Posts Tagged: cybercrime


Fake ‘Scanned Image from a Xerox WorkCentre’ themed emails lead to malware

by

We’ve intercepted a currently circulating malicious spam campaign, tricking users into thinking that they’ve received a scanned document sent from a Xerox WorkCentre Pro device. In reality, once users execute the malicious attachment, the cybercriminal(s) behind the campaign gain complete control over the now infected host.

Continue Reading »

New DIY compromised hosts/proxies syndicating tool spotted in the wild

by

Compromised, hacked hosts and PCs are a commodity in underground markets today. More cybercriminals are populating the market segment with services tailored to fellow cybercriminals looking for access to freshly compromised PCs to be later abused in a variety of fraudulent/malicious ways, all the while taking advantage of their clean IP reputation. Naturally, once the commoditization took place, cybercriminals quickly realized that the supply of such hosts also shaped several different market segments. They offered tools and services that specialize in the integration of this supply into various cybercrime-friendly tools and platforms, empowering virtually anyone using them with the desired degree […]

Continue Reading »

U.K users targeted with fake ‘Confirming your Sky offer’ malware serving emails

by

British users, watch what you execute on your PCs! Over the last week, cybercriminals have launched several consecutive malicious spam campaigns targeting users of Sky, as well as owners of Samsung Galaxy devices, into thinking that they’ve received a legitimate MMS notification to their email address. In reality though, these campaigns ‘phone back’ to the same command and control botnet server, indicating that they’re related.

Continue Reading »

Mass iframe injection campaign leads to Adobe Flash exploits

by

We’ve intercepted an ongoing malicious campaign, relying on injected/embedded iFrames at Web sites acting as intermediaries for a successful client-side exploits to take place. Let’s dissect the campaign, expose the malicious domains portfolio/infrastructure it relies on, as well as directly connect it with historical malicious activity, in this particular case, a social engineering campaign pushing fake browser updates.

Continue Reading »

Malicious ‘FW: File’ themed emails lead to malware

by

Think someone forwarded you an important attachment? Think twice. Cybercriminals are currently mass mailing tens of thousands of malicious emails attempting to trick the recipient into thinking that someone has forwarded a file to them. In reality, once socially engineered users execute the malicious attachments, their PCs automatically become part of the botnet operated by the cybercriminals behind the campaign, allowing them to gain complete control over the affected PCs, and consequently abuse the access for related fraudulent purposes.

Continue Reading »

Yet another Bitcoin accepting E-shop offering access to thousands of hacked PCs spotted in the wild

by

The never-ending supply of access to compromised/hacked PCs — the direct result of the general availability of DIY/cracked/leaked malware/botnet generating tools — continues to grow in terms of the number and variety of such type of underground market propositions. With more cybercriminals entering this lucrative market segment, on their way to apply well proven and efficient monetization schemes to these hacked PCs, cybercrime-friendly affiliate networks naturally capitalize on the momentum, ensuring a win-win business process for the participants and the actual owners of the network. In this post, I’ll highlight yet another newly launched such E-shop, currently possessing access to […]

Continue Reading »

Spamvertised T-Mobile ‘Picture ID Type:MMS” themed emails lead to malware

by

The cybercriminals behind last week’s profiled fake T-Mobile themed email campaign have resumed operations, and have just spamvertised another round of tens of thousands of malicious emails impersonating the company, in order to trick its customers into executing the malicious attachment, which in this case is once again supposedly a legitimate MMS notification message.

Continue Reading »

Novice cyberciminals offer commercial access to five mini botnets

by

With the increased public availability of leaked/cracked DIY malware/botnet generating tools, cybercriminals continue practically generating new botnets on the fly, in order to monetize the process by offering access to these very same botnets at a later stage in the botnet generation process. In addition to monetizing the actual process of setting up and hosting the botnet’s C&C (command and control) servers, novice cybercriminals continue selling direct access to their newly generated botnets, empowering other novice cybercriminals with the foundations for further disseminating and later on monetizing other pieces of malicious software, part of their own arsenal of fraudulent/malicious tools. […]

Continue Reading »

Compromised Turkish Government Web site leads to malware

by

Our sensors just picked up an interesting Web site infection, this time affecting a Web server belonging to the Turkish government, where the cybercriminals behind the campaign have uploaded a malware-serving fake ‘DivX plug-in Required!” Facebook-themed Web page. Once socially engineered users execute the malware variant, their PCs automatically join the botnet operated by the cybercriminals behind the campaign.

Continue Reading »