Webroot Contributing Threat Researcher - Dancho Danchev

Dancho Danchev

Role: Contributing Threat Researcher
Threat Blog Posts: 454

Dancho Danchev is an internationally recognized security blogger, cybercrime researcher, and a public speaker.  He’s been an active security blogger since 2006, maintaining a popular security blog, where he shares detailed analyses of tactics, techniques, and procedures (TTP) of malicious and fraudulent adversaries.

You can find out more about Dancho’s expertise and experience at his LinkedIn Profile, or at Wikipedia.

You can also follow him on  TwitterGoogle+ or Facebook.



Posts by Dancho Danchev:

Cybercriminals abuse Skype’s SMS sending feature, release DIY SMS flooders

by

Cybercriminals are masters of abusing legitimate infrastructure for their malicious purposes. From phishing sites and Black Hole exploit kit landing URLs hosted on compromised servers, abuse of legitimate web email service providers’ trusted DKIM verified ecosystem, to the systematic release of DIY spamming tools utilizing a publicly obtainable database of user names as potential “touch points”, cybercriminals are on the top of their game. In this post, I’ll profile a recently advertised DIY SMS flooder using Skype’s infrastructure for disseminating the messages, and assess the potential impact it could have on end and corporate users. More details:

Continue Reading »

Cybercriminals resume spamvertising bogus greeeting cards, serve exploits and malware

by

Remember the recently profiled 123greetings.com themed malicious campaign? It appears that over the past 24 hours, the cybercriminals behind it have resumed spamvertising millions of emails pointing to additional compromised URls in a clear attempt to improve their click-through rates. More details:

Continue Reading »

Intuit themed ‘QuickBooks Update: Urgent’ emails lead to Black Hole exploit kit

by

It didn’t take long before the cybercriminals behind the recently profiled ‘Intuit Marketplace’ themed campaign resume impersonating Intuit, with a newly launched round consisting of millions of Intuit themed emails. The theme this time? Convincing users that in order to access QuickBooks they would have to install the non-existent Intuit Security Tool. In reality though, clicking on the links points to a Black Hole exploit kit landing URL that ultimately drops malware on the affected hosts. More details:

Continue Reading »

Spamvertised ‘Wire Transfer Confirmation’ themed emails lead to Black Hole exploit kit

by

Over the past 24 hours, cybercriminals started spamvertising millions of emails impersonating the United Parcel Service (UPS) in an attempt to trick end and corporate users into previewing a malicious .html attachment. Upon previewing it, a tiny iFrame attempts to contact a client-side exploits serving a landing URL, courtesy of the Black Hole web malware exploitation kit. More details:

Continue Reading »

Cybercriminals impersonate UPS, serve malware

by

Cybercriminals are currently mass mailing millions of emails impersonating the United Parcel Service (UPS) in an attempt to trick users into downloading and executing the malicious file hosted on a compromised web site. More details:

Continue Reading »

Cybercriminals spamvertise PayPay themed ‘Notification of payment received’ emails, serve malware

by

Cybercriminals are currently spamvertising millions of emails impersonating PayPal, in an attempt to trick PayPal users into executing the malicious attachment found in the emails. Using ‘Notification of payment received‘ subjects, the campaign is relying on the end user’s gullibility in an attempt to infect them with malware. Once executed, it grants a malicious attacker complete control over the victim’s PC. More details:

Continue Reading »

Cybercriminals impersonate Intuit Market, mass mail millions of exploits and malware serving emails

by

Over the past 24 hours, cybercriminals have spamvertised millions of emails impersonating Intuit Market, in an attempt to trick end and corporate users into clicking on the malicious links found in the emails. Upon clicking on them, users are exposed to the client-side exploits served by the Black Hole web malware exploitation kit. More details:

Continue Reading »

Spamvertised ‘Royal Mail Shipping Advisory’ themed emails serve malware

by

British users, beware! Cybercriminals are currently mass mailing millions of emails impersonating the Royal Mail Service in an attempt to trick users into executing the malicious attachment found in the email. Once they do so, the malware opens a backdoor on the targeted hosts allowing cybercriminals to take complete control over the infected PC. More details:

Continue Reading »

Spamvertised ‘Fwd: Scan from a Hewlett-Packard ScanJet’ emails lead to Black Hole exploit kit

by

Over the last couple of hours, cybercriminals have started spamvertising millions of emails pretending to be coming from HP ScanJet scanner, in an attempt to trick end and and corporate users into downloading and viewing the malicious .html attachment. Upon viewing, the document loads the invisible iFrame script, ultimately redirecting the user to a landing URL courtesy of the Black Hole web malware exploitation kit. More details:

Continue Reading »

Spamvertised ‘Federal Tax Payment Rejected’ themed emails lead to Black Hole exploit kit

by

Remember the IRS (Internal Revenue Service) themed malicious campaign profiled at Webroot’s Threat Blog earlier this month? Over the past 24 hours, the cybercriminals behind the campaign resumed mass mailing of the same IRS email template, exposing millions of users to the threats posed by the social engineering driven campaign. More details:

Continue Reading »