Monthly Archives:: March 2012


Spamvertised ‘Scan from a Hewlett-Packard ScanJet’ emails lead to client-side exploits and malware

by

Security researchers from Webroot have intercepted a currently spamvertised malicious campaign, impersonating Hewlett Packard, and enticing end and corporate users into downloading and viewing a malicious .htm attachment. More details:

Continue Reading »

Spamvertised Verizon-themed ‘Your Bill Is Now Available’ emails lead to ZeuS crimeware

by

Cybercriminals newest spamvertised malware campaign is brand-jacking Verizon Wireless in an attempt to trick end users into clicking on the malicious links embedded in the email. More details:

Continue Reading »

Tens of thousands of web sites affected in ongoing mass SQL injection attack

by

Hundreds of thousands of legitimate web sites are currently affected in a a mass SQL injection attack that has been ongoing for the past several months. The ongoing mass SQL injection attacks, are directly related to last year’s scareware-serving Lizamoon mass SQL injection attacks. The cybercriminals behind it, are automatically exploiting the legitimate web sites, and embedding a tiny script on the affected pages, abusing an input validation flaw, or exploiting vulnerable and outdated versions of the web application software running on them. More details:

Continue Reading »

Spamvertised LinkedIn notifications serving client-side exploits and malware

by

Cybercriminals are currently spamvertising LinkedIn themed messages, in an attempt to trick end and corporate users into clicking on the malicious links embedded in the emails. The campaign is using real names of LinkedIn users in an attempt to increase the authenticity of the spamvertised campaign. More details:

Continue Reading »

Rogue APKs continue to find new homes

by

by Armando Orozco We’ve been tracking rogue premium-sms Android apps for sometime now. Here’s an interesting site we came across offering a download of the Google Music application, but this one comes with a cost. This site serves up a premium-sms Trojan of the ransom variety. Targeting Russian speakers these Rogue’s, we call Android.FakeInst, offer to give access to the app but for a fee.                           

Continue Reading »

Spamvertised ‘Your tax return appeal is declined’ emails serving client-side exploits and malware

by

Cybercriminals are currently spamvertising with IRS (Internal Revenue Service) themed emails, enticing end and corporate users into downloading and viewing a malicious .htm attachment. More details:

Continue Reading »

Trojan Downloaders actively utilizing Dropbox for malware distribution

by

By Curtis Fechner It’s never surprising to see the multitude of tactics a cybercriminal will use to deliver malware. In this case, I came across a collection of files masquerading as RealNetworks updater executables. These files were all located in a user’s %AppData%realupdate_ob directory, and the sizes were all quite consistent. At first glance there was nothing too special about this finding – malware appearing to be legitimate software is nothing new. When I looked into the specific behaviors of the file, it became clearer that the software is in fact malicious, and that it is actually downloading malicious files […]

Continue Reading »

Millions of harvested U.S government and U.S military email addresses offered for sale

by

Remember the underground service offering millions of harvested emails for sale profiled at the Webroot Threat Blog in January? It appears  that cybercriminals are continuing to innovate in this underground market segment by offering geolocated databases of millions of harvested emails for better targeting in their upcoming spam campaigns. In this post, I’ll profile yet another cybercrime underground  service selling millions of harvested emails to potential cybercriminals.

Continue Reading »

Research: U.S accounts for 72% of fraudulent pharmaceutical orders

by

Just how profitable is spam? Who’s buying the counterfeit pharmaceutical items advertised so heavily in a huge percentage of the spam campaigns currently circulating in the wild? According to a newly released report by the University of California at San Diego, although hundreds of thousands of people visit the fraudulent pharmaceutical scam sites, only a small percentage of them is actually purchasing the counterfeit pharmaceutical items. In this particular case, the United States leads with 72% of total purchases from fraudulent pharmaceutical sites. More details:

Continue Reading »