Posts Categorized: social engineering


Newly launched ‘Magic Malware’ spam campaign relies on bogus ‘New MMS’ messages

by

By Dancho Danchev The gang of cybercriminals behind the ‘Magic Malware‘ has launched yet another malicious spam campaign, attempting to trick U.K users into thinking they’ve received a notification for a “New MMS” message. In reality, once users execute the malicious attachment, it will download and drop additional malware on the affected hosts, giving the cybercriminals behind the campaign complete access to the affected host. More details:

Continue Reading »

Cybercriminals impersonate New York State’s Department of Motor Vehicles (DMV), serve malware

by

By Dancho Danchev Cybercriminals are currently spamvertising tens of thousands of bogus emails impersonating New York State’s Department of Motor Vehicles (DMV) in an attempt to trick users into thinking they’ve received an uniform traffic ticket, that they should open, print and send to their town’s court. In reality, once users open and execute the malicious attachment, their PCs will automatically join the botnet operated by the cybercriminal/cybercriminals behind the campaign. More details:

Continue Reading »

Fake Amazon ‘Your Kindle E-Book Order’ themed emails circulating in the wild, lead to client-side exploits and malware

by

By Dancho Danchev Kindle users, watch what you click on! Cybercriminals are currently mass mailing tens of thousands of fake Amazon “You Kindle E-Book Order” themed emails in an attempt to trick Kindle users into clicking on the malicious links found in these messages. Once they do so, they’ll be automatically exposed to the client-side exploits served by the Black Hole Exploit Kit, ultimately joining the botnet operated by the cybercriminal/cybercriminals that launched the campaign. More details:

Continue Reading »

Citibank ‘Merchant Billing Statement’ themed emails lead to malware

by

Over the past 24 hours, we’ve intercepted yet another spam campaign impersonating Citibank in an attempt to socially engineer Citibank customers into thinking that they’ve received a Merchant Billing Statement. Once users execute the malicious attachment found in the fake emails, their PCs automatically join the botnet operated by the cybercriminal/cybercriminals. More details:

Continue Reading »

A peek inside a CVE-2013-0422 exploiting DIY malicious Java applet generating tool

by

On a regular basis we profile various DIY (do it yourself) releases offered for sale on the underground marketplace with the idea to highlight the re-emergence of this concept which allows virtually anyone obtaining the leaked tools, or purchasing them, to launch targeted malware attacks. Can DIY exploit generating tools be considered as a threat to the market domination of Web malware exploitation kits? What’s the driving force behind their popularity? Let’s find out by profiling a tool that’s successfully generating an exploit (CVE-2013-0422) embedded Web page, relying on malicious Java applets. More details:

Continue Reading »

FedWire ‘Your Wire Transfer’ themed emails lead to malware

by

Over the last day, cybercriminals have launched yet another massive email campaign to impersonate FedWire in an attempt to trick users into thinking that their wire transfer was processed incorrectly. Once they execute the malicious attachment, their PCs automatically become part of the botnet operated by the cybercriminal/gang of cybercriminals. More details:

Continue Reading »

Fake Microsoft Security Scam

by

Recently we have seen an increase in fake Microsoft scams, which function by tricking people into thinking that their PC is infected.  With these types of scams there are a number of things to remember. 1.       Microsoft will never call you telling you that your PC is infected 2.       Never allow strangers to connect to your PC 3.       Do not give any credit card info to somebody claiming to be from Microsoft 4.       If in doubt, shut down your PC and call Webroot The current scam will display a webpage that is very similar to the one in Figure 1. […]

Continue Reading »

Managed ‘Russian ransomware’ as a service spotted in the wild

by

By Dancho Danchev In 2013, you no longer need to posses sophisticated programming skills to manage a ransomware botnet, potentially tricking tens of thousands of gullible users, per day, into initiating a micro-payment to pay the ransom for having their PC locked down. You’ve got managed ransomware services doing it for you. In this post I’ll profile a recently spotted underground market proposition detailing the success story of a ransomware botnet master that’s been in business for over 4 years, claiming to be earning over five hundred thousands rubles per month. More details:

Continue Reading »

How fraudulent blackhat SEO monetizers apply Quality Assurance (QA) to their DIY doorway generators

by

How are cybercriminals most commonly abusing legitimate Web traffic? On the majority of occasions, some will either directly embed malicious iFrames on as many legitimate Web sites as possible, target server farms and the thousands of customers that they offer services to, or generate and upload invisible doorways on legitimate, high pagerank-ed Web properties, in an attempt to monetize the hijacked search traffic. In this post I’ll profile a DIY blackhat SEO doorway generator, that surprisingly, has a built-in module allowing the cybercriminal using it to detect and remove 21 known Web backdoors (shells) from the legitimate Web site about to be abused, just in case […]

Continue Reading »

Cybercriminals impersonate Bank of America (BofA), serve malware

by

Relying on tens of thousands of fake “Your transaction is completed” emails, cybercriminals have just launched yet another malicious spam campaign attempting to socially engineer Bank of America’s (BofA) customers into executing a malicious attachment. Once unsuspecting users do so, their PCs automatically join the botnet operated by the cybercriminal/gang of cybercriminals operating it, leading to a successful compromise of their hosts. More details:

Continue Reading »