‘FedEx Online Billing – Invoice Prepared to be Paid’ themed emails lead to Black Hole Exploit Kit

$

0

0

By Dancho Danchev On a daily basis, we continue to observe the emergence of the DIY (do-it-yourself) trend within the entire cybercrime ecosystem. And although the DIY activity cannot be compared to the malicious impact caused by “cybercrime-as-a-service” managed underground market propositions, it allows virtually anyone to enter the profitable world of cybercrime, thanks to [...]

Malicious ‘Facebook Account Cancellation Request” themed emails serve client-side exploits and malware

January 30, 2013, 11:00 pm

≫ Next: Fake Booking.com ‘Credit Card was not Accepted’ themed emails lead to malware

≪ Previous: A peek inside a DIY password stealing malware

$

0

0

By Dancho Danchev In December, 2012, we intercepted a professional-looking email that was impersonating Facebook Inc. in an attempt to trick its users into thinking that they’ve received an “Account Cancellation Request“. In reality, once users clicked on the links, their hosts were automatically exploited through outdated and already patched client-side vulnerabilities, which dropped malware on the affected [...]

Fake Booking.com ‘Credit Card was not Accepted’ themed emails lead to malware

January 31, 2013, 11:00 pm

≫ Next: Fake FedEx ‘Tracking ID/Tracking Number/Tracking Detail’ themed emails lead to malware

≪ Previous: Malicious ‘Facebook Account Cancellation Request” themed emails serve client-side exploits and malware

$

0

0

By Dancho Danchev Cybercriminals are mass mailing tens of thousands of emails, impersonating Booking.com, in an attempt to trick its users into thinking that their credit card was not accepted. Users are then urged to click on a fake “Print Booking Details” link, which leads them to the malware used in the campaign. More details: [...]

Fake FedEx ‘Tracking ID/Tracking Number/Tracking Detail’ themed emails lead to malware

February 3, 2013, 11:00 pm

≫ Next: ‘Your Kindle e-book Amazon receipt’ themed emails lead to Black Hole Exploit Kit

≪ Previous: Fake Booking.com ‘Credit Card was not Accepted’ themed emails lead to malware

$

0

0

By Dancho Danchev On a daily basis, we intercept hundreds of thousands of fraudulent or malicious emails whose purpose is to either infect users with malicious software or turn them into victims of fraudulent schemes. About 99% of these campaigns rely on social engineering tactics, and in the cases where they don’t include direct links to [...]