Posts Tagged: Spam Campaign


Cybercriminals resume spamvertising ‘Re: Fwd: Wire Transfer’ themed emails, serve client-side exploits and malware

by

Over the last couple of days, a cybercricriminal/gang of cybercriminals that we’ve been extensively profiling, resumed spamvertising tens of thousands of emails, in an attempt to trick users that they have a pending wire transfer. Once users click on any of the links found in the malicious emails, they’re exposed to the client-side exploits served by the Black Hole Exploit Kit. More details:

Continue Reading »

Spamvertised BBB ‘Your Accreditation Terminated” themed emails lead to Black Hole Exploit Kit

by

Over the past week, a cybercriminal/gang of cybercriminals whose activities we’ve been actively profiling over a significant period of time, launched two separate massive spam campaigns, this time impersonating the Better Business Bureau (BBB), in an attempt to trick users into thinking that their BBB accreditation has been terminated. Once users click on any of the links found in the malicious emails, they’re automatically exposed to the client-side exploits served by the Black Hole Exploit Kit. More details:

Continue Reading »

Fake BofA CashPro ‘Online Digital Certificate” themed emails lead to malware

by

By Dancho Danchev Over the past 24 hours, we intercepted tens of thousands of malicious emails attempting to socially engineering BofA’s CashPro users into downloading and executing a bogus online digital certificate attached to the fake emails. More details:

Continue Reading »

Malicious ‘Data Processing Service’ ACH File ID themed emails serve client-side exploits and malware

by

A cybercriminal/gang of cybercriminals that we’ve been closely monitoring for a while now has just launched yet another spam campaign, this time impersonating the “Data Processing Service” company, in an attempt to trick its customers into interacting with the malicious emails. Once they do so, they are automatically exposed to the client-side exploits served by the Black Hole Exploit Kit. In this post, I’ll profile their latest campaign and the dropped malware. I will also establish a direct connection between this and three other previously profiled malicious campaigns, as well as an ongoing money mule campaign, all of which appear […]

Continue Reading »

Fake ‘Verizon Wireless Statement” themed emails lead to Black Hole Exploit Kit

by

On a periodic basis, cybercriminals are spamvertising malicious campaigns impersonating Verizon Wireless to tens of thousands of Verizon customers across the globe in an attempt to trick them into interacting with the fake emails. Throughout 2012, we intercepted two campaigns pretending to come from the company, followed by another campaign intercepted last month. This tactic largely relies on the life cycle of a particular campaign, intersecting with the publicly generated awareness of its maliciousness. In this post, I’ll profile one of the most recently spamvertised campaigns impersonating Verizon Wireless. Not surprisingly, once users click on any of the links found in the malicious emails, they’re […]

Continue Reading »

Malicious ‘RE: Your Wire Transfer’ themed emails serve client-side exploits and malware

by

Over the last couple of days, we’ve been monitoring a persistent attempt to infect tens of thousands of users with malware through a systematic rotation of multiple social engineering themes. What all of these campaigns have in common is the fact that they all share the same malicious infrastructure. Let’s profile one of the most recently spamvertised campaigns, and expose the cybercriminals’ complete portfolio of malicious domains, their related name servers, dropped MD5 and its associated run time behavior. More details:

Continue Reading »

Spamvertised IRS ‘Income Tax Refund Turned Down’ themed emails lead to Black Hole Exploit Kit

by

Its tax season and cybercriminals are mass mailing tens of thousands of IRS (Internal Revenue Service) themed emails in an attempt  to trick users into thinking that their income tax refund has been “turned down”. Once users click on any of the links found in the malicious emails, they’re automatically exposed to the client-side exploits served by the Black Hole Exploit Kit. More details:

Continue Reading »

Fake ‘You’ve blocked/disabled your Facebook account’ themed emails serve client-side exploits and malware

by

Cybercriminals are currently spamvertising two separate campaigns, impersonating Facebook Inc., in an attempt to trick its users into thinking that their Facebook account has been disabled. What these two campaigns have in common is the fact that the client-side exploits serving domains are both parked on the same IP. Once users click on any of the links found in the malicious emails, they’re exposed to the client-side exploits served by the Black Hole Exploit Kit. More details:

Continue Reading »

‘Your Kindle e-book Amazon receipt’ themed emails lead to Black Hole Exploit Kit

by

Kindle owners, watch what you click on! Cybercriminals are currently attempting to trick Kindle owners into thinking that they’ve received a receipt from an E-book purchase from Amazon.com. In reality, when users click on any of the links found in the malicious emails, they’re automatically exposed to the  client-side exploits served by the Black Hole Exploit Kit. More details:

Continue Reading »

Fake FedEx ‘Tracking ID/Tracking Number/Tracking Detail’ themed emails lead to malware

by

On a daily basis, we intercept hundreds of thousands of fraudulent or malicious emails whose purpose is to either infect users with malicious software or turn them into victims of fraudulent schemes. About 99% of these campaigns rely on social engineering tactics, and in the cases where they don’t include direct links to the actual malware, they direct users to the market leading Black Hole Exploit Kit. In terms of volume and persistence, throughout January, 2013, a single malicious campaign impersonating FedEx topped our metrics data. What’s so special about this campaign? It’s the fact that the digital fingerprint of one of the most […]

Continue Reading »