Posts Categorized: spam


Email hacking for hire going mainstream – part two

by

Remember the email hacking for hire service which Webroot extensively profiled in this post “Email hacking for hire going mainstream“? Recently, I stumbled upon another such service, advertised at cybercrime-friendly web forums, offering potential customers the opportunity to hack a particular Mail.ru and Gmail.com email address, using a variety of techniques, such as brute-forcing, phishing, XSS vulnerabilities and social engineering. More details:

Continue Reading »

Spamvertised ‘Scan from a Hewlett-Packard ScanJet’ emails lead to client-side exploits and malware

by

Security researchers from Webroot have intercepted a currently spamvertised malicious campaign, impersonating Hewlett Packard, and enticing end and corporate users into downloading and viewing a malicious .htm attachment. More details:

Continue Reading »

Spamvertised Verizon-themed ‘Your Bill Is Now Available’ emails lead to ZeuS crimeware

by

Cybercriminals newest spamvertised malware campaign is brand-jacking Verizon Wireless in an attempt to trick end users into clicking on the malicious links embedded in the email. More details:

Continue Reading »

Spamvertised LinkedIn notifications serving client-side exploits and malware

by

Cybercriminals are currently spamvertising LinkedIn themed messages, in an attempt to trick end and corporate users into clicking on the malicious links embedded in the emails. The campaign is using real names of LinkedIn users in an attempt to increase the authenticity of the spamvertised campaign. More details:

Continue Reading »

Malicious USPS-themed emails circulating in the wild

by

Cybercriminals are currently spamvertising malicious USPS-themed emails, that entice end and corporate users into clicking on malicious links found in the emails. More details:

Continue Reading »

Millions of harvested U.S government and U.S military email addresses offered for sale

by

Remember the underground service offering millions of harvested emails for sale profiled at the Webroot Threat Blog in January? It appears  that cybercriminals are continuing to innovate in this underground market segment by offering geolocated databases of millions of harvested emails for better targeting in their upcoming spam campaigns. In this post, I’ll profile yet another cybercrime underground  service selling millions of harvested emails to potential cybercriminals.

Continue Reading »

Research: U.S accounts for 72% of fraudulent pharmaceutical orders

by

Just how profitable is spam? Who’s buying the counterfeit pharmaceutical items advertised so heavily in a huge percentage of the spam campaigns currently circulating in the wild? According to a newly released report by the University of California at San Diego, although hundreds of thousands of people visit the fraudulent pharmaceutical scam sites, only a small percentage of them is actually purchasing the counterfeit pharmaceutical items. In this particular case, the United States leads with 72% of total purchases from fraudulent pharmaceutical sites. More details:

Continue Reading »

Spamvertised ‘Your accountant license can be revoked’ emails lead to client-side exploits and malware

by

Cybercriminals are currently spamvertising a malicious email campaign that’s designed to trick you into clicking on a bogus complaint.pdf link which ultimately leads to client-side exploits and malware. The campaign is launched by the same gang that launched the “Spamvertised ‘Termination of your CPA license’ ” malicious campaign last month. More details:

Continue Reading »

Research: proper screening could have prevented 67% of abusive domain registrations

by

On a daily basis, spammers register thousands of new domains across multiple domain registrars, and take advantage of WHOIS privacy services to ensure that security researchers and anti-spam fighters will have hard time taking them down. So what can we do about it? According to a newly released research by Knujon.com, proper screening could have prevented 67% of those abusive domain registrations. More details:

Continue Reading »