Posts Categorized: Uncategorized


Rootkit infection sporadically redirects search results in hopes users ‘just live with it’

by

By Tyler Moffitt Recently we have seen an increase in fake installer scams attempting to trick computer users into installing disguised rootkits directly on their machines. In this post, we want to highlight how a scam like this can be installed and infect a machine, including behavior to watch out for as well as how to remedy the situation if it were to arise. In the case of this infection, we are utilizing a bogus Adobe Flash Player installer. Normally, this file would be downloaded from a website after a message stating “You need the latest version of Flash to view […]

Continue Reading »

Spotted: cybercriminals working on new Western Union based ‘money mule management’ script

by

Risk-forwarding is an inseparable part of the cybercrime ecosystem. Whether it’s the use of malware-infected hosts as stepping-stones, the issuing of License Agreements for your latest rootkit release stating that it’s meant to be tested against the customer’s own systems — you wish — or the selling of cheap access to verified PayPal accounts, in an attempt to mitigate the “cash-out” risk by forwarding it to a more experienced cybercriminal, the process of risk-forwarding is visible across the entire ecosystem. In this post I’ll discuss a recently spotted Wetern Union based money mule management script. While the cybercriminals are currently developing this script, […]

Continue Reading »

Novel Approach to Malware Discovery in today’s Threat Landscape

by

There are a number of similarities between biological viruses and those which infect our PC’s. For one, both types of infections rely on mutations to evade detection and survive. The faster the mutations, the more difficult an infection is to combat. This is because those who spend their time and effort fighting such infections are likely to miss a mutation and therefor lack the chance to create a cure. This point is especially true with traditional antivirus technology where discovery and detection techniques have not kept up with the rapid pace of mutations common in today’s threat landscape. The recent NY […]

Continue Reading »

Fake BBB (Better Business Bureau) Notifications lead to Black Hole Exploit Kit

by

Cybercriminals have recently launched yet another massive spam campaign, impersonating a rather popular brand used in a decent percentage of social engineering driven email campaigns – the BBB (Better Business Bureau). Once users click on any of the links in the malicious emails, they’re automatically exposed to the client-side exploits served by the Black Hole Exploit kit. More details:

Continue Reading »

Phishing For Bank Account Information

by

When you’re a threat researcher, you are always on the look out for anything that looks ‘phishy’, even if it’s on your own personal time. Today, I opened my personal email to find this: Although the email looked very convincing, I don’t bank with Smile Bank so I knew something was up. Smile Bank is an actual bank based in the UK. The bad guys used a spoofed email address to make it look like it came from the legit Smile Bank domain smile.co.uk. If someone did bank with Smile Bank, I can see how they could easily be tricked. It’s […]

Continue Reading »

RSA Conference Europe 2012 – recap

by

As many of you know, Webroot recently attended Europe’s most prestigious security conference, RSA Europe 2012, where I held a presentation on the topic of “Cyber Jihad vs Cyberterrorism – Separating Hype from Reality“. Since a picture is worth a thousand words, here are some photos from this year’s RSA Europe conference:

Continue Reading »

Wirenet: The Password-Stealing Trojan Lands on Linux and OS X

by

No matter what people think about it, the increasing exposure of Linux and OS X to malicious code is strictly related to the worldwide exposure of those operating systems on desktops and laptops. In the last couple of years, more and more home users decided to switch to Linux (e.g. Ubuntu Linux, just to name one of the best known Linux distributions) or OS X. Most of these users, when questioned about why they switched from Windows to another operating system, usually answer by blaming Windows’ critical exposure to malware. However, this increasing trend has been followed by many virus […]

Continue Reading »

French Android Users Hit again by SMS Trojan

by

Earlier this year, the SMS Trojan Foncy was discovered targeting French-speaking Android Users. Now, we’ve come across a new Trojan targeting them using a similar SMS scam.  The app pretends to be an app called BlackMart Alpha, which is already a little shady since it’s used to download apps that may otherwise cost money. This app is not found on Google Play and is not malicious in itself, but the fact that you can’t get it in the Google Play store makes it a prefect target for malware developers to make fake versions of it. Webroot detects this Trojan as […]

Continue Reading »