Posts Categorized: Trojans


Spamvertised ‘Your tax return appeal is declined’ emails serving client-side exploits and malware

by

Cybercriminals are currently spamvertising with IRS (Internal Revenue Service) themed emails, enticing end and corporate users into downloading and viewing a malicious .htm attachment. More details:

Continue Reading »

Trojan Downloaders actively utilizing Dropbox for malware distribution

by

By Curtis Fechner It’s never surprising to see the multitude of tactics a cybercriminal will use to deliver malware. In this case, I came across a collection of files masquerading as RealNetworks updater executables. These files were all located in a user’s %AppData%realupdate_ob directory, and the sizes were all quite consistent. At first glance there was nothing too special about this finding – malware appearing to be legitimate software is nothing new. When I looked into the specific behaviors of the file, it became clearer that the software is in fact malicious, and that it is actually downloading malicious files […]

Continue Reading »

Spamvertised ‘Your accountant license can be revoked’ emails lead to client-side exploits and malware

by

Cybercriminals are currently spamvertising a malicious email campaign that’s designed to trick you into clicking on a bogus complaint.pdf link which ultimately leads to client-side exploits and malware. The campaign is launched by the same gang that launched the “Spamvertised ‘Termination of your CPA license’ ” malicious campaign last month. More details:

Continue Reading »

A peek inside the Darkness (Optima) DDoS Bot

by

With politically motivated DDoS (distributed denial of service attack) attacks proliferating along with the overall increase in the supply of managed “DDoS for hire” services, it’s time to get back the basics, and find out just what makes an average DDoS bot used by cybercriminals successful. Continuing the “A peek inside…” series, in this post I’ll profile the Darkness X (Optima) DDoS bot, available for purchase at selected cybercrime-friendly online communities since 2009. More details:

Continue Reading »

BlackHole exploit kits gets updated with new features

by

According to independent sources, the author of the most popular web malware exploitation kit currently dominating the threat landscape, has recently issued yet another update to the latest version of the kit v1.2.2. More details:

Continue Reading »

A peek inside the Elite Malware Loader

by

Just like today’s modern economy, in the cybercrime ecosystem supply, too, meets demand on a regular basis. With malware coding for hire propositions increasing thanks to the expanding pool of talented programmers looking for ways to enter the cybercrime ecosystem, it shouldn’t be surprising that  cybercriminals are constantly releasing new malware loaders, cryptors, remote access trojans, or issuing updates to web malware exploitation kits on a periodic basis, using the outsourcing market model. Continuing the “Peek inside…” series, in this post I’ll profile the Elite Malware Loader. In the wild since 2009,  the malware loader is still under active development […]

Continue Reading »

An Evolution of Android Malware “My How You’ve Grown PJAPPS!” (Part 1)

by

We’ve all seen software grow.  We watch as our favorite software adds on new features and becomes better at what it does.  Malware writers are no different, they want their software to have more features as well as steal even more information. PJApps is a good example of this. PJApps is a Trojan that’s been around for a while causing havoc by being bundled in legitimate applications found in alternative Android markets, it is capable of opening a backdoor, stealing data and blocking sms behind the scenes.  In one variant of PJApps it requests the following permissions to steal information: […]

Continue Reading »

Researchers intercept two client-side exploits serving malware campaigns

by

Security researchers from Webroot have intercepted two currently live client-side exploits serving malware campaigns that have already managed to infect over 20,000 PCs across the globe, primarily in the United States. Based upon detailed analysis, it can be concluded that both campaigns are launched by the same cybercriminal. More details:

Continue Reading »

Researchers spot Citadel, a ZeuS crimeware variant

by

Security researchers from “Tracking Cyber Crime” have spotted a new ZeuS crimeware variant, that’s based on the leaked ZeuS source code from last year. Dubbed Citadel, the crimeware is positioned as a universal spyware system, whose modular nature allows cybercriminals to offer flexibly priced value-added services such as managed malware crypting, and managed web injects as a service. Some of Citadel’s core features include:

Continue Reading »

A peek inside the Smoke Malware Loader

by

The competitive arms race between security vendors and malicious cybercriminals constantly produces new defensive mechanisms, next to new attack platforms and malicious tools aiming to efficiently exploit and infect as many people as possible. Continuing the “A peek inside…” series, in this post I will profile yet another malware loader. This time it’s the Smoke Malware Loader.

Continue Reading »