Monthly Archives:: May 2012


Cybercriminals release ‘Sweet Orange’ – new web malware exploitation kit

by

From DIY (do-it-yourself) exploit generating tools, to efficient platforms for exploitation of end and corporate users, today’s efficiency-oriented cybercriminals are constantly looking for ways to monetize hijacked web traffic. In order to do so, they periodically introduce new features in the exploit kits, initiate new partnerships with managed malware/script crypting services, and do their best to stay ahead of the security industry. What are some of the latest developments in this field? Meet Sweet Orange, one of the most recently released web malware exploitation kits, available for sale at selected invite-only cybercrime-friendly communities. What’s so special about Sweet Orange? Does it […]

Continue Reading »

A peek inside a boutique cybercrime-friendly E-shop

by

The vibrant cybercrime ecosystem is populated by a diverse set of market players. From sellers, to buyers and vendors, sophisticated cybercriminals next to novice cybercriminals, everyone is persistently looking for ways to monetize their assets and increase their revenue. Over the past two years, the industry witnessed the maturing business models in use by cybercriminals, and the rise of the so called cybercrime-as-a-service underground market propositions. Cybercriminals of all kinds have realized that managed services are the future that offer an efficient revenue generating platform for everyone to take advantage of. In this post, I’ll profile a recently advertised boutique […]

Continue Reading »

Managed SMS spamming services going mainstream

by

Are you receiving SMS spam? According to the latest reports, millions of mobile users do. The trend is largely driven by what Webroot is observing as an increase in underground market propositions offering managed SMS spamming services to new market entrants not interested in building and maintaining the spamming infrastructure on their own. In this post, I’ll profile a recently advertised managed service offering SMS spamming capabilities to potential customers, discuss the latest innovations in this field, their impact to mobile security, and what are some of the key factors contributing to the growth of SMS spam. More details:

Continue Reading »

“You Want To Pay For What!?”

by

by Nathan Collier Recently we found new apps in alternative Chinese markets that we are considering a Potentially Unwanted Application (PUA).  We are calling these apps Android.PUA.SMS.QuickPay.  Lets look at a sample of this app.  The sample we will look at is an app called “Screen Detection” which is an app that helps find dead pixels on your screen by displaying the colors red, green, blue, black, and white making it easy to see the dead pixel in contrast to these colors.  Pretty simple app.  Within a few seconds of opening the app this message pops up: “Activate the full […]

Continue Reading »

London’s InfoSec 2012 Event – recap

by

As many of you know, Webroot attended London’s annual security event — Europe’s largest 3 day security show — last week. The show was a blast! Countless number of new partnerships being formed, dozens of press briefings on a daily basis, daily presentations on “Current and Emerging Trend Within the Cybercrime Ecosystem”, and best of all – many new users of the industry’s leading endpoint protection – Webroot SecureAnywhere Complete 2012. Taking into consideration the fact that a picture is worth a thousand words, consider going through the photos from London’s InfoSec 2012 event that we’ve prepared for you, to get […]

Continue Reading »