Malicious Web-based Java applet generating tool spotted in the wild

by

Despite the prevalence of Web based client-side exploitation tools as the cybercrime ecosystem’s primary infection vector, in a series of blog posts, we’ve been emphasizing on the emergence of managed/hosted/DIY malicious Java applet generating tools/platforms, highlighting the existence of a growing market segment relying on ‘visual social engineering’ vectors for the purpose of tricking end users into executing malicious/rogue/fake Java applets, ultimately joining a cybercriminal’s botnet. We’ve recently spotted yet another Web based Java drive-by generating tool, and decided to take a peek inside the malicious infrastructure supporting it.

Continue Reading »

Webroot returns from Automation Nation 2014

by

Webroot, the market leader in cloud-based, real-time Internet threat detection, recently returned from the fifth annual Automation Nation in Orlando, hosted by LabTech Software.  Labtech, a robust remote monitoring and management (RMM) platform design and built for managed service providers, hosted the event at the Hilton Bonnet Creek from June 2nd through the 4th.  Hosting over 425 MSP partners and 600 attendees, the event has grown significantly since the previous years.  This was Webroot’s first time attending the conference, coming in as a Diamond Sponsor. Kicking off the event, Webroot CMO David Duncan helped present during the keynote with the […]

Continue Reading »

Long run compromised accounting data based type of managed iframe-ing service spotted in the wild

by

In a cybercrime ecosystem dominated by DIY (do-it-yourself) malware/botnet generating releases, populating multiple market segments on a systematic basis, cybercriminals continue seeking new ways to acquire and efficiently monetize fraudulently obtained accounting data, for the purpose of achieving a positive ROI (Return on Investment) on their fraudulent operations. In a series of blog posts, we’ve been detailing the existence of commercially available server-based malicious script/iframe injecting/embedding releases/platforms utilizing legitimate infrastructure for the purpose of hijacking legitimate traffic, ultimately infecting tens of thousands of legitimate users. We’ve recently spotted a long-run Web-based managed malicious/iframe injecting/embedding service relying on compromised accounting data for legitimate traffic acquisition […]

Continue Reading »

A peek inside a newly launched all-in-one E-shop for cybercrime-friendly services

by

Cybercriminals continue diversifying their portfolios of standardized fraudulent services, in an attempt to efficiently monetize their malicious ‘know-how’, further contributing to the growth of the cybercrime ecosystem. In a series of blog posts highlighting the emergence of the boutique cybercrime-friendly E-shops, we’ve been emphasizing on the over-supply of compromised/stolen accounting data, efficiently aggregated through the TTPs (tactics, techniques and procedures) described in our “Cybercrime Trends – 2013” observations. We’ve recently spotted a newly launched all-in-one cybercrime-friendly E-shop, offering a diversified portfolio of managed/DIY services/products, exposing a malicious infrastructure worth keeping an eye on. Let’s take a peek inside the E-shop’s inventory […]

Continue Reading »

Malicious JJ Black Consultancy ‘Computer Support Services’ themed emails lead to malware

by

Relying on the systematic and persistent spamvertising of tens of thousands of fake emails, as well as the impersonation of popular brands for the purpose of socially engineering gullible users into downloading and executing malicious attachments found in these emails, cybercriminals continue populating their botnets. We’ve recently intercepted a currently circulating malicious campaign, impersonating JJ Black Consultancy. More details:

Continue Reading »

Spamvertised ‘Notification of payment received’ themed emails lead to malware

by

PayPal users, watch what you click on! We’ve recently intercepted a currently circulating malicious spamvertised campaign which is impersonating PayPal in an attempt to trick socially engineered end users into clicking on the malware-serving links found in the emails. More details:   Sample screenshot of the spamvertised email:

Continue Reading »

A peek inside a subscription-based DIY keylogging based type of botnet/malware generating tool

by

Cybercriminals continue to systematically release DIY (do-it-yourself) type of cybercrime-friendly offerings, in an effort to achieve a ‘malicious economies of scale’ type of fraudulent model, which is a concept that directly intersects with our ‘Cybercrime Trends – 2013‘ observations. We’ve recently spotted yet another subscription-based, DIY keylogging based botnet/malware generating tool. Let’s take a peek inside its Web based interface, and expose the cybercrime-friendly infrastructure behind it. More details:

Continue Reading »

AV Isn’t Dead. It’s Evolving.

by

Since the WSJ report was released, endpoint security solutions have received a lot of media attention. As many have started to ask “Is AV really dead?”, I felt it was a good idea to talk about it from my perspective. Let’s get this out of the way right off the bat: no, AV is not dead. However, what is dead, and has been for many years now, is the traditional, reactive AV protection approach that uses signature-based detection. Within the security industry, it is common knowledge that this approach to threat prevention doesn’t scale to address the tactics used by […]

Continue Reading »

Symantec’s “AV is Dead” Is Not News

by

On Monday, an executive at Symantec declared “AV is dead.” He went on to repeat to several media outlets that protecting customers on their PC and Mac computers had become an impossible battle that they were ready to concede. He indicated that Symantec desktop AV products are only able to stop viruses and malware about 45% of the time. Based on this analysis, what the exec was really saying was “Symantec AV is dead!” What really should have been communicated was that traditional signature-based AV protection does not work – the criminals have figured out how to get around it. […]

Continue Reading »