Posts Tagged: malware


DIY malware cryptor as a Web service spotted in the wild

by

Just how easy is it to generate an undetected piece of malware these days? Too easy to be true, largely thanks to the rise of managed crypting services, and the re-emergence of the DIY (do it yourself) trend within the entire cybercrime ecosystem. With hundreds of thousands of new malware variants processed by the industry on a daily basis, it’s fairly logical to conclude that over the years, the bad guys have adapted to signature-based antivirus scanning protection mechanisms, and have achieved disturbing levels of automation and efficiency. How do they do that? Let’s find out by profiling a recently spotted Web-based DIY […]

Continue Reading »

Fake ‘Verizon Wireless Statement” themed emails lead to Black Hole Exploit Kit

by

On a periodic basis, cybercriminals are spamvertising malicious campaigns impersonating Verizon Wireless to tens of thousands of Verizon customers across the globe in an attempt to trick them into interacting with the fake emails. Throughout 2012, we intercepted two campaigns pretending to come from the company, followed by another campaign intercepted last month. This tactic largely relies on the life cycle of a particular campaign, intersecting with the publicly generated awareness of its maliciousness. In this post, I’ll profile one of the most recently spamvertised campaigns impersonating Verizon Wireless. Not surprisingly, once users click on any of the links found in the malicious emails, they’re […]

Continue Reading »

Malicious ‘RE: Your Wire Transfer’ themed emails serve client-side exploits and malware

by

Over the last couple of days, we’ve been monitoring a persistent attempt to infect tens of thousands of users with malware through a systematic rotation of multiple social engineering themes. What all of these campaigns have in common is the fact that they all share the same malicious infrastructure. Let’s profile one of the most recently spamvertised campaigns, and expose the cybercriminals’ complete portfolio of malicious domains, their related name servers, dropped MD5 and its associated run time behavior. More details:

Continue Reading »

Malware propagates through localized Facebook Wall posts

by

We’ve recently intercepted a localized — to Bulgarian — malware campaign, that’s propagating through Facebook Wall posts. Basically, a malware-infected user would unknowingly post a link+enticing message, in this case “Check it out!“, on their friend’s Walls, in an attempt to abuse their trusted relationship and provoke them to click on the malicious link. Once users click on the link, they’re exposed to the malicious software. More details:

Continue Reading »

Spamvertised IRS ‘Income Tax Refund Turned Down’ themed emails lead to Black Hole Exploit Kit

by

Its tax season and cybercriminals are mass mailing tens of thousands of IRS (Internal Revenue Service) themed emails in an attempt  to trick users into thinking that their income tax refund has been “turned down”. Once users click on any of the links found in the malicious emails, they’re automatically exposed to the client-side exploits served by the Black Hole Exploit Kit. More details:

Continue Reading »

Fake ‘You’ve blocked/disabled your Facebook account’ themed emails serve client-side exploits and malware

by

Cybercriminals are currently spamvertising two separate campaigns, impersonating Facebook Inc., in an attempt to trick its users into thinking that their Facebook account has been disabled. What these two campaigns have in common is the fact that the client-side exploits serving domains are both parked on the same IP. Once users click on any of the links found in the malicious emails, they’re exposed to the client-side exploits served by the Black Hole Exploit Kit. More details:

Continue Reading »

New underground service offers access to thousands of malware-infected hosts

by

Thanks to the success of multiple botnet aggregating malicious campaigns launched in the wild, cybercriminals are launching malware-infected-hosts — also known as loads — as a service type of underground market propositions, in an attempt to monetize the botnet’s infected population by selling “partitioned” access to it. How much does it cost to buy a thousand US-based malware infected hosts? What about hosts based in the European Union? Let’s find out. In this post, I’ll profile a newly launched underground service offering access to thousands of malware-infected hosts to virtually anyone who’s willing to pay the price. More details:

Continue Reading »

New DIY HTTP-based botnet tool spotted in the wild

by

What are cybercrime-facilitating programmers up to when they’re not busy fulfilling custom orders? Releasing DIY (do-it-yourself) user-friendly tools allowing anyone an easy entry into the world of cybercrime, and securing their revenue streams thanks to the active advertisements of these tools across closed cybercrime-friendly Web communities. In this post, I’ll profile a recently advertised DIY HTTP-based botnet tool, that allows virtually anyone to operate their own botnet. More details:

Continue Reading »

Android security tips and Windows AutoRun protection

by

by Armando Orozco Recently, two applications designed with malicious intent were discovered within the Google Play application store.  The apps were built with a façade of being utility cleaners designed to help optimize Android-powered phones, but in reality, both apps had code built in designed to copy private files, including photos, and submit them to remote servers. The applications, named SuperClean and DroidClean, did not stop there. Researchers also found that the malware was able to AutoRun on Windows PC devices when the phones were paired, and infect the main computer.  The malware was designed to record audio through the […]

Continue Reading »

‘Your Kindle e-book Amazon receipt’ themed emails lead to Black Hole Exploit Kit

by

Kindle owners, watch what you click on! Cybercriminals are currently attempting to trick Kindle owners into thinking that they’ve received a receipt from an E-book purchase from Amazon.com. In reality, when users click on any of the links found in the malicious emails, they’re automatically exposed to the  client-side exploits served by the Black Hole Exploit Kit. More details:

Continue Reading »