Posts Tagged: malware


New commercially available mass FTP-based proxy-supporting doorway/malicious script uploading application spotted in the wild

by

For many years now, cybercriminals have been efficiency abusing both legitimate compromised and automatically registered FTP accounts (using CAPTCHA outsourcing) in an attempt to monetize the process by uploading cybercrime-friendly ‘doorways’ or plain simple malicious scripts to be used later on in their campaigns. This practice led to the emergence of DIY (do-it-yourself) tools and managed service platforms that allow virtually anyone to start monetizing these fraudulently or automatically registered accounting data, signaling a trend towards an efficiency-driven cybercrime ecosystem – a concept that’s been materializing on a daily basis for a couple of years. In this post, I’ll profile a desktop-based tool that allows cybercriminals […]

Continue Reading »

Cybercriminals spamvertise tens of thousands of fake ‘Your Booking Reservation at Westminster Hotel’ themed emails, serve malware

by

By Dancho Danchev Cybercriminals are currently mass mailing tens of thousands of fake emails impersonating the Westminster Hotel, in an attempt to trick users into thinking that they’ve received a legitimate booking confirmation. In reality through, once the socially engineered users execute the malicious attachments, their PCs automatically join the botnet operated by the cybercriminals behind the campaign. More details:

Continue Reading »

Spamvertised ‘Export License/Invoice Copy’ themed emails lead to malware

by

By Dancho Danchev We’ve just intercepted a currently circulating malicious spam campaign consisting of tens of thousands of fake ‘Export License/Invoice Copy’ themed emails, enticing users into executing the malicious attachment. Once the socially engineered users do so, their PCs automatically become part of the botnet operated by the cybercriminals behind the campaign. More details:

Continue Reading »

Android.Bankun: Bank Information Stealing Application On Your Android Device

by

By Nathan Collier There’s one variant of Android.Bankun that is particularly interesting to me.  When you look at the manifest it doesn’t have even one permission.  Even wallpaper apps have internet permissions.  Having no permissions isn’t a red flag for being malicious though.  In fact, it may even make you lean towards it being legitimate. There is one thing that thing that gives Android.Bankun a red flag though.  The package name of com.google.bankun instantly makes me think something is fishy.  To the average user the word ‘Google’ is seen as a word to be trusted.  This is especially true when […]

Continue Reading »

Cybercriminals experiment with Tor-based C&C, ring-3-rootkit empowered, SPDY form grabbing malware bot

by

By Dancho Danchev Keeping in pace with the latest and most widely integrated technologies, with the idea to abuse them in a fraudulent/malicious way, is an everyday reality in today’s cybercrime ecosystem that continues to be over-supplied with modified and commoditized malicious software. This is achieved primarily through either leaked source code or a slightly different set of ‘common’ malware ‘features’ branded under a different name. What are cybercriminals up to in terms of experimenting with command and control infrastructure? How are they responding to the introduction of new protocols such as, for instance, SPDY, embedded deep into the most popular Internet browsers? Let’s find out. […]

Continue Reading »

Adobe Flash spoof leads to infectious audio ads

by

By Tyler Moffitt We’ve seen quite a few audio ads infecting users recently. We think it’s a good idea to go over an in-depth look at how they infect your computer and how to remediation them. As you can see in this first picture, this is another Adobe Flash spoof that launches its signature update window. You might not be able to see, but the “f” is a little off on the tiny icon at the top left. Either way it looks quite legitimate. It doesn’t matter what option you check; once you click “NEXT” you’ll get this next window. […]

Continue Reading »

New E-Shop sells access to thousands of malware-infected hosts, accepts Bitcoin

by

Thanks to the buzz generated over the widespread adoption of the decentralized P2P based E-currency, Bitcoin, we continue to observe an overall increase in international underground market propositions that accept it as means for fellow cybercriminals to pay for the goods/services that they want to acquire. In this post, I’ll profile yet another recently launched E-shop selling access to thousands of malware-infected hosts, which compared to the previous E-shops that we’ve profiled, is directly promoting the use of ransomware, click fraud facilitating bots and bitcoin mining tools on the malware-infected hosts purchased through the service. More details:

Continue Reading »

How cybercriminals apply Quality Assurance (QA) to their malware campaigns before launching them

by

By Dancho Danchev In 2013, the use of basic Quality Assurance (QA) practices has become standard practice for cybercrininals when launching a new campaign. In an attempt to increase the probability of a successful outcome for their campaigns — think malware infection, increased visitor-to-malware infected conversion, improved conversion of blackhat SEO acquired traffic leading to the purchase of counterfeit pharmaceutical items etc. — it has become a common event to observe the bad guys applying QA tactics, before, during, and after a malicious/fraudulent campaign has reached its maturity state, all for the sake of earning as much money as possible, naturally, through fraudulent means. In this post we’ll profile […]

Continue Reading »

Fake ‘Unsuccessful Fax Transmission’ themed emails lead to malware

by

Have you sent an eFax recently? Watch out for an ongoing malicious spam campaign that tries to convince you that there’s been an unsuccessful fax transmission. Once socially engineered users execute the malicious attachment found in the fake emails, their PCs automatically join the botnet of the cybercriminals behind the campaign. More details:

Continue Reading »

New E-shop sells access to thousands of hacked PCs, accepts Bitcoin

by

Remember the E-shop offering access to hacked PCs, based on malware ‘executions’ that we profiled last month? We have recently spotted a newly launched, competing E-shop, once again selling access to hacked PCs worldwide, based on malware ‘executions’. However, this time, there’s no limit to the use of (competing) bot killers, meaning that the botnet master behind the service has a higher probability of achieving market efficiency compared to their “colleague.” Additionally, the botnet master won’t have to manually verify the presence of bot killers and will basically aim to sell access to as many hacked PCs as possible. More details:

Continue Reading »