Posts Categorized: Trojans


Cybercriminals impersonate T-Mobile U.K, serve malware

by

Cybercriminals are currently impersonating T-Mobile U.K, in an attempt to trick its customers into downloading a bogus billing information report. Upon execution, the malware opens a backdoor on the affected host, allowing the cybercriminals behind the campaign complete access to the infected PC. More details:

Continue Reading »

Cybercriminals impersonate Vodafone U.K, spread malicious MMS notifications

by

Over the past couple of days, cybercriminals have launched yet another massive spam campaign, once again targeting U.K users. This time, they are impersonating Vodafone U.K, in an attempt to trick its customers into executing a bogus MMS attachment found in the malicious emails. Upon execution, the sample opens a backdoor on the affected hosts, allowing the cybercriminals behind the campaign complete access to the affected PC. More details:

Continue Reading »

Bogus DHL ‘Express Delivery Notifications’ serve malware

by

From UPS, USPS to DHL, bogus and malicious parcel tracking confirmations are a common social engineering technique often used by cybercriminals to trick users into clicking on malicious links or executing malicious attachments found in the spamvertised emails. Continuing what appears to be a working social engineering tactic, cybercriminals are currently mass mailing bogus DHL ‘Express Delivery Notifications’ in an attempt to trick users into executing the malicious attachment. Once executed, it opens a backdoor on the affected host allowing the cybercriminals behind the campaign complete access to the infected PC. More details:

Continue Reading »

Cybercriminals target U.K users with bogus ‘Pay by Phone Parking Receipts’ serve malware

by

U.K users, beware! Cybercriminals are currently mass mailing yet another malicious spam campaign, enticing users into viewing a bogus list of parking transactions. Upon executing the malicious attachment, the malware opens a backdoor on the affected host, allowing the cybercriminals behind the campaign complete access to the host. More details:

Continue Reading »

Bogus Facebook ‘pending notifications’ themed emails serve client-side exploits and malware

by

Facebook users, watch out! A recently launched malicious spam campaign is impersonating Facebook, Inc. in an attempt to trick its one billion users into thinking that they’ve received a notification alerting them on activities they may have missed on Facebook. Upon clicking on any of the links found in the email, users are exposed to the client-side exploits served by the Black Hole Exploit Kit. More details:

Continue Reading »

Multiple ‘Inter-company’ invoice themed campaigns serve malware and client-side exploits

by

Over the past few weeks, cybercriminals have been persistently spamvertising ‘Inter-company invoice’ themed emails, in an attempt to trick users into viewing the malicious .html attachment, or unpack and execute the malicious binary found in the attached archives. Upon clicking on the link, users are exposed to the client-side exploits served by the latest version of the Black Hole Exploit Kit. More details:

Continue Reading »

Cybercriminals release stealthy DIY mass iFrame injecting Apache 2 modules

by

What would an attacker do if they were attempting to inject malicious iFrames on as many Web sites as possible? Would they rely on search engines’ reconnaissance as a foundation fo their efficient exploitation process, data mine a botnet’s infected population for accounting data related to CPanel, FTP and SSH accounts, purchase access to botnet logs, unethically pen-test a Web property’s infrastructure, or hit the jackpot with an ingenious idea that’s been trending as of recently within the cybercrime ecosystem? No, they wouldn’t rely on any of these. They would just seek access to servers hosting as many domains as possible and efficiently […]

Continue Reading »

Cybercriminals spamvertise millions of FDIC ‘Your activity is discontinued’ themed emails, serve client-side exploits and malware

by

A currently ongoing spam campaign attempts to trick users into thinking that their ability to send Domestic Wire Transfers has been disabled. Impersonating the Federal Deposit Insurance Corporation (FDIC), the cybercriminals behind the campaign are potentially earning thousands of dollars in the process of monetizing the anticipated traffic. Once users click on the bogus ‘secure download link’, they’re automatically exposed to the client-side exploits served by the Black Hole Exploit Kit. More details:

Continue Reading »

Cybercriminals resume spamvertising ‘Payroll Account Cancelled by Intuit’ themed emails, serve client-side exploits and malware

by

Cybercriminals have resumed spamvertising the Intuit Direct Deposit Service Informer themed malicious emails, which we intercepted and profiled earlier this month. While using an identical email template, the cybercriminals behind the campaign have introduced new client-side exploits serving domains, which ultimately lead to the latest version of the Black Hole Exploit Kit. More details:

Continue Reading »

Cybercriminals spamvertise bogus ‘Microsoft License Orders’ serve client-side exploits and malware

by

Cybercriminals are currently mass mailing millions of emails impersonating Microsoft Corporation in an attempt to trick users into clicking on a link in a bogus ‘License Order” confirmation email. Upon clicking on the link, users are exposed to the client-side exploits served by the latest version of the Black Hole Exploit Kit. More details:

Continue Reading »