Posts Categorized: social engineering


How phishers launch phishing attacks

by

Just like in every other industry, participants in the cybercrime ecosystem are no strangers to the concept of standardization. Standardization results in efficiencies, which on the other hand results in economies of scale. In this case, malicious economies of scale. Just how easy is it to launch a phishing attack nowadays? What tools, and tactics are at the disposal of phishers aiming to efficiently socially engineer hundreds of thousands of users? In this post, I will profile the Ninja V0.4 Social Engineering Phishing Framework – an advanced platform  for executing phishing attacks in a DIY (do-it-yourself) fashion.

Continue Reading »

Inside a clickjacking/likejacking scam distribution platform for Facebook

by

by Dancho Danchev How would you convert Facebook users into slaves participating in clickjacking and likejackings scams, next to using them to spamvertise your latest event promotion message? Presumably by using one of the clickjacking/likejacking distribution platforms promising 100 slaves per day that I will profile in this post.

Continue Reading »

Email hacking for hire going mainstream

by

by Dancho Danchev Just how easy is it to hack someone’s email nowadays? Very easy as the process is offered as a managed service within the cybercrime ecosystem. Over the past couple of months, I have been monitoring an increase in managed email hacking services. These services basically offered everyone the ability to claim someone else’s email through email hacking performed on behalf of the vendor. Such services have been circulating in the wild since early 2008. Shall we take a peek at their latest market proposition? Let’s profile a managed email hacking service offering to hack Gmail and Yahoo […]

Continue Reading »

Everyone has a role in protecting a corporate infrastructure (Part 1)

by

By Jacques Erasmus This time of year, those of us in information security become wary of crafty criminals leveraging the winter holidays to prey on our employees’ lack of awareness online in a number of ways. All it takes is for one Trojan to infect a single PC in a company to put an entire infrastructure at risk. Everyone plays a role in protecting the assets and information of their organization. To help explain what this means for you as an IT manager, an employee or even a home user, we have developed a two-part primer on common threats you […]

Continue Reading »

Reflections on mobile security

by

By Armando Orozco Be wary the next time you enter your passcode into your iPhone on the bus – someone could be shoulder surfing. In fact, a team of researchers from the University of North Carolina has developed a system to watch you pecking out characters on your phone, analyse the video, and produce a pretty accurate guess of what you were typing. When people talk about key loggers, they’re usually thinking about malware that sits on a computer and surreptitiously monitors what keys people are pressing. But these university researchers are applying an entirely different approach to key logging. […]

Continue Reading »

‘Tis the season for mobile malware

by

By Armando Orozco You’ve heard of the “perfect storm”? Well, there may be one brewing in Android-land. We just wrapped up a study that revealed holiday shopping is about to go mobile—in a big way. Turns out, over two times more shoppers plan to buy gifts on their mobile device this year. Over two times more?! It got me thinking… We know that Android malware is on the rise. Even Android users themselves seem aware of it; our mobile study also found that 23 percent more Android users are concerned with the security of their information than iOS users. And […]

Continue Reading »

Will you take Facebook’s candy?

by

By the Webroot Threat Team It’s a creepy treat, with a serious underlying message. The latest viral website uses a horror movie format to show you just how much the average Facebook application can find out about you. TakeThisLollipop, which has already received 1.7 million ‘Likes’ on Facebook, uses the social network’s application authentication scheme to find out about users. Anyone clicking on the lollipop displayed on the site is asked to let the application access a panoply of information about them from Facebook, in addition to other privileges, such as posting as them. If they accept, they get to […]

Continue Reading »

Awake at all hours during Cyber Security Awareness Month

by

By Jacques Erasmus I’ve been having trouble sleeping lately, and last night I pinpointed why. October has presented me with a perfect storm of Internet security developments: I embarked on my first few weeks as chief information security officer for Webroot amidst the most significant consumer product launch the company has ever had. These activities alone would’ve been enough to keep corporate security top of mind 24/7, but their occurrence during Cyber Security Awareness Month further drove it home for me. So I thought perhaps it may be cathartic for me, and helpful for you, if I shared some of […]

Continue Reading »

Morto Worm Annoyances Outstrip Functionality

by

The past couple of days have been very busy for a lot of people, following the announcement by Microsoft that they had discovered a new network worm called Morto. After reading the refreshingly thorough writeup about Morto from both Microsoft and our partner Sophos, we were surprised to find that a few of our customers had been infected — and cleaned up — beginning with some poor schlub in South Africa as early as July 23rd, but the worm kicked into high gear last Thursday and began to propagate rapidly. But, as much as the technical details in these posts […]

Continue Reading »

Brazilian “Winehouse” Trojan Sends Hotmail, Bank Passwords to China

by

Late Monday, after news about the death of troubled pop singer Amy Winehouse had been circling the globe for a little more than 48 hours, we saw the first malware appear that used the singer’s name as a social engineering trick to entice victims to run the malicious file. Abusing celebrity names, news, or even deaths isn’t a new (or even particularly interesting) social engineering tactic, but there was one unique aspect to this particular malware’s behavior that raised some eyebrows around here: It appears that Brazilian phisher-Trojan writers seem to be working more closely with their Chinese counterparts, using […]

Continue Reading »