Posts Tagged: security


New Russian DIY DDoS bot spotted in the wild

by

Over the last couple of years, the modular and open source nature of today’s modern DDoS (distributed denial of service) bots inevitably resulted in the rise of the DDoS for hire and DDoS extortion monetization schemes within the cybercrime ecosystem. These maturing business models require constant innovation on behalf of the cybercriminals providing the easy to use and manage DIY DDoS bots, the foundation of these business models. What are some of the latest developments in this field? Are the malware coders behind these releases actually innovating, or are they basically re-branding old malware bots and reintroducing them on the […]

Continue Reading »

From Russia with iPhone selling affiliate networks

by

With affiliate networks continuing to represent among the few key growth factors of the cybercrime ecosystem, it shouldn’t be surprising that cybercriminals continue introducing new services and goods with questionable quality and sometimes unknown origins on the market, with the idea to entice potential network participants into monetizing the traffic they can deliver through black hat SEO (Search Engine Optimization), malvertising, and spam campaigns. In this post, I’ll profile a recently launched affiliate network selling iPhones that primarily targets Russian-speaking customers, and emphasizes the traffic acquisition scheme used by one of the network’s participants. More details:

Continue Reading »

New E-shop selling stolen credit cards data spotted in the wild

by

What happens once a cybercriminal has managed to obtain access to your credit card data by either compromising an insecure database, or through crimeware dropped on an affected host? Would he purchase blank plastic and holograms and embed the stolen data in an attempt to cash out as much money as possible, or would he look for alternative “risk forwarding” tactics to earn revenue while preserving his security and anonymity in the process? It depends on the cybercriminal in question. In this post, I’ll profile a recently launched E-shop offering complete access to stolen credit cards data ┬áprimarily belonging┬áto U.S […]

Continue Reading »

A peek inside a boutique cybercrime-friendly E-shop – part four

by

Over the past couple of months, I’ve been periodically profiling the monetization tactics applied by novice cybercriminals, a market segment of less technically sophisticated individuals looking for ways to cash out on their fraudulent Web activities. The rise of this market segment can be contributed to the rise of managed cybercrime-friendly services and DIY tools, allowing everyone an easy entry into the world of cybercrime. In this post, I’ll profile yet another recently launched cybercrime-friendly E-shop, and emphasize the emergence of these over-the-counter (OTC) trading E-shops. More details:

Continue Reading »

Managed Ransomware-as-a-Service spotted in the wild

by

Over the past several quarters, we’ve witnessed the rise of the so called Police Ransomware also known as Reveton. From fully working host lock down tactics, to localization in multiple languages and impersonation of multiple international law enforcement agencies, its authors proved that they have the means and the motivation to continue developing the practice, while earning tens of thousands of fraudulently obtained funds. What’s driving the growth of Police Ransomware? What’s the current state of this market segment? Just how easy is it to start distributing Police Ransomware and earn fraudulently obtained funds in between? In this post, I’ll […]

Continue Reading »

Cybercriminals impersonate FDIC, serve client-side exploits and malware

by

Over the past 24 hours, cybercriminals started spamvertising millions of emails impersonating the Federal Deposit Insurance Corporation (FDIC), in an attempt to trick businesses into installing a bogus and non-existent security tool promoted in the emails. Upon clicking on the links, users are exposed to the client-side exploits served by the Black Hole Exploit Kit. More details:

Continue Reading »

Spamvertised ‘US Airways reservation confirmation’ themed emails serve exploits and malware

by

Cybercriminals are currently spamvertising millions of emails impersonating U.S Airways, in an attempt to trick users into clicking on the malicious links found in the legitimately looking emails. Let’s dissect the malicious campaign, and expose its dynamics. More details:

Continue Reading »

New Russian DIY SMS flooder using ICQ’s SMS sending feature spotted in the wild

by

In order to emphasize on the growing trend of cybercriminals abusing legitimate infrastructure for their malicious purposes, last week, I profiled a DIY SMS flooder using Skype’s SMS-sending capability to launch a DoS (denial of service attack) against a user’s mobile device. This week, I’ll continue providing factual evidence for the emergence of this trend, by profiling yet another recently released DIY SMS flooder, this time abusing ICQ’s sms-sending feature. More details:

Continue Reading »

Spamvertised ‘Your Fedex invoice is ready to be paid now’ themed emails lead to Black Hole Exploit kit

by

Over the past 24 hours, cybercriminals have launched yet another massive spam run, this time impersonating FedEx in an attempt to trick its customers into clicking on a malware and exploits-serving URL found in the malicious email. More details:

Continue Reading »

A Primer for Secure Coding in PHP and MySQL

by

PHP is an incredibly popular language for creating dynamic web applications — websites such as Facebook are built on it. This can be attributed to many reasons; it is easy to learn, easy to install and does not require the user to compile code. An unfortunate side effect of the ease of development with PHP is a tendency to ignore security during the development process. In this post I will discuss some of the ways to make your PHP apps more secure. I will go through creating a PHP web app that connects to a MySQL back end database. The […]

Continue Reading »