Monthly Archives:: June 2012


Spamvertised ‘Your Amazon.com order confirmation’ emails serving client-side exploits and malware

by

Everyone uses Amazon! At least that’s what the cybercriminals are hoping.  Cybercriminals are currently spamvertising millions of emails impersonating Amazon.com Inc. in an attempt to trick end and corporate users into clicking on the malicious links found in the emails. More details:

Continue Reading »

Spamvertised ‘DHL Package delivery report’ emails serving malware

by

Cybercriminals are currently spamvertising millions of emails impersonating DHL in an attempt trick end and corporate users into downloading and executing the malicious .zip file attached to the emails. More details:

Continue Reading »

Mozilla patches critical security vulnerabilities in Firefox and Thunderbird

by

In yesterday’s Firefox 13 release, Mozilla has fixed seven critical security vulnerabilities, four of which are critical. The majority of these vulnerabilities are also fixed in the latest Thunderbird 13 release. More details on the vulnerabilities:

Continue Reading »

Spamvertised ‘UPS Delivery Notification’ emails serving client-side exploits and malware

by

Think you received a package? Think again. Cybercriminals are currently spamvertising millions of emails impersonating UPS (United Parcel Service) in an attempt to trick users into downloading the viewing the malicious .html attachment. More details:

Continue Reading »

Skype propagating Trojan targets Syrian activists

by

The Electronic Frontier Foundation (EFF) is reporting on a recently intercepted malicious documents distributed over Skype, apparently targeting Syrian activists. Upon viewing the document, it drops additional files on the infected hosts, and opens a backdoor allowing the cyber spies behind the campaign access to the infected PC.  Webroot has obtained a copy of the malware and analyzed its malicious payload. More details:

Continue Reading »

DDoS for hire services offering to ‘take down your competitor’s web sites’ going mainstream

by

Thanks to the increasing availability of custom coded DDoS modules within popular malware and crimeware releases, opportunistic cybercriminals are easily developing managed DDoS for hire, also known as “rent a botnet” services, next to orchestrating largely under-reported DDoS extortion campaigns against financial institutions and online gambling web sites. In this post, I’ll profile a managed DDoS for hire service, offering to “take down your competitor’s web sites offline in a cost-effective manner”. More details:

Continue Reading »

A peek inside a boutique cybercrime-friendly E-shop – part three

by

Over the past few months, I’ve been witnessing an increase in underground market propositions advertised by what appears to be novice cybercriminals. The trend, largely driven by the increasing supply of cybercrime-as-a-service underground market propositions, results in an increasing number of newly launched cybercrime-friendly E-shops attempting to monetize fraudulently obtained accounting data. In this post, I’ll profile yet another currently spamvertised cybercrime-friendly E-shop, offering access to accounts purchased using stolen credit cards as well as highlight the ways in which cybercriminals obtain the account info in the first place. More details:

Continue Reading »

Cybercriminals infiltrate the music industry by offering full newly released albums for just $1

by

Next to commodity underground goods and services such as managed spam, harvested email databases, boutique cybercrime-friendly services, services offering access to hacked PCs, managed malware crypting on demand, and managed email hacking as a service, the cybercrime ecosystem is also a thriving marketplace for stolen intellectual property, such as music releases. In this post I’ll profile a recently launched affiliate network for pirated music, offering up to 35% revenue sharing schemes with the cybercriminals that start reselling the stolen releases which undercut the official music marketplaces prices in an attempt to increase their profits. More details:

Continue Reading »