On a daily basis, spammers register thousands of new domains across multiple domain registrars, and take advantage of WHOIS privacy services to ensure that security researchers and anti-spam fighters will have hard time taking them down. So what can we do about it? According to a newly released research by Knujon.com, proper screening could have prevented 67% of those abusive domain registrations. More details:
Posts Categorized: spam
Cybercriminals are currently spamvertising a fraudulent email campaign impersonating Citi, using ‘Temporary Limit Access To Your Account‘ themed emails as a social engineering attempt to trick end users into clicking on the link found in the phishing emails. More details:
Cybercriminals are currently spamvertising ‘Termination of your CPA license‘ emails, enticing users into clicking on a malicious link supposedly redirecting to the complaint.pdf file. More details:
Cybercriminals are currently spamvertising a “You just received a e-card form somebody” themed malware campaign, impersonating Hallmark. More details:
What are pharmaceutical scammers up to? From active participation in black hat search engine optimization campaigns, to spamvertising of bogus links – including QR Codes – and compromising of web sites with high page rank in order to redirect to pharmaceutical scams, scammers are keeping themselves pretty busy in order to monetize as much web traffic as possible. Recently, one of the most popular affiliate network for selling counterfeit pharmaceutical items launched its own Web contest. Let’s take a look.
Cisco Systems, recently announced the release of ’Cisco Global Threat Report’ for 4Q11, containing threat intelligence based on Cisco’s observation of the malicious threat landscape. Key summary points:
Just like in every other industry, participants in the cybercrime ecosystem are no strangers to the concept of standardization. Standardization results in efficiencies, which on the other hand results in economies of scale. In this case, malicious economies of scale. Just how easy is it to launch a phishing attack nowadays? What tools, and tactics are at the disposal of phishers aiming to efficiently socially engineer hundreds of thousands of users? In this post, I will profile the Ninja V0.4 Social Engineering Phishing Framework – an advanced platform for executing phishing attacks in a DIY (do-it-yourself) fashion.
What does it take to be a successful spammer in 2012? Access to a botnet, managed spamming appliance, spam templates that are capable of bypassing spam filters, and most importantly freshly harvested databases of valid emails from multiple email providers. Let’s profile a web-based service currently selling millions of harvested emails to potential spammers, and find out just how easy it is to purchase that kind of data within the cybercrime ecosystem.
By the Webroot Threat Team Have you ever had the queasy experience of sending a message to someone that you’d rather not have anyone else see, and then hoping that it won’t get passed along? A new system developed by Internet law and security researchers aims to solve the problem, with a light-handed touch. The Stanford Center for Internet and Society has launched Privicons, an email privacy tool that it describes as a ‘user-to-user’ solution. There are no policy servers, crypto algorithms, or software enforcement agents to worry about. Instead, it relies on good old-fashioned icons. Webmail users who install […]
By Jacques Erasmus This time of year, those of us in information security become wary of crafty criminals leveraging the winter holidays to prey on our employees’ lack of awareness online in a number of ways. All it takes is for one Trojan to infect a single PC in a company to put an entire infrastructure at risk. Everyone plays a role in protecting the assets and information of their organization. To help explain what this means for you as an IT manager, an employee or even a home user, we have developed a two-part primer on common threats you […]