Clik here to view.
Custom USB sticks bypassing Windows 7/8′s AutoRun protection measure going...
By Dancho Danchev When Microsoft disabled AutoRun on XP and Vista back in February, 2011, everyone thought this was game over for the bad guys who were abusing the removable media...
View ArticleClik here to view.
DIY commercially-available ‘automatic Web site hacking as a service’ spotted...
By Dancho Danchev A newly launched underground market service, aims to automate the unethical penetration testing process, by empowering virtually all of its (paying) customers with what they claim is...
View ArticleClik here to view.
‘Malware-infected hosts as stepping stones’ service offers access to hundreds...
By Dancho Danchev Malware-infected hosts with clean IP reputation have always been a desirable underground market item. On the majority of occasions, they will either be abused as...
View ArticleClik here to view.
New ‘Hacked shells as a service’ empowers cybercriminals with access to high...
By Dancho Danchev Whether it’s abusing the ‘Long Tail’ of the Web by systematically and efficiently exploiting tens of thousands of legitimate Web sites, or the quest to compromise few, but...
View ArticleClik here to view.
Fake ‘iPhone Picture Snapshot Message’ themed emails lead to malware
By Dancho Danchev We’ve just intercepted a currently circulating malicious spam campaign that’s attempting to trick iPhone owners into thinking that they’ve received a ‘picture snapshot message’. Once...
View ArticleClik here to view.
Potentially Unwanted Applications and You
By Adam McNeil PUA’s (Potentially Unwanted Applications) are often nuisance applications which serve little purpose other than using your computer as a gateway for online advertisements or as a...
View ArticleClik here to view.
Malicious Bank of America (BofA) ‘Statement of Expenses’ themed emails lead...
By Dancho Danchev Bank of America (BofA) customers, watch what you click on! A currently ongoing malicious spam campaigns is attempting to entice BofA customers into clicking on the client-side exploit...
View ArticleClik here to view.
Cybercriminals spamvertise fake ‘O2 U.K MMS’ themed emails, serve malware
By Dancho Danchev British users, watch what you execute on your PCs! An ongoing malicious spam campaign is impersonating U.K’s O2 mobile carrier, in an attempt to trick its customers into executing a...
View ArticleClik here to view.
One-stop-shop for spammers offers DKIM-verified SMTP servers, harvested email...
By Dancho Danchev In a series of blog posts, we’ve been highlighting the ease, automation, and sophistication of today’s customer-ized managed spam ‘solutions’, setting up the foundations for a...
View ArticleClik here to view.
Fake ‘Apple Store Gift Card’ themed emails serve client-side exploits and...
By Dancho Danchev Apple Store users, beware! A currently ongoing malicious spam campaign is attempting to trick users into thinking that they’ve successfully received a legitimate ‘Gift Card’ worth...
View ArticleClik here to view.
Newly launched managed ‘malware dropping’ service spotted in the wild
By Dancho Danchev Among the most common misconceptions about the way a novice cybercriminal would approach his potential victims has to do with the practice of having him looking for a ‘seed’...
View ArticleClik here to view.
Cybercrime-friendly underground traffic exchange helps facilitate fraudulent...
By Dancho Danchev Throughout the last couple of years, the persistent demand for geolocated traffic coming from both legitimate traffic exchanges or purely malicious ones — think traffic acquisition...
View ArticleClik here to view.
From Vietnam with tens of millions of harvested emails, spam-ready SMTP...
By Dancho Danchev How would a cybercriminal differentiate his unique value proposition (UVP) in order to attract new customers wanting to purchase commoditized underground market items like, for...
View ArticleClik here to view.
DIY Craigslist email collecting tools empower spammers with access to...
By Dancho Danchev In need of a good reason to start using Craigslist ‘real email anonymization’ option? We’re about to give you a pretty good one. For years, the popular classified Web site has been...
View ArticleClik here to view.
Bulletproof TDS/Doorways/Pharma/Spam/Warez hosting service operates in the...
By Dancho Danchev Operating in the open since 2009, a bulletproof hosting provider continues offering services for white, grey, and black projects, as they like to describe them, and has been directly...
View ArticleClik here to view.
DIY automatic cybercrime-friendly ‘redirectors generating’ service spotted in...
By Dancho Danchev Redirectors are a popular tactic used by cybercriminal on their way to trick Web filtering solutions. And just as we’ve seen in virtually ever segment of the underground marketplace,...
View ArticleClik here to view.
[Video] ThreatVlog, Episode 1: Tor and Apple exploits revealed
What is Tor? Is it really secure? What about the Apple App Store approval process? Are all these applications really looked at? In today’s episode, Grayson Milbourne covers the exploitation of the Tor...
View ArticleClik here to view.
[Video] ThreatVlog, Episode 2: Keyloggers and your privacy
Commercial and black hat keyloggers can infect any device, from your PC at home to the phone in your hand. What exactly are these programs trying to steal? How can this data be used harmfully against...
View ArticleClik here to view.
Cybercriminals offer spam-ready SMTP servers for rent/direct managed purchase
By Dancho Danchev We continue to observe an increase in underground market propositions for spam-ready bulletproof SMTP servers, with the cybercriminals behind them trying to differentiate their unique...
View ArticleClik here to view.
Cybercrime-friendly underground traffic exchanges help facilitate fraudulent...
By Dancho Danchev The list of monetization tactics a cybercriminal can take advantage of, once they manage to hijack a huge portion of Web traffic, is virtually limitless and is entirely based on his...
View Article