Posts Categorized: Botnet activity


Spamvertised ‘June invoice” themed emails lead to malware

by

Cybercriminals continue spamvertising tens of thousands of malicious emails on their way to socially engineer gullible end users, ultimately increasing their botnet’s infected population through the systematic and persistent rotation of popular brands. We’ve recently intercepted a currently circulating malicious campaign enticing users into executing the fake attachment. More details:

Continue Reading »

Malicious JJ Black Consultancy ‘Computer Support Services’ themed emails lead to malware

by

Relying on the systematic and persistent spamvertising of tens of thousands of fake emails, as well as the impersonation of popular brands for the purpose of socially engineering gullible users into downloading and executing malicious attachments found in these emails, cybercriminals continue populating their botnets. We’ve recently intercepted a currently circulating malicious campaign, impersonating JJ Black Consultancy. More details:

Continue Reading »

Spamvertised ‘Notification of payment received’ themed emails lead to malware

by

PayPal users, watch what you click on! We’ve recently intercepted a currently circulating malicious spamvertised campaign which is impersonating PayPal in an attempt to trick socially engineered end users into clicking on the malware-serving links found in the emails. More details:   Sample screenshot of the spamvertised email:

Continue Reading »

A peek inside a subscription-based DIY keylogging based type of botnet/malware generating tool

by

Cybercriminals continue to systematically release DIY (do-it-yourself) type of cybercrime-friendly offerings, in an effort to achieve a ‘malicious economies of scale’ type of fraudulent model, which is a concept that directly intersects with our ‘Cybercrime Trends – 2013‘ observations. We’ve recently spotted yet another subscription-based, DIY keylogging based botnet/malware generating tool. Let’s take a peek inside its Web based interface, and expose the cybercrime-friendly infrastructure behind it. More details:

Continue Reading »

A peek inside a modular, Tor C&C enabled, Bitcoin mining malware bot

by

Cybercriminals continue to maliciously ‘innovate’, further confirming the TTP (tactics, techniques and procedure) observations we made in our Cybercrime Trends – 2013 assessment back in December, 2013, namely, that the diverse cybercrime ecosystem is poised for exponential growth. Standardizing the very basics of fraudulent and malicious operations, throughout the years, cybercriminals have successfully achieved a state of ‘malicious economies of scale, type of economically efficient model, successfully contributing to international widespread financial and intellectual property theft. Thanks to basic cybercrime disruption concepts, such as modular DIY (do-it-yourself) commercial and publicly obtainable malware/botnet generating tools. In 2014, both sophisticated and novice cybercriminals have […]

Continue Reading »

Socks4/Socks5 enabled hosts as a service introduces affiliate network based revenue sharing scheme

by

Thanks to the commercial and public availability of DIY (do-it-yourself) modular malware/botnet generating tools, the diverse market segment for Web malware exploitating kits, as well as traffic acquiring/distributing cybercrime-friendly traffic exchanges, cybercriminals continue populating the cybercrime ecosystem with newly launched services offering API-enabled access to Socks4/Socks5 compromised/hacked hosts. Largely relying on the ubiquitous affiliate network revenue sharing/risk-forwarding scheme, vendors of these services, as well as products with built-in Socks4/Socks5 enabled features, continue acquiring new customers and gaining market share to further capitalize on their maliciously obtained assets. We’ve recently spotted a newly launched affiliate network for a long-run — since 2004 […]

Continue Reading »

5M+ harvested Russian mobile numbers service exposes fraudulent infrastructure

by

Cybercriminals continue adapting to the exponential penetration of mobile devices through the systematic release of DIY (do-it-yourself) mobile number harvesting tools, successfully setting up the foundations for commercial managed/on demand mobile phone number harvesting services, ultimately leading to an influx of mobile  malware/spam campaigns. In addition to boutique based DIY operations, sophisticated, ‘innovation’ and market development-oriented cybercriminals are actively working on the development of commercially available Android-based botnet generating tools, further fueling growth into the market segment. In a series of blog posts, we’ve been profiling multiple cybercrime-friendly services/malicious Android-based underground market releases, further highlighting the professionalization of the market […]

Continue Reading »

Managed Web-based 300 GB/s capable DNS amplification enabled malware bot spotted in the wild

by

Opportunistic cybercriminals continue ‘innovating’ through the systematic release of DIY (do-it-yourself), Web-based, botnet/malware generating tools, seeking to monetize their coding ‘know-how’ and overall understanding of abusive/fraudulent/malicious TTPs (tactics, techniques and procedures) - all for the purpose of achieving a positive ROI with each new release. We’ve recently spotted a newly released, Web-based DNS amplification enabled DDoS bot, and not only managed to connect it to what was once an active DDoS attack, but also, to the abuse of a publicly accessible open DNS resolver which has been set up for research purposes. Let’s discuss some of its features and take a peek at the […]

Continue Reading »

‘Hacking for hire’ teams occupy multiple underground market segments, monetize their malicious ‘know how’

by

In a series of blog posts published throughout 2012, we’ve been highlighting the existence of a vibrant underground market segment, namely, that of ‘hacking for hire’ services, email hacking in particular. Commercially available as a service for years, the practice’s growth was once largely fueled by the release of DIY Web-based popular email provider hacking tools, which once acquired by prospective cybercriminals, quickly became the foundation for a successful business model. How have things changed nowadays, in terms of tactics, techniques and procedures? Profoundly. Case in point, we’ve been tracking two such ‘hacking for hire’ services, both of which offer […]

Continue Reading »