Posts Categorized: Threat Research


New service converts malware-infected hosts into anonymization proxies

by

What happens when a host gets infected with malware? On the majority of occasions, cybercriminals will use it as a launch platform for numerous malicious activities, such as spamming, launching DDoS attacks, harvesting for fresh emails, and account logins. But most interestingly, thanks to the support offered in multiple malware loaders, they will convert the malware-infected hosts into anonymization proxies used by cybercriminals to cover their Web activities. In this post, I’ll profile a newly launched service, offering thousands of malware-infected hosts as Socks4 and Socks5 servers for anonymizing a cybercriminal’s Web activities.

Continue Reading »

BlackHole exploit kits gets updated with new features

by

According to independent sources, the author of the most popular web malware exploitation kit currently dominating the threat landscape, has recently issued yet another update to the latest version of the kit v1.2.2. More details:

Continue Reading »

A peek inside the Elite Malware Loader

by

Just like today’s modern economy, in the cybercrime ecosystem supply, too, meets demand on a regular basis. With malware coding for hire propositions increasing thanks to the expanding pool of talented programmers looking for ways to enter the cybercrime ecosystem, it shouldn’t be surprising that  cybercriminals are constantly releasing new malware loaders, cryptors, remote access trojans, or issuing updates to web malware exploitation kits on a periodic basis, using the outsourcing market model. Continuing the “Peek inside…” series, in this post I’ll profile the Elite Malware Loader. In the wild since 2009,  the malware loader is still under active development […]

Continue Reading »

A peek inside the Ann Malware Loader

by

The ever-adapting cybercrime ecosystem is constantly producing new underground releases in the form of malware loaders, remote access trojans (RATs), malware cryptors, Web, IRC and P2P based command and control interfaces, all with the clear objective  to undermine current security solutions. Continuing the “A peek inside…” series, in this post I will profile a malware loader recently advertised within the cybercrime ecosystem , namely, the Ann Malware Loader.

Continue Reading »

Why relying on antivirus signatures is simply not enough anymore

by

How is it possible that in an industry dominated by advanced performance metrics and benchmarking tests, cybercriminals still manage to release unique malware that remains undetected for weeks by major antivirus vendors? It’s pretty simple. Cybercrime is innovating much faster than the security industry is.

Continue Reading »

Report: Internet Explorer 9 leads in socially-engineered malware protection

by

According to a newly released report from NSS Labs, Microsoft’s Internet Explorer 9 outperforms competing browsers in protecting against socially engineered malware. More details:

Continue Reading »

The United Nations hacked, Team Poison claims responsibility

by

A well known group of hackers has penetrated the networks of the United Nations, according to a note posted on Pastebin.com. The group claiming responsibility is Team Poison, a hacking group closely associated with the Anonymous hactivist movement. Team Poison members include TriCk, iN^SaNe, MLT,Phantom~, C0RPS3, f0rsaken, aXioM and ap0calypse. More details:

Continue Reading »

Researchers intercept two client-side exploits serving malware campaigns

by

Security researchers from Webroot have intercepted two currently live client-side exploits serving malware campaigns that have already managed to infect over 20,000 PCs across the globe, primarily in the United States. Based upon detailed analysis, it can be concluded that both campaigns are launched by the same cybercriminal. More details:

Continue Reading »

Researchers spot Citadel, a ZeuS crimeware variant

by

Security researchers from “Tracking Cyber Crime” have spotted a new ZeuS crimeware variant, that’s based on the leaked ZeuS source code from last year. Dubbed Citadel, the crimeware is positioned as a universal spyware system, whose modular nature allows cybercriminals to offer flexibly priced value-added services such as managed malware crypting, and managed web injects as a service. Some of Citadel’s core features include:

Continue Reading »