Articles on this Page
- 03/05/13--23:00: _Segmented Russian “...
- 03/06/13--23:00: _New DIY hacked emai...
- 03/07/13--23:00: _New DIY unsigned ma...
- 03/11/13--00:00: _Commercial Steam ‘i...
- 03/12/13--00:00: _Fake BofA CashPro ‘...
- 03/13/13--00:00: _Spamvertised BBB ‘Y...
- 03/14/13--14:16: _New ZeuS source cod...
- 03/15/13--00:00: _Cybercriminals resu...
- 03/18/13--00:00: _‘ADP Package Delive...
- 03/19/13--00:00: _Cybercrime-friendly...
- 03/20/13--00:00: _Hacked PCs as ‘anon...
- 03/21/13--00:00: _Fake ‘CNN Breaking ...
- 03/22/13--00:00: _Spotted: cybercrimi...
- 03/25/13--00:00: _Malicious ‘BBC Dail...
- 03/26/13--00:00: _‘ADP Payroll Invoic...
- 03/27/13--00:00: _‘Terminated Wire Tr...
- 03/28/13--00:00: _New DIY RDP-based b...
- 03/29/13--00:00: _A peek inside the E...
- 04/01/13--00:00: _DIY Java-based RAT ...
- 04/02/13--00:00: _Spamvertised ‘Re: C...
- 03/05/13--23:00: Segmented Russian “spam leads” offered for sale
- 03/26/13--00:00: ‘ADP Payroll Invoice’ themed emails lead to malware
- 03/28/13--00:00: New DIY RDP-based botnet generating tool leaks in the wild
- 03/29/13--00:00: A peek inside the EgyPack Web malware exploitation kit
- 04/01/13--00:00: DIY Java-based RAT (Remote Access Tool) spotted in the wild
By Dancho Danchev What is the Russian underground up to when it comes to ‘spear phishing’ attacks? How prevalent is the tactic among Russian cybercriminals? What “data acquisition tactics” do they rely on, and just how sophisticated are their “data mining” capabilities? Let’s find out by emphasizing on a recent underground market advertisement offering access [...]
By Dancho Danchev What would an average cybercriminal do if he had access to tens of thousands of compromised email accounts? He’d probably start outsourcing the CAPTCHA solving process, in an attempt to hijack the IP reputation of both Domain Keys verified and trusted domains of all major free Web based email service providers. What about sophisticated attackers [...]
By Dancho Danchev Just as we anticipated on numerous occassions in our series of blog posts exploring the emerging DIY (do it yourself) trend within the cybercrime ecosystem, novice cybercriminals continue attempting to steal market share from market leaders, in order for them to either gain credibility within a particular cybercrime-friendly community, or secure a revenue stream. Throughout 2012, [...]
By Dancho Danchev Despite the fact that the one-to-many type of malicious campaign continues dominating the threat landscape, cybercriminals are constantly looking for new ways to better tailor their campaigns to the needs, wants, and demands of potential customers. Utilizing basic marketing concepts such as localization, market segmentation, as well as personalization, today’s sophisticated cybercriminals would [...]
By Dancho Danchev Over the past 24 hours, we intercepted tens of thousands of malicious emails attempting to socially engineering BofA’s CashPro users into downloading and executing a bogus online digital certificate attached to the fake emails. More details: Sample screenshot of the spamvertised email: Detection rate for the malicious executable: MD5: bfe7c4846823174cbcbb10de9daf426b – detected by 34 out of [...]
By Dancho Danchev Over the past week, a cybercriminal/gang of cybercriminals whose activities we’ve been actively profiling over a significant period of time, launched two separate massive spam campaigns, this time impersonating the Better Business Bureau (BBB), in an attempt to trick users into thinking that their BBB accreditation has been terminated. Once users click on any [...]
By Dancho Danchev We have recently spotted a new underground market ad, featuring a new commercially available malware bot+rootkit based on the ZeuS crimeware’s leaked source code. According to its author, the modular nature of the bot, allows him to keep coming up with new plugins, resulting in systematic “innovation” and the introduction of new features. What’s the long-term [...]
By Dancho Danchev Over the last couple of days, a cybercricriminal/gang of cybercriminals that we’ve been extensively profiling, resumed spamvertising tens of thousands of emails, in an attempt to trick users that they have a pending wire transfer. Once users click on any of the links found in the malicious emails, they’re exposed to the [...]
By Dancho Danchev A currently ongoing malicious email campaign is impersonating ADP in an attempt to trick its customers into thinking that they’ve received a ‘Package Delivery Notification.’ In reality though, once a user clicks on any of the links found in the malicious email, they’re automatically exposed to the client-side exploits served by the Black Hole [...]
By Dancho Danchev Utilizing basic site ‘stickiness’ and visitor retention practices, over the years, cybercrime-friendly communities have been vigorously competing to attract, satisfy, and retain their visitors. From exclusive services available only to community members, to DIY cybercrime-friendly tools, the practice is still a common way for the community administrators to boost the underground reputation of their forum. However, [...]
By Dancho Danchev On the majority of occasions, cybercriminals will take basic OPSEC (Operational Security) precautions when using the Internet, in an attempt to make it harder for law enforcement to keep track of their fraudulent activities. Over the years, these techniques have greatly evolved to include hybrid online anonymity solutions offered exclusively to cybercriminals internationally. In this [...]
By Dancho Danchev Cybercriminals are currently mass mailing tens of thousands malicious ‘CNN Breaking News’ themed emails, in an attempt to trick users into clicking on the exploit-serving and malware-dropping links found within. Once users click on any of the links found in the bogus emails, they’re automatically exposed to the client-side exploits served by the [...]
By Dancho Danchev Risk-forwarding is an inseparable part of the cybercrime ecosystem. Whether it’s the use of malware-infected hosts as stepping-stones, the issuing of License Agreements for your latest rootkit release stating that it’s meant to be tested against the customer’s own systems — you wish — or the selling of cheap access to verified PayPal accounts, [...]
By Dancho Danchev Cybercriminals are currently spamvertising tens of thousands of malicious emails impersonating BBC News, in an attempt to trick users into thinking that someone has shared a Cyprus bailout themed news item with them. Once users click on any of the links found in the fake emails, they’re automatically exposed to the client-side [...]
By Dancho Danchev Over the past week, we intercepted a massive ‘ADP Payroll Invoice” themed malicious spam campaign, enticing users into executing a malicious file attachment. Once users execute the sample, it downloads additional pieces of malware on the affected host, compromising the integrity, and violating the confidentiality of the affected PC. More details: Sample [...]
By Dancho Danchev A couple of days ago our sensors picked up two separate malicious email campaigns, both impersonating Data Processing Services, that upon successful client-side exploitation (courtesy of the Black Hole Exploit Kit), drops an identical piece of malicious software. Let’s dissect the campaigns, expose the malicious domains portfolio, connect them to previously profiled malicious campaigns, and [...]
By Dancho Danchev In times when we’re witnessing the most prolific and systematic abuse of the Internet for fraudulent and purely malicious activities, there are still people who cannot fully grasp the essence of the cybercrime ecosystem in the context of the big picture — economic terrosm — and in fact often deny its existence, [...]
By Dancho Danchev On a daily basis we process multiple malicious campaigns that, in 95%+ of cases, rely on the market leading Black Hole Exploit Kit. The fact that this Web malware exploitation kit is the kit of choice for the majority of cybercriminals, speaks for its key differentiation factors/infection rate success compared to the competing exploit [...]
By Dancho Danchev While the authors/support teams of some of the market leading Web malware exploitation kits are competing on their way to be the first kit to introduce a new exploit on a mass scale, others, largely influenced by the re-emergence of the DIY (do-it-yourself) trend across the cybercrime ecosystem, continue relying on good [...]
By Dancho Danchev We have recently intercepted a malicious spam campaign, that’s attempting to trick users into thinking that they’ve received a non-existent “changelog.” Once gullible and socially engineered users execute the malicious attachment, their PCs automatically become part of the botnet operated by the cybercriminal/gang of cybercriminals. More details: Sample screenshot of the spamvertised [...]