Posts Categorized: mal-effects


Spamvertised ‘You received a new message from Skype voicemail service’ themed emails lead to Angler exploit kit

by

We’ve just intercepted a currently circulating malicious spam campaign that’s attempting to trick potential botnet victims into thinking that they’ve received a legitimate Voice Message Notification from Skype. In reality though, once socially engineered users click on the malicious link found in the bogus emails, they’re automatically exposed to the client-side exploits served by the Angler exploit kit. More details:

Continue Reading »

Spamvertised ‘Image has been sent’ Evernote themed campaign serves client-side exploits

by

Cybercriminals continue to populate their botnets, with new infected hosts, through the persistent and systematic spamvertising of tens of thousands of fake emails which impersonate popular and well known brands – all in an attempt to socially engineer prospective victims into interacting with the scam. We’ve recently intercepted a currently circulating malicious spam campaign, impersonating Evernote, serving client-side exploits to prospective victims who click on the links found in the fake emails. More details:

Continue Reading »

DoubleClick malvertising campaign exposes long-run beneath the radar malvertising infrastructure

by

Today, at 2014-02-12 12:16:20 (CET), we became aware of a possible evasive/beneath the radar malvertising based g01pack exploit kit attack, taking place through the DoubleClick ad network using an advertisement featured at About.com.  Investigating further, we were able to identify the actual domains/IPs involved in the campaign, and perhaps most interestingly, managed to establish a rather interesting connection between the name servers of one of the domains involved in the attacks, and what appears to be a fully operational and running Ukrainian-based ad platform, Epom in this particular case.

Continue Reading »

‘Hacking for hire’ teams occupy multiple underground market segments, monetize their malicious ‘know how’

by

In a series of blog posts published throughout 2012, we’ve been highlighting the existence of a vibrant underground market segment, namely, that of ‘hacking for hire’ services, email hacking in particular. Commercially available as a service for years, the practice’s growth was once largely fueled by the release of DIY Web-based popular email provider hacking tools, which once acquired by prospective cybercriminals, quickly became the foundation for a successful business model. How have things changed nowadays, in terms of tactics, techniques and procedures? Profoundly. Case in point, we’ve been tracking two such ‘hacking for hire’ services, both of which offer […]

Continue Reading »

Market leading ‘standardized cybercrime-friendly E-shop’ service brings 2500+ boutique E-shops online

by

The rise of boutique cybercrime-friendly E-shops, which we’ve extensively profiled in our “A Peek Inside a Boutique Cybercrime-Friendly E-Shop” series, continues further expanding as a market segment within the underground marketplace. Driven by the proliferation of public/commercially obtainable DIY (do it yourself) type of malware/botnet generating tools along side the ongoing standardization of the monetization process offered by opportunistic cybercriminals acting as intermediaries between those possessing the fraudulently obtained assets and their prospective customers, the market segment is prone to expand. Having already profiled a managed hosting service, empowering novice cybercriminals possessing compromised/hacked accounting information with efficient ways to monetize the stolen […]

Continue Reading »

Cybercriminals release new Web based keylogging system, rely on penetration pricing to gain market share

by

In need of a fresh example of penetration pricing, within the cybercrime ecosystem, used by a cybercrime-friendly vendor in an attempt to quickly gain as much market share as possible in the over-supplied market segment for keylogging-specific systems? We’re about to give you a very fresh one. A newly released, commercially available PHP/MySQL based, keylogging-specific malware/botnet generating system, with full Unicode support, is currently being offered for $5o, with the binary re-build priced at $20, in a clear attempt by the vendor to initiate basic competitive pricing strategies to undermine the market relevance of competing propositions. Just like the Web […]

Continue Reading »

Newly released Web based DDoS/Passwords stealing-capable DIY botnet generating tool spotted in the wild

by

Driven by the never ending supply of newly released DIY (do it yourself) underground market releases, in combination with the systematically rebooted life cycles of releases currently in circulation, cybercriminals continue actively developing new cybercrime-friendly malware generating/botnet building applications. Motivated by the desire to further continue the monetization of this ever-green market segment, a key driving force behind the consequential rise of E-shops offering access to compromised accounting data like those we’ve extensively profiled at Webroot’s Threat Blog in the past, these cybercriminals continue to ‘innovate’ and reboot the life cycles of known releases through the systematic and persistent introduction of […]

Continue Reading »

Newly launched managed ‘compromised/hacked accounts E-shop hosting as service’ standardizes the monetization process

by

Regular readers of Webroot’s Threat Blog are familiar with our “A Peek Inside a Boutique Cybercrime-Friendly E-shop” series, originally started in 2012, highlighting the trend emerging at the time of boutique based E-shops selling access to compromised/hacked accounts. Popping up on our radars on systematic basis, this maturing market segment is already entering in a new life cycle stage in early 2014. The current stage is the direct result of the ongoing efficiency-oriented mentality applied by cybercriminals over the years in the face of the active implementation of tactics such as, for instance, templatization, ultimately leading to standardization of key […]

Continue Reading »

Fully automated, API-supporting service, undermines Facebook and Google’s ‘SMS/Mobile number activation’ account registration process

by

Operating in a world dominated by millions of malware-infected hosts acting as proxies for the facilitation of fraudulent and malicious activity, the Web’s most popular properties are constantly looking for ways to add additional layers of authentication to the account registration process of prospective users, in an attempt to undermine automatic account registration tactics. With CAPTCHA under automatic fire from newly emerging CAPTCHA solving/breaking services, re-positioning the concept from what was once the primary automatic account registration prevention mechanism, to just being a part of the ‘authentication mix’ these days, in recent years, a new (layered) authentication concept got the attention […]

Continue Reading »

Google’s reCAPTCHA under automatic fire from a newly launched reCAPTCHA-solving/breaking service

by

It can be easily argued, that CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart), is the modern day’s ‘guardian of the Web’, in the context of preventing the mass, systematic, and efficient abuse of virtually each and every Web property there is. Over the years, CAPTCHA developers continued to strike a balance between the actual usability and sophistication/resilience to attacks, while excluding the beneath the radar emergence of a trend, which would later on prove to successfully exploit a fundamental flaw in the very concept of the CAPTCHA process. Namely, the fact that, the very same humans […]

Continue Reading »