Posts Tagged: Malicious Software


Spamvertised BBB ‘Your Accreditation Terminated” themed emails lead to Black Hole Exploit Kit

by

Over the past week, a cybercriminal/gang of cybercriminals whose activities we’ve been actively profiling over a significant period of time, launched two separate massive spam campaigns, this time impersonating the Better Business Bureau (BBB), in an attempt to trick users into thinking that their BBB accreditation has been terminated. Once users click on any of the links found in the malicious emails, they’re automatically exposed to the client-side exploits served by the Black Hole Exploit Kit. More details:

Continue Reading »

Fake BofA CashPro ‘Online Digital Certificate” themed emails lead to malware

by

By Dancho Danchev Over the past 24 hours, we intercepted tens of thousands of malicious emails attempting to socially engineering BofA’s CashPro users into downloading and executing a bogus online digital certificate attached to the fake emails. More details:

Continue Reading »

Cybercriminals release new Java exploits centered exploit kit

by

Yesterday, a relatively unknown group of cybercriminals publicly announced the availability of a new Web malware exploitation kit. What’s so special about it is the fact that its current version is entirely based on Java exploits (CVE-2012-1723 and CVE-2013-0431), naturally, with “more exploits to be introduced any time soon”. Let’s take a peek at the statistics and infection rates produced by this kit, as well as discuss its potential, or lack thereof, to cause widespread damage to endpoints internationally. More details:

Continue Reading »

New DIY IRC-based DDoS bot spotted in the wild

by

Thanks to basic disruptive factors like standardization, DIY (do it yourself) underground market releases, Cybercrime-as-a-Service ”value added” propositions, efficiency-centered client-side exploitation process, QA (Quality Assurance), and adaptation to the ubiquitous endpoint protection mechanisms, such as for instance, signatures-based antivirus scanning, the cybercrime ecosystem is currently enjoying the monetary joys of its mature state. In this post, I’ll profile a recently advertised DIY IRC-based DDoS bot, with an emphasis on how market followers, like the author of the bot, attempt to steal market share from the competition. Successful or not, this trend has been taking place for years, and based on the positive type and number of “satisfied customer” comments […]

Continue Reading »

How much does it cost to buy 10,000 U.S.-based malware-infected hosts?

by

Earlier this month, we profiled and exposed a newly launched underground service offering access to tens of thousands of malware-infected hosts, with an emphasis on the fact that U.S.-based hosts were relatively more expensive to acquire, largely due to the fact that U.S.-based users are known to have a higher online purchasing power. How much does it cost to buy 10,000 U.S.-based malware-infected hosts? Let’s find out. In this post, I’ll profile yet another service offering access to malware-infected hosts internationally, that’s been operating since the middle of 2012, and despite the fact that it’s official Web site is currently […]

Continue Reading »

Malicious ‘Data Processing Service’ ACH File ID themed emails serve client-side exploits and malware

by

A cybercriminal/gang of cybercriminals that we’ve been closely monitoring for a while now has just launched yet another spam campaign, this time impersonating the “Data Processing Service” company, in an attempt to trick its customers into interacting with the malicious emails. Once they do so, they are automatically exposed to the client-side exploits served by the Black Hole Exploit Kit. In this post, I’ll profile their latest campaign and the dropped malware. I will also establish a direct connection between this and three other previously profiled malicious campaigns, as well as an ongoing money mule campaign, all of which appear […]

Continue Reading »

DIY malware cryptor as a Web service spotted in the wild

by

Just how easy is it to generate an undetected piece of malware these days? Too easy to be true, largely thanks to the rise of managed crypting services, and the re-emergence of the DIY (do it yourself) trend within the entire cybercrime ecosystem. With hundreds of thousands of new malware variants processed by the industry on a daily basis, it’s fairly logical to conclude that over the years, the bad guys have adapted to signature-based antivirus scanning protection mechanisms, and have achieved disturbing levels of automation and efficiency. How do they do that? Let’s find out by profiling a recently spotted Web-based DIY […]

Continue Reading »

Fake ‘Verizon Wireless Statement” themed emails lead to Black Hole Exploit Kit

by

On a periodic basis, cybercriminals are spamvertising malicious campaigns impersonating Verizon Wireless to tens of thousands of Verizon customers across the globe in an attempt to trick them into interacting with the fake emails. Throughout 2012, we intercepted two campaigns pretending to come from the company, followed by another campaign intercepted last month. This tactic largely relies on the life cycle of a particular campaign, intersecting with the publicly generated awareness of its maliciousness. In this post, I’ll profile one of the most recently spamvertised campaigns impersonating Verizon Wireless. Not surprisingly, once users click on any of the links found in the malicious emails, they’re […]

Continue Reading »

Malicious ‘RE: Your Wire Transfer’ themed emails serve client-side exploits and malware

by

Over the last couple of days, we’ve been monitoring a persistent attempt to infect tens of thousands of users with malware through a systematic rotation of multiple social engineering themes. What all of these campaigns have in common is the fact that they all share the same malicious infrastructure. Let’s profile one of the most recently spamvertised campaigns, and expose the cybercriminals’ complete portfolio of malicious domains, their related name servers, dropped MD5 and its associated run time behavior. More details:

Continue Reading »

Malware propagates through localized Facebook Wall posts

by

We’ve recently intercepted a localized — to Bulgarian — malware campaign, that’s propagating through Facebook Wall posts. Basically, a malware-infected user would unknowingly post a link+enticing message, in this case “Check it out!“, on their friend’s Walls, in an attempt to abuse their trusted relationship and provoke them to click on the malicious link. Once users click on the link, they’re exposed to the malicious software. More details:

Continue Reading »