Segmented Russian “spam leads” offered for sale

March 5, 2013, 11:00 pm

≫ Next: New DIY hacked email account content grabbing tool facilitates cyber espionage on a mass scale

≪ Previous: Cybercriminals release new Java exploits centered exploit kit

$

0

0

By Dancho Danchev What is the Russian underground up to when it comes to ‘spear phishing’ attacks? How prevalent is the tactic among Russian cybercriminals? What “data acquisition tactics” do they rely on, and just how sophisticated are their “data mining” capabilities? Let’s find out by emphasizing on a recent underground market advertisement offering access [...]

---

New DIY hacked email account content grabbing tool facilitates cyber espionage on a mass scale

March 6, 2013, 11:00 pm

≫ Next: New DIY unsigned malicious Java applet generating tool spotted in the wild

≪ Previous: Segmented Russian “spam leads” offered for sale

$

0

0

By Dancho Danchev What would an average cybercriminal do if he had access to tens of thousands of compromised email accounts? He’d probably start outsourcing the CAPTCHA solving process, in an attempt to hijack the IP reputation of both Domain Keys verified and trusted domains of all major free Web based email service providers. What about sophisticated attackers [...]

New DIY unsigned malicious Java applet generating tool spotted in the wild

March 7, 2013, 11:00 pm

≫ Next: Commercial Steam ‘information harvester/mass group inviter’ could lead to targeted fraudulent campaigns

≪ Previous: New DIY hacked email account content grabbing tool facilitates cyber espionage on a mass scale

$

0

0

By Dancho Danchev Just as we anticipated on numerous occassions in our series of blog posts exploring the emerging DIY (do it yourself) trend within the cybercrime ecosystem, novice cybercriminals continue attempting to steal market share from market leaders, in order for them to either gain credibility within a particular cybercrime-friendly community, or secure a revenue stream. Throughout 2012, [...]

Commercial Steam ‘information harvester/mass group inviter’ could lead to targeted fraudulent campaigns

March 11, 2013, 12:00 am

≫ Next: Fake BofA CashPro ‘Online Digital Certificate” themed emails lead to malware

≪ Previous: New DIY unsigned malicious Java applet generating tool spotted in the wild

$

0

0

By Dancho Danchev Despite the fact that the one-to-many type of malicious campaign continues dominating the threat landscape, cybercriminals are constantly looking for new ways to better tailor their campaigns to the needs, wants, and demands of potential customers. Utilizing basic marketing concepts such as localization, market segmentation, as well as personalization, today’s sophisticated cybercriminals would [...]

Fake BofA CashPro ‘Online Digital Certificate” themed emails lead to malware

March 12, 2013, 12:00 am

≫ Next: Spamvertised BBB ‘Your Accreditation Terminated” themed emails lead to Black Hole Exploit Kit

≪ Previous: Commercial Steam ‘information harvester/mass group inviter’ could lead to targeted fraudulent campaigns

$

0

0

By Dancho Danchev Over the past 24 hours, we intercepted tens of thousands of malicious emails attempting to socially engineering BofA’s CashPro users into downloading and executing a bogus online digital certificate attached to the fake emails. More details: Sample screenshot of  the spamvertised email: Detection rate for the malicious executable: MD5: bfe7c4846823174cbcbb10de9daf426b – detected by 34 out of [...]

Spamvertised BBB ‘Your Accreditation Terminated” themed emails lead to Black Hole Exploit Kit

March 13, 2013, 12:00 am

≫ Next: New ZeuS source code based rootkit available for purchase on the underground market

≪ Previous: Fake BofA CashPro ‘Online Digital Certificate” themed emails lead to malware

$

0

0

By Dancho Danchev Over the past week, a cybercriminal/gang of cybercriminals whose activities we’ve been actively profiling over a significant period of time, launched two separate massive spam campaigns, this time impersonating the Better Business Bureau (BBB), in an attempt to trick users into thinking that their BBB accreditation has been terminated. Once users click on any [...]

New ZeuS source code based rootkit available for purchase on the underground market

March 14, 2013, 2:16 pm

≫ Next: Cybercriminals resume spamvertising ‘Re: Fwd: Wire Transfer’ themed emails, serve client-side exploits and malware

≪ Previous: Spamvertised BBB ‘Your Accreditation Terminated” themed emails lead to Black Hole Exploit Kit

$

0

0

By Dancho Danchev We have recently spotted a new underground market ad, featuring a new commercially available malware bot+rootkit based on the ZeuS crimeware’s leaked source code. According to its author, the modular nature of the bot, allows him to keep coming up with new plugins, resulting in systematic “innovation” and the introduction of new features. What’s the long-term [...]

Cybercriminals resume spamvertising ‘Re: Fwd: Wire Transfer’ themed emails, serve client-side exploits and malware

March 15, 2013, 12:00 am

≫ Next: ‘ADP Package Delivery Notification’ themed emails lead to Black Hole Exploit Kit

≪ Previous: New ZeuS source code based rootkit available for purchase on the underground market

$

0

0

By Dancho Danchev Over the last couple of days, a cybercricriminal/gang of cybercriminals that we’ve been extensively profiling, resumed spamvertising tens of thousands of emails, in an attempt to trick users that they have a pending wire transfer. Once users click on any of the links found in the malicious emails, they’re exposed to the [...]

---

‘ADP Package Delivery Notification’ themed emails lead to Black Hole Exploit Kit

March 18, 2013, 12:00 am

≫ Next: Cybercrime-friendly community branded HTTP/SMTP based keylogger spotted in the wild

≪ Previous: Cybercriminals resume spamvertising ‘Re: Fwd: Wire Transfer’ themed emails, serve client-side exploits and malware

$

0

0

By Dancho Danchev A currently ongoing malicious email campaign is impersonating ADP in an attempt to trick its customers into thinking that they’ve received a ‘Package Delivery Notification.’ In reality though, once a user clicks on any of the links found in the malicious email, they’re automatically exposed to the client-side exploits served by the Black Hole [...]

Cybercrime-friendly community branded HTTP/SMTP based keylogger spotted in the wild

March 19, 2013, 12:00 am

≫ Next: Hacked PCs as ‘anonymization stepping-stones’ service operates in the open since 2004

≪ Previous: ‘ADP Package Delivery Notification’ themed emails lead to Black Hole Exploit Kit

$

0

0

By Dancho Danchev Utilizing basic site ‘stickiness’ and visitor retention practices, over the years, cybercrime-friendly communities have been vigorously competing to attract, satisfy, and retain their visitors. From exclusive services available only to community members, to DIY cybercrime-friendly tools, the practice is still a common way for the community administrators to boost the underground reputation of their forum. However, [...]

Hacked PCs as ‘anonymization stepping-stones’ service operates in the open since 2004

March 20, 2013, 12:00 am

≫ Next: Fake ‘CNN Breaking News Alerts’ themed emails lead to Black Hole Exploit Kit

≪ Previous: Cybercrime-friendly community branded HTTP/SMTP based keylogger spotted in the wild

$

0

0

By Dancho Danchev On the majority of occasions, cybercriminals will take basic OPSEC (Operational Security) precautions when using the Internet, in an attempt to make it harder for law enforcement to keep track of their fraudulent activities. Over the years, these techniques have greatly evolved to include hybrid online anonymity solutions offered exclusively to cybercriminals internationally. In this [...]

Fake ‘CNN Breaking News Alerts’ themed emails lead to Black Hole Exploit Kit

March 21, 2013, 12:00 am

≫ Next: Spotted: cybercriminals working on new Western Union based ‘money mule management’ script

≪ Previous: Hacked PCs as ‘anonymization stepping-stones’ service operates in the open since 2004

$

0

0

By Dancho Danchev Cybercriminals are currently mass mailing tens of thousands malicious ‘CNN Breaking News’ themed emails, in an attempt to trick users into clicking on the exploit-serving and malware-dropping links found within. Once users click on any of the links found in the bogus emails, they’re automatically exposed to the client-side exploits served by the [...]

Spotted: cybercriminals working on new Western Union based ‘money mule management’ script

March 22, 2013, 12:00 am

≫ Next: Malicious ‘BBC Daily Email’ Cyprus bailout themed emails lead to Black Hole Exploit Kit

≪ Previous: Fake ‘CNN Breaking News Alerts’ themed emails lead to Black Hole Exploit Kit

$

0

0

By Dancho Danchev Risk-forwarding is an inseparable part of the cybercrime ecosystem. Whether it’s the use of malware-infected hosts as stepping-stones, the issuing of License Agreements for your latest rootkit release stating that it’s meant to be tested against the customer’s own systems — you wish — or the selling of cheap access to verified PayPal accounts, [...]

Malicious ‘BBC Daily Email’ Cyprus bailout themed emails lead to Black Hole Exploit Kit

March 25, 2013, 12:00 am

≫ Next: ‘ADP Payroll Invoice’ themed emails lead to malware

≪ Previous: Spotted: cybercriminals working on new Western Union based ‘money mule management’ script

$

0

0

By Dancho Danchev Cybercriminals are currently spamvertising tens of thousands of malicious emails impersonating BBC News, in an attempt to trick users into thinking that someone has shared a Cyprus bailout themed news item with them. Once users click on any of the links found in the fake emails, they’re automatically exposed to the client-side [...]

‘ADP Payroll Invoice’ themed emails lead to malware

March 26, 2013, 12:00 am

≫ Next: ‘Terminated Wire Transfer Notification/ACH File ID” themed malicious campaigns lead to Black Hole Exploit Kit

≪ Previous: Malicious ‘BBC Daily Email’ Cyprus bailout themed emails lead to Black Hole Exploit Kit

$

0

0

By Dancho Danchev Over the past week, we intercepted a massive ‘ADP Payroll Invoice” themed malicious spam campaign, enticing users into executing a malicious file attachment. Once users execute the sample, it downloads additional pieces of malware on the affected host, compromising the integrity, and violating the confidentiality of the affected PC. More details: Sample [...]

---

‘Terminated Wire Transfer Notification/ACH File ID” themed malicious campaigns lead to Black Hole Exploit Kit

March 27, 2013, 12:00 am

≫ Next: New DIY RDP-based botnet generating tool leaks in the wild

≪ Previous: ‘ADP Payroll Invoice’ themed emails lead to malware

$

0

0

By Dancho Danchev A couple of days ago our sensors picked up two separate malicious email campaigns, both impersonating Data Processing Services, that upon successful client-side exploitation (courtesy of the Black Hole Exploit Kit), drops an identical piece of malicious software. Let’s dissect the campaigns, expose the malicious domains portfolio, connect them to previously profiled malicious campaigns, and [...]

New DIY RDP-based botnet generating tool leaks in the wild

March 28, 2013, 12:00 am

≫ Next: A peek inside the EgyPack Web malware exploitation kit

≪ Previous: ‘Terminated Wire Transfer Notification/ACH File ID” themed malicious campaigns lead to Black Hole Exploit Kit

$

0

0

By Dancho Danchev In times when we’re witnessing the most prolific and systematic abuse of the Internet for fraudulent and purely malicious activities, there are still people who cannot fully grasp the essence of the cybercrime ecosystem in the context of the big picture — economic terrosm — and in fact often deny its existence, [...]

A peek inside the EgyPack Web malware exploitation kit

March 29, 2013, 12:00 am

≫ Next: DIY Java-based RAT (Remote Access Tool) spotted in the wild

≪ Previous: New DIY RDP-based botnet generating tool leaks in the wild

$

0

0

By Dancho Danchev On a daily basis we process multiple malicious campaigns that, in 95%+ of cases, rely on the market leading Black Hole Exploit Kit. The fact that this Web malware exploitation kit is the kit of choice for the majority of cybercriminals, speaks for its key differentiation factors/infection rate success compared to the competing exploit [...]

DIY Java-based RAT (Remote Access Tool) spotted in the wild

April 1, 2013, 12:00 am

≫ Next: Spamvertised ‘Re: Changelog as promised’ themed emails lead to malware

≪ Previous: A peek inside the EgyPack Web malware exploitation kit

$

0

0

By Dancho Danchev While the authors/support teams of some of the market leading Web malware exploitation kits are competing on their way to be the first kit to introduce a new exploit on a mass scale, others, largely influenced by the re-emergence of the DIY (do-it-yourself) trend across the cybercrime ecosystem, continue relying on good [...]

Spamvertised ‘Re: Changelog as promised’ themed emails lead to malware

April 2, 2013, 12:00 am

≫ Next: Cybercrime-friendly service offers access to tens of thousands of compromised accounts

≪ Previous: DIY Java-based RAT (Remote Access Tool) spotted in the wild

$

0

0

By Dancho Danchev We have recently intercepted a malicious spam campaign, that’s attempting to trick users into thinking that they’ve received a non-existent “changelog.” Once gullible and socially engineered users execute the malicious attachment, their PCs automatically become part of the botnet operated by the cybercriminal/gang of cybercriminals. More details: Sample screenshot of the spamvertised [...]