Posts Tagged: security


Apple’s Sept 9 Event: New (and larger) iPhones and (gasp), a Watch!

by

Well, September 9th is here, and the launch of Destiny, one of the most (if not the most) anticipated video games ever, isn’t the only major piece of news coming out of the tech world today. You may have heard that one Cupertino fruit-logo’d tech company had an event today. And now the details of Apple’s next big(ger) things are official. Initial takeaway? They’re pretty in-line with the the rumors that have been swirling around for months now. In other words, people got a lot of what they were expecting. Is that a good or bad thing? Depends on what camp you’re in. Probably. […]

Continue Reading »

Sony’s PSN Network Haymaker’d by DDoS Attack; Exec’s Plane Grounded Over Bomb Threat

by

Sony had a rough weekend. And not just Sony; last weekend wasn’t the best time to be a gamer. Here’s the skinny… Early yesterday morning, Sony’s PlayStation Network (PSN for short) was hit with a massive Distributed Denial of Service (DDoS) attack, causing it to crash temporarily and hamper online play for many PlayStation gamers. (Source: Google Images) Sony Online Entertainment President John Smedley quickly took to Twitter to let users know about the attack before tweeting that he’d be offline for three hours as he flew back to San Diego from Dallas on AA Flight #362. Well, not long […]

Continue Reading »

8 Tips to Stay Safe Online

by

Yesterday, the New York Times published an exclusive story on what many are stating to be the largest series of hacks ever, all revealed by Hold Security in their latest report.  With a report of over 1.2 billion unique username-password combinations and over 500 million e-mail addressed amassed by a Russian hacker group dubbed CyberVol (vol is Russian for thief).  While the reactions among the security industry are mixed, with some researchers raising a few questions of the masterwork behind the hack, the story does bring to the public’s attention the necessity of strong, personal, online security policies for all […]

Continue Reading »

A Look at PC Gamer Security

by

In the new study on security and PC gamers, Webroot found that many gamers sacrifice their protection to maximize system performance and leave themselves vulnerable to phishing attacks and gaming-focused malware. The study also provides tips for protecting gaming credentials and safeguarding against phishing attacks. Webroot PC Gamer Security Study Findings: 47% experienced an online attack with 55% of the attacks impacting system performance. 35% of PC gamers choose not to use security or rely on free clean-up tools. “Does not slow down system performance” ranked among the most important security program characteristic to gamers and Webroot has the first […]

Continue Reading »

A peek inside a commercially available Android-based botnet for hire

by

Relying on the systematic release of DIY (do-it-yourself) mobile malware generating tools, commercial availability of mobile malware releases intersecting with the efficient exploitation of legitimate Web sites through fraudulent underground traffic exchanges, as well as the utilization of cybercrime-friendly affiliate based revenue sharing schemes, cybercriminals continue capitalizing on the ever-growing Android mobile market segment for the purpose of achieving a positive ROI (return on investment) for their fraudulent activities. We’ve recently spotted yet another underground market proposition offering access to Android-based infected devices. Let’s take a peek inside its Web-based command and control interface, discuss its features, as well as the proposition’s relevance […]

Continue Reading »

Spamvertised ‘Customer Daily Statement’ themed emails lead to malware

by

Cybercriminals continue to efficiently populate their botnets, through the systematic and persistent spamvertising of tens of thousands of fake emails, for the purpose of socially engineering gullible end users into executing the malicious attachments found in the rogue emails. We’ve recently intercepted a currently circulating malicious campaign, impersonating Barkeley Futures Limited, tricking users into thinking that they’ve received a legitimate “Customer Daily Statement”.

Continue Reading »

Spamvertised ‘June invoice” themed emails lead to malware

by

Cybercriminals continue spamvertising tens of thousands of malicious emails on their way to socially engineer gullible end users, ultimately increasing their botnet’s infected population through the systematic and persistent rotation of popular brands. We’ve recently intercepted a currently circulating malicious campaign enticing users into executing the fake attachment. More details:

Continue Reading »

Malicious Web-based Java applet generating tool spotted in the wild

by

Despite the prevalence of Web based client-side exploitation tools as the cybercrime ecosystem’s primary infection vector, in a series of blog posts, we’ve been emphasizing on the emergence of managed/hosted/DIY malicious Java applet generating tools/platforms, highlighting the existence of a growing market segment relying on ‘visual social engineering’ vectors for the purpose of tricking end users into executing malicious/rogue/fake Java applets, ultimately joining a cybercriminal’s botnet. We’ve recently spotted yet another Web based Java drive-by generating tool, and decided to take a peek inside the malicious infrastructure supporting it.

Continue Reading »

Long run compromised accounting data based type of managed iframe-ing service spotted in the wild

by

In a cybercrime ecosystem dominated by DIY (do-it-yourself) malware/botnet generating releases, populating multiple market segments on a systematic basis, cybercriminals continue seeking new ways to acquire and efficiently monetize fraudulently obtained accounting data, for the purpose of achieving a positive ROI (Return on Investment) on their fraudulent operations. In a series of blog posts, we’ve been detailing the existence of commercially available server-based malicious script/iframe injecting/embedding releases/platforms utilizing legitimate infrastructure for the purpose of hijacking legitimate traffic, ultimately infecting tens of thousands of legitimate users. We’ve recently spotted a long-run Web-based managed malicious/iframe injecting/embedding service relying on compromised accounting data for legitimate traffic acquisition […]

Continue Reading »

A peek inside a newly launched all-in-one E-shop for cybercrime-friendly services

by

Cybercriminals continue diversifying their portfolios of standardized fraudulent services, in an attempt to efficiently monetize their malicious ‘know-how’, further contributing to the growth of the cybercrime ecosystem. In a series of blog posts highlighting the emergence of the boutique cybercrime-friendly E-shops, we’ve been emphasizing on the over-supply of compromised/stolen accounting data, efficiently aggregated through the TTPs (tactics, techniques and procedures) described in our “Cybercrime Trends – 2013” observations. We’ve recently spotted a newly launched all-in-one cybercrime-friendly E-shop, offering a diversified portfolio of managed/DIY services/products, exposing a malicious infrastructure worth keeping an eye on. Let’s take a peek inside the E-shop’s inventory […]

Continue Reading »