Posts Categorized: Botnet activity


Spamvertised T-Mobile ‘Picture ID Type:MMS” themed emails lead to malware

by

The cybercriminals behind last week’s profiled fake T-Mobile themed email campaign have resumed operations, and have just spamvertised another round of tens of thousands of malicious emails impersonating the company, in order to trick its customers into executing the malicious attachment, which in this case is once again supposedly a legitimate MMS notification message.

Continue Reading »

Novice cyberciminals offer commercial access to five mini botnets

by

With the increased public availability of leaked/cracked DIY malware/botnet generating tools, cybercriminals continue practically generating new botnets on the fly, in order to monetize the process by offering access to these very same botnets at a later stage in the botnet generation process. In addition to monetizing the actual process of setting up and hosting the botnet’s C&C (command and control) servers, novice cybercriminals continue selling direct access to their newly generated botnets, empowering other novice cybercriminals with the foundations for further disseminating and later on monetizing other pieces of malicious software, part of their own arsenal of fraudulent/malicious tools. […]

Continue Reading »

Compromised Turkish Government Web site leads to malware

by

Our sensors just picked up an interesting Web site infection, this time affecting a Web server belonging to the Turkish government, where the cybercriminals behind the campaign have uploaded a malware-serving fake ‘DivX plug-in Required!” Facebook-themed Web page. Once socially engineered users execute the malware variant, their PCs automatically join the botnet operated by the cybercriminals behind the campaign.

Continue Reading »

‘T-Mobile MMS message has arrived’ themed emails lead to malware

by

A circulating malicious spam campaign attempts to trick T-Mobile customers into thinking that they’ve received a password-protected MMS. However, once gullible and socially engineered users execute the malicious attachment, they automatically compromise the confidentiality and integrity of their PCs, allowing the cybercriminals behind the campaign to gain complete control of their PCs.

Continue Reading »

Newly launched ‘HTTP-based botnet setup as a service’ empowers novice cybercriminals with bulletproof hosting capabilities – part two

by

The emergence and sophistication of DIY botnet generating tools has lowered the entry barriers into the world of cybercrime. With ever-increasing professionalism and QA (Quality Assurance) applied by cybercriminals, in combination with  bulletproof cybercrime-friendly hosting providers, these tactics represent key success factors for an increased life cycle of any given fraudulent/malicious campaign. Throughout the years, we’ve witnessed the adoption of multiple bulletproof hosting infrastructure techniques for increasing the life cycle of campaigns,with a clear trend towards diversification, rotation or C&C communication techniques, and most importantly, the clear presence of a KISS (Keep It Simple Stupid) type of pragmatic mentality; especially in […]

Continue Reading »

Spamvertised “FDIC: Your business account” themed emails serve client-side exploits and malware

by

Cybercriminals are mass mailing tens of thousands of malicious Federal Deposit Insurance Corporation (FDIC) themed emails, in an attempt to trick users into clicking on the client-side exploits serving and malware dropping URLs found in the bogus emails. Let’s dissect the campaign, expose the portfolio of malicious domains using it, provide MD5s for a sample exploit and the dropped malware, as well as connect the campaign with previously launched already profiled malicious campaigns.

Continue Reading »

Cybercriminals sell access to tens of thousands of malware-infected Russian hosts

by

Today’s modern cybercrime ecosystem offers everything a novice cybercriminal would need to quickly catch up with fellow/sophisticated cybercriminals. Segmented and geolocated lists of harvested emails, managed services performing the actual spamming service, as well as DIY undetectable malware generating tools, all result in a steady influx of new (underground) market entrants, whose activities directly contribute to the overall growth of the cybercrime ecosystem. Among the most popular questions the general public often asks in terms of cybercrime, what else, besides money, acts as key driving force behind their malicious and fraudulent activities? That’s plain and simple greed, especially in those […]

Continue Reading »

Newly launched managed ‘malware dropping’ service spotted in the wild

by

Among the most common misconceptions about the way a novice cybercriminal would approach his potential victims has to do with the practice of having him looking for a ‘seed’ population to infect, so that he can then use the initially infected users as platform to scale his campaign. In reality though, that used to be the case for cybercriminals, years ago, when managed cybercrime-as-a-service types of underground market propositions were just beginning to materialize. In 2013, the only thing a novice cybercriminal wanting to gain access to thousands of PCs located in a specific country has to do is to make […]

Continue Reading »

Fake ‘Apple Store Gift Card’ themed emails serve client-side exploits and malware

by

Apple Store users, beware! A currently ongoing malicious spam campaign is attempting to trick users into thinking that they’ve successfully received a legitimate ‘Gift Card’ worth $200. What’s particularly interesting about this campaign is that the cybercriminal(s) behind it are mixing the infection vectors by relying on both a malicious attachment and a link to the same malware found in the malicious emails. Users can become infected by either executing the attachment or by clicking on the client-side exploits serving link found in the emails. More details:

Continue Reading »

Cybercriminals spamvertise fake ‘O2 U.K MMS’ themed emails, serve malware

by

British users, watch what you execute on your PCs! An ongoing malicious spam campaign is impersonating U.K’s O2 mobile carrier, in an attempt to trick its customers into executing a fake ‘MMS message” attachment found in the emails. Once socially engineered users do so, their PCs automatically join the botnet operated by the cybercriminal/gang of cybercriminals whose activities we continue to monitor. More details:

Continue Reading »