Webroot Retired ThreatBlog Member - Dancho Danchev

Dancho Danchev

Role: Retired ThreatBlog Member
Threat Blog Posts: 467

Dancho Danchev is an internationally recognized security blogger, cybercrime researcher, and a public speaker.  He’s been an active security blogger since 2006, maintaining a popular security blog, where he shares detailed analyses of tactics, techniques, and procedures (TTP) of malicious and fraudulent adversaries.

You can find out more about Dancho’s expertise and experience at his LinkedIn Profile, or at Wikipedia.

You can alsofollow him on  TwitterGoogle+ or Facebook.



Posts by Dancho Danchev:

Spamvertised ‘Your UPS delivery tracking’ emails serving client-side exploits and malware

by

Cybercriminals are currently spamvertising millions of emails impersonating United Parcel Service (UPS) in an attempt to trick end and corporate users into clicking on exploits and malware serving links found in the malicious emails. What exploits are they using? How widespread is the campaign? Is it an isolated incident, or is the campaign linked to more malicious activity? More details:

Continue Reading »

‘Create a Cartoon of You” ads serving MyWebSearch toolbar

by

On their way to attract new users, adware providers and online marketers often come up with new and creative ideas tailored to average Internet users. These often include free screensavers, browser plugins, toolbars, and that’s just for starters. In this post, we’ll profile the market proposition of one of these online advertisers, previously known as a vendor of adware toolbars, and discuss what has changed over the years. More details:

Continue Reading »

Spamvertised ‘Your Paypal Ebay.com payment’ emails serving client-side exploits and malware

by

Remember the ‘Your Amazon.com order confirmation’ client-side exploits and malware serving campaign which I profiled earlier this week? It appears that the gang behind it is back with another campaign, this time impersonating PayPal. For the time being, another round consisting of millions of malicious emails is circulating in the wild, enticing end and corporate users into clicking on malicious links found in the emails. More details:

Continue Reading »

Oracle and Apple patch critical Java security vulnerabilities

by

In a coordinated effort Oracle and Apple recently issued a critical security update for Java. Next to Adobe Flash, and Acrobat Reader, client-side vulnerabilities found in insecure versions of Java are among the most popular entry points for malicious attackers on the hosts of users with outdated third-party software and browser plugins. More details:

Continue Reading »

Cybercriminals populate Scribd with bogus adult content, spread malware using Comodo Backup

by

On their way to convert legitimate traffic into malware-infected hosts using web malware exploitation kits, cybercriminals have been actively experimenting with multiple traffic acquisition techniques over the past couple of years. From malvertising (the process of displaying malicious ads), to compromised high-trafficked web sites, to blackhat SEO (search engine optimization), the tools in their arsenal have been systematically maturing to become today’s sophisticated traffic acquisition platforms delivering millions of unique visits from across the world, to the cybercriminals behind the campaigns. What are some of the latest campaigns currently circulating in the wild? How are cybercriminals monetizing the hijacked traffic? Are […]

Continue Reading »

Spamvertised ‘Your Amazon.com order confirmation’ emails serving client-side exploits and malware

by

Everyone uses Amazon! At least that’s what the cybercriminals are hoping.  Cybercriminals are currently spamvertising millions of emails impersonating Amazon.com Inc. in an attempt to trick end and corporate users into clicking on the malicious links found in the emails. More details:

Continue Reading »

Spamvertised ‘DHL Package delivery report’ emails serving malware

by

Cybercriminals are currently spamvertising millions of emails impersonating DHL in an attempt trick end and corporate users into downloading and executing the malicious .zip file attached to the emails. More details:

Continue Reading »

Mozilla patches critical security vulnerabilities in Firefox and Thunderbird

by

In yesterday’s Firefox 13 release, Mozilla has fixed seven critical security vulnerabilities, four of which are critical. The majority of these vulnerabilities are also fixed in the latest Thunderbird 13 release. More details on the vulnerabilities:

Continue Reading »

Spamvertised ‘UPS Delivery Notification’ emails serving client-side exploits and malware

by

Think you received a package? Think again. Cybercriminals are currently spamvertising millions of emails impersonating UPS (United Parcel Service) in an attempt to trick users into downloading the viewing the malicious .html attachment. More details:

Continue Reading »

Skype propagating Trojan targets Syrian activists

by

The Electronic Frontier Foundation (EFF) is reporting on a recently intercepted malicious documents distributed over Skype, apparently targeting Syrian activists. Upon viewing the document, it drops additional files on the infected hosts, and opens a backdoor allowing the cyber spies behind the campaign access to the infected PC.  Webroot has obtained a copy of the malware and analyzed its malicious payload. More details:

Continue Reading »