Posts Categorized: malware


Cybercrime-friendly underground traffic exchanges help facilitate fraudulent and malicious activity – part two

by

The list of monetization tactics a cybercriminal can take advantage of, once they manage to hijack a huge portion of Web traffic, is virtually limitless and is entirely based on his experience within the cybercrime ecosystem. Through the utilization of blackhat SEO (search engine optimization), RFI (Remote File Inclusion), DNS cache poisoning, or direct impersonation of popular brands in spam/phishing campaigns tactics, on a daily basis, traffic is sold and resold for achieving a customer’s or a seller’s fraudulent/malicious objectives, and is then most commonly converted to malware-infected hosts. In this post, I’ll profile two cybercrime-friendly iFrame traffic exchanges, with the […]

Continue Reading »

Newly launched managed ‘malware dropping’ service spotted in the wild

by

Among the most common misconceptions about the way a novice cybercriminal would approach his potential victims has to do with the practice of having him looking for a ‘seed’ population to infect, so that he can then use the initially infected users as platform to scale his campaign. In reality though, that used to be the case for cybercriminals, years ago, when managed cybercrime-as-a-service types of underground market propositions were just beginning to materialize. In 2013, the only thing a novice cybercriminal wanting to gain access to thousands of PCs located in a specific country has to do is to make […]

Continue Reading »

Fake ‘Apple Store Gift Card’ themed emails serve client-side exploits and malware

by

Apple Store users, beware! A currently ongoing malicious spam campaign is attempting to trick users into thinking that they’ve successfully received a legitimate ‘Gift Card’ worth $200. What’s particularly interesting about this campaign is that the cybercriminal(s) behind it are mixing the infection vectors by relying on both a malicious attachment and a link to the same malware found in the malicious emails. Users can become infected by either executing the attachment or by clicking on the client-side exploits serving link found in the emails. More details:

Continue Reading »

Cybercriminals spamvertise fake ‘O2 U.K MMS’ themed emails, serve malware

by

British users, watch what you execute on your PCs! An ongoing malicious spam campaign is impersonating U.K’s O2 mobile carrier, in an attempt to trick its customers into executing a fake ‘MMS message” attachment found in the emails. Once socially engineered users do so, their PCs automatically join the botnet operated by the cybercriminal/gang of cybercriminals whose activities we continue to monitor. More details:

Continue Reading »

Malicious Bank of America (BofA) ‘Statement of Expenses’ themed emails lead to client-side exploits and malware

by

Bank of America (BofA) customers, watch what you click on! A currently ongoing malicious spam campaigns is attempting to entice BofA customers into clicking on the client-side exploit serving URLs found in legitimate looking ‘Statement of Expenses’ themed emails. Once users with outdated third-party applications and browser plugins click on the link, an infection is installed that automatically converts their PC’s into zombies under the control of the botnet operated by the cybercriminal/gang of cybercriminals behind the campaign. More details:

Continue Reading »

Fake ‘iPhone Picture Snapshot Message’ themed emails lead to malware

by

We’ve just intercepted a currently circulating malicious spam campaign that’s attempting to trick iPhone owners into thinking that they’ve received a ‘picture snapshot message’. Once users execute the malicious attachment, their PCs automatically join the botnet operated by the cybercriminal/gang of cybercriminals, whose activities we’ve been closely monitoring over the last couple of months. More details:

Continue Reading »

‘Malware-infected hosts as stepping stones’ service offers access to hundreds of compromised U.S based hosts

by

Malware-infected hosts with clean IP reputation have always been a desirable underground market item. On the majority of occasions, they will either be abused as distribution/infection vector, used as cash cows, or as ‘stepping stones’, risk-forwarding the responsibility, and distorting the attribution process, as well as adding an additional OPSEC (Operational Security) layer to the campaign of the malicious attacker. A newly launched ‘malware-infected hosts as stepping stones’ service, is offering access to Socks5-enabled malware hosts, located primarily in the United States, allowing virtually anyone to route their fraudulent/malicious traffic through these hosts. More details:

Continue Reading »

Fake ‘Copy of Vodafone U.K Contract/Your Monthly Vodafone Bill is Ready/New MMS Received’ themed emails lead to malware

by

Cybercriminals continue targeting U.K based Internet users in an attempt to trick them into thinking that they’ve received a legitimate email from Vodafone U.K. We’ve intercepted two, currently circulating, malicious spam campaign that once again impersonate Vodafone U.K, this time relying on a bogus “Copy of Vodafone U.K” themed messages, the ubiquitous ‘MMS Message Received‘ campaign, as well as the most recent ‘Your Monthly Vondafone Bill is Ready‘ theme. More details:

Continue Reading »

New Mac Malware Uses Right-to-Left Override To Trick Users

by

By Michael Sweeting After a relatively long lag period without seeing any particular new and exciting Mac malware, last week we saw the surfacing of a new and interesting method of compromising the OSX system. Malware authors have taken a new approach by altering file extensions of malicious .app packages in order to trick users into thinking they are opening relatively harmless .pdf or .doc files. Changing file extensions in Mac OSX can be tricky due to a built in security feature of the OS that detects attempts to change the extension and automatically annexes the extension of its correct […]

Continue Reading »

New Rogue “Antivirus System” locks you out of safe mode

by

By Tyler Moffitt Recently we’ve seen a new fake security product running around that has made improvements to the standard rogue. Typical rogues are annoying, but relatively easy to take care of. Previously, all you had to do was boot into safe mode with networking and remove the files and registry entries (or install Webroot). Support forums everywhere use safe mode with networking as the “go to” mode for virus removal as non-core components are not loaded at start up and it’s easier to isolate problems. In the vast majority of the rogues we see, they are not loaded in […]

Continue Reading »