Posts Tagged: Spamvertised


Spamvertised ‘Customer Daily Statement’ themed emails lead to malware

by

Cybercriminals continue to efficiently populate their botnets, through the systematic and persistent spamvertising of tens of thousands of fake emails, for the purpose of socially engineering gullible end users into executing the malicious attachments found in the rogue emails. We’ve recently intercepted a currently circulating malicious campaign, impersonating Barkeley Futures Limited, tricking users into thinking that they’ve received a legitimate “Customer Daily Statement”.

Continue Reading »

Spamvertised ‘June invoice” themed emails lead to malware

by

Cybercriminals continue spamvertising tens of thousands of malicious emails on their way to socially engineer gullible end users, ultimately increasing their botnet’s infected population through the systematic and persistent rotation of popular brands. We’ve recently intercepted a currently circulating malicious campaign enticing users into executing the fake attachment. More details:

Continue Reading »

Malicious JJ Black Consultancy ‘Computer Support Services’ themed emails lead to malware

by

Relying on the systematic and persistent spamvertising of tens of thousands of fake emails, as well as the impersonation of popular brands for the purpose of socially engineering gullible users into downloading and executing malicious attachments found in these emails, cybercriminals continue populating their botnets. We’ve recently intercepted a currently circulating malicious campaign, impersonating JJ Black Consultancy. More details:

Continue Reading »

Spamvertised ‘Notification of payment received’ themed emails lead to malware

by

PayPal users, watch what you click on! We’ve recently intercepted a currently circulating malicious spamvertised campaign which is impersonating PayPal in an attempt to trick socially engineered end users into clicking on the malware-serving links found in the emails. More details:   Sample screenshot of the spamvertised email:

Continue Reading »

Multiple spamvertised bogus online casino themed campaigns intercepted in the wild

by

Regular readers of Webroot’s Threat Blog are familiar with our series of posts detailing the proliferation of social engineering driven, privacy-violating campaigns serving W32/Casino variants. Relying on affiliate based revenue sharing schemes and spamvertised campaigns as the primary distribution vectors, the rogue operators behind them continue tricking tens of thousands of gullible users into installing the malicious applications. We’ve recently intercepted a series of spamvertised campaigns distributing W32/Casino variants. Let’s profile the campaigns, provide actionable intelligence on the rogue domains involved in the campaigns, as well as related MD5s known to have interacted with the same rogue infrastructure. More details:

Continue Reading »

Spamvertised ‘You received a new message from Skype voicemail service’ themed emails lead to Angler exploit kit

by

We’ve just intercepted a currently circulating malicious spam campaign that’s attempting to trick potential botnet victims into thinking that they’ve received a legitimate Voice Message Notification from Skype. In reality though, once socially engineered users click on the malicious link found in the bogus emails, they’re automatically exposed to the client-side exploits served by the Angler exploit kit. More details:

Continue Reading »

Spamvertised ‘Image has been sent’ Evernote themed campaign serves client-side exploits

by

Cybercriminals continue to populate their botnets, with new infected hosts, through the persistent and systematic spamvertising of tens of thousands of fake emails which impersonate popular and well known brands – all in an attempt to socially engineer prospective victims into interacting with the scam. We’ve recently intercepted a currently circulating malicious spam campaign, impersonating Evernote, serving client-side exploits to prospective victims who click on the links found in the fake emails. More details:

Continue Reading »

‘Adobe License Service Center Order NR’ and ‘Notice to appear in court’ themed malicious spam campaigns intercepted in the wild

by

Happy New Year, everyone! Despite the lack of blog updates over the Holidays, we continued to intercept malicious campaigns over the same period of time, proving that the bad guys never take holidays. In this post, I’ll profile two prolific, social engineering driven type of malicious spam campaigns that we intercepted over the Holiday season, and naturally (proactively) protected you from. More details:

Continue Reading »

Cybercrime Trends 2013 – Year in Review

by

It’s that time of the year! The moment when we reflect back on the cybercrime tactics, techniques and procedures (TTPs) that shaped 2013, in order to constructively speculate on what’s to come for 2014 in terms of fraudulent and malicious campaigns, orchestrated by opportunistic cybercriminal adversaries across the globe. Throughout 2013, we continued to observe and profile TTPs, which were crucial for the success, profitability and growth of the cybercrime ecosystem internationally, such as, for instance, widespread proliferation of the campaigns, professionalism and the implementation of basic business/economic/marketing concepts, improved QA (Quality Assurance), vertical integration in an attempt to occupy […]

Continue Reading »