Posts Categorized: Botnet activity


Fake Intuit ‘Direct Deposit Service Informer’ themed emails lead to Black Hole Exploit Kit

by

Cybercriminals are currently spamvertising tens of thousands of fake emails, impersonating Intuit, in an attempt to trick its customers and users into clicking on the malicious links found in the emails. Once users click on any of the links, they’re exposed to the client-side exploits served by the latest version of the Black Hole Exploit Kit, which ultimately drops malware on the affected hosts. More details:

Continue Reading »

Android malware spreads through compromised legitimate Web sites

by

Over the past 24 hours, our sensor networks picked up an interesting website infection affecting a popular Bulgarian website for branded watches, which ultimately redirects and downloads premium rate SMS Android malware on the visiting user devices. The affected Bulgarian website is only the tip of the iceberg, based on the diversified portfolio of malicious domains known to have been launched by the same party that launched the original campaign. More details:

Continue Reading »

Leaked DIY malware generating tool spotted in the wild

by

How easy is it to create an undetected piece of malware these days? Too easy to be true! With more DIY malware botnets and DIY malware generating tools continuing to leak at public cybercrime-friendly forums, today’s novice cybercriminals have access to sophisticated point’n’click malware generating tools that were once only available in the arsenal of the experienced cybercriminal. In this post, I’ll profile a recently leaked DIY malware generating tool, discuss its core features, and emphasize on its relevance in the context of the big picture when it comes to ongoing waves of malicious activity we’ve been monitoring over the […]

Continue Reading »

‘Batch Payment File Declined’ EFTPS themed emails lead to Black Hole Exploit Kit

by

Cybercriminals are currently mass mailing tens of thousands of emails, impersonating the EFTPS (Electronic Federal Tax Payment System), in an attempt to trick its users into clicking on exploits and malware serving malicious links found in the emails. More details:

Continue Reading »

Fake ‘ADP Speedy Notifications’ lead to client-side exploits and malware

by

Over the past week, cybercriminals have resumed spamvertising fake “ADP Immediate Notifications” in an attempt to trick users into clicking on the malicious links found in the emails. The links point to the latest version of the Black Hole Exploit Kit, and consequently, exploit CVE-2013-0422, affecting the latest version of Java. With no fix for this vulnerability currently available, users are advised  to disable Java immediately. More details:

Continue Reading »

‘Please confirm your U.S Airways online registration’ themed emails lead to Black Hole Exploit Kit

by

In 2012, fake flight reservation confirmations and bogus E-ticket verifications were a popular social engineering theme for cybercriminals. On numerous occasions, we intercepted related campaigns attempting to trick customers into clicking on malicious links, which ultimately exposed them to the client-side exploits served by the latest version of the Black Hole Exploit Kit. Apparently, the click-through rates for these campaigns were good enough for cybercriminals to resume spamvertising related campaigns. In this post, I’ll profile the most recently spamvertised campaign impersonating U.S Airways. More details:

Continue Reading »

Spamvertised AICPA themed emails serve client-side exploits and malware

by

Certified Public Accountants (CPAs) are a common target for cybercriminals. Throughout 2012, we intercepted several campaigns directly targeting CPAs in an attempt to trick them into clicking on the malicious links found in the emails. Once they click on any of the links, they’re automatically exposed to the client-side exploits served by the latest version of the Black Hole Exploit Kit. In this post, I’ll analyze one of the most recently spamvertised campaigns impersonating the American Institute of Certified Public Accountants, also known as AICPA. More details:

Continue Reading »

Fake ‘You have made an Ebay purchase’ themed emails lead to client-side exploits and malware

by

Over the past 24 hours, cybercriminals have launched yet another massive spam campaign, this time impersonating both eBay and PayPal, in an attempt to trick their users into clicking on the client-side exploits and malware serving links found in the malicious emails. More details:

Continue Reading »

‘Attention! Changes in the bank reports!’ themed emails lead to Black Hole Exploit Kit

by

Cybercriminals are currently spamvertising tens of thousands of emails in an attempt to impersonate the recipients’ bank, tricking them into thinking that the Ministry of Finance in their country has introduced new rules for records keeping, and that they need to print and sign a non-existent document. Once users click on the links found in the malicious emails, they’re automatically exposed to the client-side exploits served by the latest version of the Black Hole Exploit Kit. More details:

Continue Reading »