Articles on this Page
- 02/04/13--23:00: _‘Your Kindle e-book...
- 02/05/13--14:54: _Android security ti...
- 02/05/13--23:00: _New DIY HTTP-based ...
- 02/06/13--23:00: _Mobile spammers rel...
- 02/11/13--23:00: _New underground ser...
- 02/12/13--23:00: _Targeted ‘phone rin...
- 02/13/13--23:00: _Fake ‘You’ve blocke...
- 02/14/13--23:00: _Spamvertised IRS ‘I...
- 02/17/13--23:00: _Malware propagates ...
- 02/18/13--23:00: _Malicious ‘RE: Your...
- 02/19/13--23:00: _New underground E-s...
- 02/20/13--23:00: _Fake ‘Verizon Wirel...
- 02/21/13--23:00: _DIY malware cryptor...
- 02/22/13--10:45: _How do we use, secu...
- 02/24/13--23:00: _Malicious ‘Data Pro...
- 02/26/13--23:00: _How mobile spammers...
- 02/28/13--00:06: _How much does it co...
- 02/28/13--12:45: _Recap from RSA2013:...
- 03/03/13--23:00: _New DIY IRC-based D...
- 03/04/13--23:00: _Cybercriminals rele...
- 02/05/13--14:54: Android security tips and Windows AutoRun protection
- 02/05/13--23:00: New DIY HTTP-based botnet tool spotted in the wild
- 02/06/13--23:00: Mobile spammers release DIY phone number harvesting tool
- 02/12/13--23:00: Targeted ‘phone ring flooding’ attacks as a service going mainstream
- 02/17/13--23:00: Malware propagates through localized Facebook Wall posts
- 02/21/13--23:00: DIY malware cryptor as a Web service spotted in the wild
- 02/22/13--10:45: How do we use, secure, and share the information that surrounds us?
- 02/26/13--23:00: How mobile spammers verify the validity of harvested phone numbers
- 02/28/13--12:45: Recap from RSA2013: Android Malware Exposed
- 03/03/13--23:00: New DIY IRC-based DDoS bot spotted in the wild
- 03/04/13--23:00: Cybercriminals release new Java exploits centered exploit kit
By Dancho Danchev Kindle owners, watch what you click on! Cybercriminals are currently attempting to trick Kindle owners into thinking that they’ve received a receipt from an E-book purchase from Amazon.com. In reality, when users click on any of the links found in the malicious emails, they’re automatically exposed to the client-side exploits served by [...]
by Armando Orozco Recently, two applications designed with malicious intent were discovered within the Google Play application store. The apps were built with a façade of being utility cleaners designed to help optimize Android-powered phones, but in reality, both apps had code built in designed to copy private files, including photos, and submit them to [...]
By Dancho Danchev What are cybercrime-facilitating programmers up to when they’re not busy fulfilling custom orders? Releasing DIY (do-it-yourself) user-friendly tools allowing anyone an easy entry into the world of cybercrime, and securing their revenue streams thanks to the active advertisements of these tools across closed cybercrime-friendly Web communities. In this post, I’ll profile a recently advertised [...]
By Dancho Danchev Need a good reason not to connect to the public Web with your phone? Wonder where all that SMS spam is coming from? Keep reading. Mobile phone spammers have recently released a new version of a well known phone number harvesting tool, whose main objective is to crawl the public Web and index mobile [...]
By Dancho Danchev Thanks to the success of multiple botnet aggregating malicious campaigns launched in the wild, cybercriminals are launching malware-infected-hosts — also known as loads — as a service type of underground market propositions, in an attempt to monetize the botnet’s infected population by selling “partitioned” access to it. How much does it cost [...]
By Dancho Danchev Throughout the past year, we observed an increase in the availability of malicious (DIY) tools and services that were once exclusively targeting sophisticated cybercriminals, often operating within invite-only cybercrime-friendly Web communities. This development is a clear indication that the business models behind these tools and services cannot scale, and in order to ensure [...]
By Dancho Danchev Cybercriminals are currently spamvertising two separate campaigns, impersonating Facebook Inc., in an attempt to trick its users into thinking that their Facebook account has been disabled. What these two campaigns have in common is the fact that the client-side exploits serving domains are both parked on the same IP. Once users click on [...]
By Dancho Danchev Its tax season and cybercriminals are mass mailing tens of thousands of IRS (Internal Revenue Service) themed emails in an attempt to trick users into thinking that their income tax refund has been “turned down”. Once users click on any of the links found in the malicious emails, they’re automatically exposed to [...]
By Dancho Danchev We’ve recently intercepted a localized — to Bulgarian — malware campaign, that’s propagating through Facebook Wall posts. Basically, a malware-infected user would unknowingly post a link+enticing message, in this case “Check it out!“, on their friend’s Walls, in an attempt to abuse their trusted relationship and provoke them to click on the [...]
By Dancho Danchev Over the last couple of days, we’ve been monitoring a persistent attempt to infect tens of thousands of users with malware through a systematic rotation of multiple social engineering themes. What all of these campaigns have in common is the fact that they all share the same malicious infrastructure. Let’s profile one [...]
By Dancho Danchev On a daily basis, largely thanks to the efficiency-centered malicious campaigns circulating in the wild, cybercriminals get access to tens of thousands of accounting credentials across multiple Web properties, and most disturbingly, online payment processing services like PayPal. We’ve recently spotted a newly launched underground E-shop that’s exclusively selling access to hacked [...]
By Dancho Danchev On a periodic basis, cybercriminals are spamvertising malicious campaigns impersonating Verizon Wireless to tens of thousands of Verizon customers across the globe in an attempt to trick them into interacting with the fake emails. Throughout 2012, we intercepted two campaigns pretending to come from the company, followed by another campaign intercepted last month. This tactic largely relies [...]
By Dancho Danchev Just how easy is it to generate an undetected piece of malware these days? Too easy to be true, largely thanks to the rise of managed crypting services, and the re-emergence of the DIY (do it yourself) trend within the entire cybercrime ecosystem. With hundreds of thousands of new malware variants processed [...]
The mobile landscape has boomed in the last couple of years mostly in part because of Android devices and social networking. This has opened the door for everyone to have access to a smartphone and have the cyber world at their fingertips. Smartphones have become an extension of us, and we now have our email, [...]
By Dancho Danchev A cybercriminal/gang of cybercriminals that we’ve been closely monitoring for a while now has just launched yet another spam campaign, this time impersonating the “Data Processing Service” company, in an attempt to trick its customers into interacting with the malicious emails. Once they do so, they are automatically exposed to the client-side [...]
By Dancho Danchev Have you ever received a blank call, and no one was on the other side of the line? What about a similar blank SMS received through your mobile carrier’s Mail2SMS gateway? There’s a high probability that it was a mobile spammer who’s automatically and efficiently verifying the validity of a recently harvested database [...]
By Dancho Danchev Earlier this month, we profiled and exposed a newly launched underground service offering access to tens of thousands of malware-infected hosts, with an emphasis on the fact that U.S.-based hosts were relatively more expensive to acquire, largely due to the fact that U.S.-based users are known to have a higher online purchasing [...]
On Wednesday, February 27th, Webroot threat researchers Grayson Milbourne and Armando Orozco presented at the RSA Conference in San Francisco. Their topic, Android Malware Exposed – An In-depth Look at its Evolution, is an expansion on their previous year’s presentation, highlighting the severity of the Android malware growth. Focusing on the history of operating system [...]
rmelick20132-28-2013 11-38-16 AM2-28-2013 11-38-39 AM2-28-2013 1-44-05 PM
By Dancho Danchev Thanks to basic disruptive factors like standardization, DIY (do it yourself) underground market releases, Cybercrime-as-a-Service ”value added” propositions, efficiency-centered client-side exploitation process, QA (Quality Assurance), and adaptation to the ubiquitous endpoint protection mechanisms, such as for instance, signatures-based antivirus scanning, the cybercrime ecosystem is currently enjoying the monetary joys of its mature state. In this post, I’ll profile a recently advertised [...]
By Dancho Danchev Yesterday, a relatively unknown group of cybercriminals publicly announced the availability of a new Web malware exploitation kit. What’s so special about it is the fact that its current version is entirely based on Java exploits (CVE-2012-1723 and CVE-2013-0431), naturally, with “more exploits to be introduced any time soon”. Let’s take a [...]