Posts Tagged: social engineering


Cybercriminals impersonate New York State’s Department of Motor Vehicles (DMV), serve malware

by

By Dancho Danchev Cybercriminals are currently spamvertising tens of thousands of bogus emails impersonating New York State’s Department of Motor Vehicles (DMV) in an attempt to trick users into thinking they’ve received an uniform traffic ticket, that they should open, print and send to their town’s court. In reality, once users open and execute the malicious attachment, their PCs will automatically join the botnet operated by the cybercriminal/cybercriminals behind the campaign. More details:

Continue Reading »

Fake Amazon ‘Your Kindle E-Book Order’ themed emails circulating in the wild, lead to client-side exploits and malware

by

By Dancho Danchev Kindle users, watch what you click on! Cybercriminals are currently mass mailing tens of thousands of fake Amazon “You Kindle E-Book Order” themed emails in an attempt to trick Kindle users into clicking on the malicious links found in these messages. Once they do so, they’ll be automatically exposed to the client-side exploits served by the Black Hole Exploit Kit, ultimately joining the botnet operated by the cybercriminal/cybercriminals that launched the campaign. More details:

Continue Reading »

Citibank ‘Merchant Billing Statement’ themed emails lead to malware

by

Over the past 24 hours, we’ve intercepted yet another spam campaign impersonating Citibank in an attempt to socially engineer Citibank customers into thinking that they’ve received a Merchant Billing Statement. Once users execute the malicious attachment found in the fake emails, their PCs automatically join the botnet operated by the cybercriminal/cybercriminals. More details:

Continue Reading »

New IRC/HTTP based DDoS bot wipes out competing malware

by

Everyday, new vendors offering malicious software enter the underground marketplace. And although many will fail to differentiate their underground market proposition in market crowded with reputable, trusted and verified sellers, others will quickly build their reputation on the basis of their “innovative” work, potentially stealing some market share and becoming rich by offering the tools necessary to facilitate cybercrime. Publicly announced in late 2012, the IRC/HTTP based DDoS bot that I’ll profile in this post has been under constant development. From its initial IRC-based version, the bot has evolved into a HTTP-based one, supporting 10 different DDoS attack techniques as well as possessing a […]

Continue Reading »

A peek inside a CVE-2013-0422 exploiting DIY malicious Java applet generating tool

by

On a regular basis we profile various DIY (do it yourself) releases offered for sale on the underground marketplace with the idea to highlight the re-emergence of this concept which allows virtually anyone obtaining the leaked tools, or purchasing them, to launch targeted malware attacks. Can DIY exploit generating tools be considered as a threat to the market domination of Web malware exploitation kits? What’s the driving force behind their popularity? Let’s find out by profiling a tool that’s successfully generating an exploit (CVE-2013-0422) embedded Web page, relying on malicious Java applets. More details:

Continue Reading »

FedWire ‘Your Wire Transfer’ themed emails lead to malware

by

Over the last day, cybercriminals have launched yet another massive email campaign to impersonate FedWire in an attempt to trick users into thinking that their wire transfer was processed incorrectly. Once they execute the malicious attachment, their PCs automatically become part of the botnet operated by the cybercriminal/gang of cybercriminals. More details:

Continue Reading »

Managed ‘Russian ransomware’ as a service spotted in the wild

by

By Dancho Danchev In 2013, you no longer need to posses sophisticated programming skills to manage a ransomware botnet, potentially tricking tens of thousands of gullible users, per day, into initiating a micro-payment to pay the ransom for having their PC locked down. You’ve got managed ransomware services doing it for you. In this post I’ll profile a recently spotted underground market proposition detailing the success story of a ransomware botnet master that’s been in business for over 4 years, claiming to be earning over five hundred thousands rubles per month. More details:

Continue Reading »

Cybercriminals impersonate Bank of America (BofA), serve malware

by

Relying on tens of thousands of fake “Your transaction is completed” emails, cybercriminals have just launched yet another malicious spam campaign attempting to socially engineer Bank of America’s (BofA) customers into executing a malicious attachment. Once unsuspecting users do so, their PCs automatically join the botnet operated by the cybercriminal/gang of cybercriminals operating it, leading to a successful compromise of their hosts. More details:

Continue Reading »

Fake ‘DHL Delivery Report’ themed emails lead to malware

by

Over the past couple of days, cybercriminals have launched two consecutive malware campaigns impersonating DHL in an attempt to trick users into thinking that they’ve received a parcel delivery notification. The first campaign comes with a malicious attachment, whereas in the second, the actual malicious archive is located on a compromised domain. More details:

Continue Reading »

Historical OSINT – The ‘Boston Marathon explosion’ and ‘Fertilizer plant explosion in Texas’ themed malware campaigns

by

Following the recent events, opportunistic cybercriminals have been spamvertising tens of thousands of malicious emails in an attempt to capitalize on on the latest breaking news. We’re currently aware of two “Boston marathon explosion” themed campaigns that took place last week, one of which is impersonating CNN, and another is using the “fertilizer plant exposion in Texas” theme, both of which redirect to either the RedKit or the market leading Black Hole Exploit Kit. Let’s profile the campaigns that took place last week, with the idea to assist in the ongoing attack attribution process. More details:

Continue Reading »