Posts Tagged: Spamming


Google’s reCAPTCHA under automatic fire from a newly launched reCAPTCHA-solving/breaking service

by

It can be easily argued, that CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart), is the modern day’s ‘guardian of the Web’, in the context of preventing the mass, systematic, and efficient abuse of virtually each and every Web property there is. Over the years, CAPTCHA developers continued to strike a balance between the actual usability and sophistication/resilience to attacks, while excluding the beneath the radar emergence of a trend, which would later on prove to successfully exploit a fundamental flaw in the very concept of the CAPTCHA process. Namely, the fact that, the very same humans […]

Continue Reading »

Source code for proprietary spam bot offered for sale, acts as force multiplier for cybercrime-friendly activity

by

In a professional cybercrime ecosystem, largely resembling that of a legitimate economy, market participants constantly strive to optimize their campaigns, achieve stolen assets liquidity, and most importantly, aim to reach a degree of efficiency that would help them gain market share. Thus, help them secure multiple revenue streams. Despite the increased transparency on the Russian/Easter European underground market — largely thanks to improved social networking courtesy of the reputation-aware cybercriminals wanting to establish themselves as serious vendors — certain newly joining vendors continue being a victim of their market-irrelevant ‘biased exclusiveness’ in terms of the unique value propositon (UVP) presented […]

Continue Reading »

How to avoid unwanted software

by

We’ve all seen it; maybe it’s on your own computer, or that of a friend, your spouse, child, or parent. Your home page has been changed to some search engine you’ve never heard of, there’s a new, annoying toolbar in your browser. Maybe you’re getting popup ads or have a rogue security product claiming you’re infected and asking you to buy the program to remove the infection. Even worse, you don’t know how it got there! Welcome to the world of Potentially Unwanted Applications (PUAs.) Chances are that these programs were inadvertently installed while installing software from sites that use […]

Continue Reading »

DIY Craigslist email collecting tools empower spammers with access to fresh/valid email addresses

by

By Dancho Danchev In need of a good reason to start using Craigslist ‘real email anonymization’ option? We’re about to give you a pretty good one. For years, the popular classified Web site has been under fire from spammers using DIY email collecting tools, allowing them to easily obtain fresh and valid emails to later be abused in fraudulent/malicious campaigns. Let’s take a peek at some of the DIY Craigslist themed spamming tools currently in (commercial) circulation. More details:

Continue Reading »

From Vietnam with tens of millions of harvested emails, spam-ready SMTP servers and DIY spamming tools

by

How would a cybercriminal differentiate his unique value proposition (UVP) in order to attract new customers wanting to purchase commoditized underground market items like, for instance, harvested and segmented email databases? He’d impress them with comprehensiveness and ‘vertically integrated’ products and services. At least that’s what the cybercriminals behind the cybercrime-friendly market proposition I’m about to profile in this post are doing. Tens of millions of harvested and segmented email databases, spam-ready bulletproof SMTP servers and DIY spamming tools, this one-stop-shop for novice spammers is also a great example of an OPSEC-unaware vendor who’s not only accepting Western Union/Money Gray payments, […]

Continue Reading »

Spamvertised ‘Export License/Invoice Copy’ themed emails lead to malware

by

By Dancho Danchev We’ve just intercepted a currently circulating malicious spam campaign consisting of tens of thousands of fake ‘Export License/Invoice Copy’ themed emails, enticing users into executing the malicious attachment. Once the socially engineered users do so, their PCs automatically become part of the botnet operated by the cybercriminals behind the campaign. More details:

Continue Reading »

How mobile spammers verify the validity of harvested phone numbers – part two

by

Just as we anticipated earlier this year in our “How mobile spammers verify the validity of harvested phone number” post, mobile spammers and cybercriminals in general will continue ensuring that QA (Quality Assurance) is applied to their upcoming campaigns. This is done in an attempt to both successfully reach a wider audience and to charge a higher price for a verified database of mobile numbers. In this post I’ll profile yet another commercially available phone/mobile number verification tool that’s exclusively supporting Huawei 3G USB modems. More details:

Continue Reading »

Cybercriminals offer spam-friendly SMTP servers for rent

by

In times when modern cybercriminals take advantage of the built-in SMTP engines in their malware platforms, as well as efficient and systematic abuse of Web-based email service providers for mass mailing fraudulent or malicious campaigns, others seem to be interested in the resurrection of an outdated, but still highly effective way to send spam, namely, through spam-friendly SMTP servers. In this post, I’ll profile a recently posted underground market ad for spam-friendly SMTP servers, offered for sale for $30 on a monthly basis. More details:

Continue Reading »

Segmented Russian “spam leads” offered for sale

by

What is the Russian underground up to when it comes to ‘spear phishing’ attacks? How prevalent is the tactic among Russian cybercriminals? What “data acquisition tactics” do they rely on, and just how sophisticated are their “data mining” capabilities? Let’s find out by emphasizing on a recent underground market advertisement offering access to data which can greatly improve the click-through rate for a spear phishing campaign. The irony? It’s being pitched as “spam leads”. More details:

Continue Reading »