Posts Tagged: vulnerabilities


Evolution of Encrypting Ransomware

by

Recently we’ve seen a big change in the encrypting ransomware family and we’re going to shed light on some of the newest variants and the stages of evolution that have led the high profile malware to where it is today. For those that aren’t aware of what encrypting ransomware is, its a cryptovirus that encrypts all your data from local hard drives, network shared drives, removable hard drives and USB. The encryption is done using an RSA -2048 asymmetric public key which makes decryption without the key impossible. Paying the ransom will net you the key which in turn leads to getting […]

Continue Reading »

Managed DDoS WordPress-targeting, XML-RPC API abusing service, spotted in the wild

by

With WordPress continuing to lead the CMS market segment, with the biggest proportion of market share, cybercriminals are actively capitalizing on the monocultural insecurities posed by this trend, in an attempt to monetize the ubiquitous (for the cybercrime ecosystem) TTPs (tactics, techniques and procedures). Despite actively seeking new and ‘innovative’ ways to abuse this trend, cybercriminals are also relying on good old fashioned reconnaissance and ‘hitlist’ building tactics, in an attempt to achieve an efficiency-oriented ‘malicious economies of scale’ type of fraudulent/malicious process. We’ve recently spotted a managed WordPress installations-targeting, XML-RPC API abusing type of DDos (Denial of Service) attack service, […]

Continue Reading »

Spamvertised ‘You received a new message from Skype voicemail service’ themed emails lead to Angler exploit kit

by

We’ve just intercepted a currently circulating malicious spam campaign that’s attempting to trick potential botnet victims into thinking that they’ve received a legitimate Voice Message Notification from Skype. In reality though, once socially engineered users click on the malicious link found in the bogus emails, they’re automatically exposed to the client-side exploits served by the Angler exploit kit. More details:

Continue Reading »

Spamvertised ‘Image has been sent’ Evernote themed campaign serves client-side exploits

by

Cybercriminals continue to populate their botnets, with new infected hosts, through the persistent and systematic spamvertising of tens of thousands of fake emails which impersonate popular and well known brands – all in an attempt to socially engineer prospective victims into interacting with the scam. We’ve recently intercepted a currently circulating malicious spam campaign, impersonating Evernote, serving client-side exploits to prospective victims who click on the links found in the fake emails. More details:

Continue Reading »

DoubleClick malvertising campaign exposes long-run beneath the radar malvertising infrastructure

by

Today, at 2014-02-12 12:16:20 (CET), we became aware of a possible evasive/beneath the radar malvertising based g01pack exploit kit attack, taking place through the DoubleClick ad network using an advertisement featured at About.com.  Investigating further, we were able to identify the actual domains/IPs involved in the campaign, and perhaps most interestingly, managed to establish a rather interesting connection between the name servers of one of the domains involved in the attacks, and what appears to be a fully operational and running Ukrainian-based ad platform, Epom in this particular case.

Continue Reading »

Malicious campaign relies on rogue WordPress sites, leads to client-side exploits through the Magnitude exploit kit

by

In a cybercrime ecosystem populated by commercially available WordPress brute-forcing and mass vulnerable WordPress installation scanning tools, cybercriminals continue actively capitalizing on the platform’s leading market share within the Content Management System’s market segment. Successfully exploiting tens of thousands of installations on a daily basis, for the purpose of utilizing the legitimate infrastructure to achieve their fraudulent/malicious campaign objectives, the tactic is also largely driven by the over-supply of compromised/accounting data, usually embedded within sophisticated Web-based attack platforms like the ones we’ve profiled in the past. We’ve recently intercepted a malicious campaign exclusively relying on rogue WordPress sites, ultimately serving client-side exploits to users […]

Continue Reading »

DIY Python-based mass insecure WordPress scanning/exploting tool with hundreds of pre-defined exploits spotted in the wild

by

Throughout 2013, we not only witnessed the re-emergence of proven mass, efficiency-oriented Web site hacking/exploitation tactics, such as, the reliance on Google Dorks scanning, good old fashioned brute-forcing, but also, the introduction of new concepts, successfully utilizing/standardizing, both, compromised accounting data, and server-farm level access, in an attempt to fraudulently monetize the hijacked traffic from legitimate Web sites. As we’ve seen on numerous occasions throughout the years, despite sophisticated ‘innovations’, cybercriminals are no strangers to the KISS (Keep It Simple Stupid) principle. Case in point in terms of Content Management Systems (CMSs) is WordPress, whose market share is naturally proportional with […]

Continue Reading »

Zeus Infection Spoofing Bitdefender AV

by

Over the Christmas period, we here at Webroot  have noticed a large amount of Zeus infections that are spoofing the Bitdefender name. While infections spoofing AV companies aren’t unusual, it’s been a while since we have seen such a spike on one particular vendor in such a short time period. Most of the names are slight variations, but the numbers are impressive – Overall, we have seen 40,000 unique MD5`s in the last week alone! The infection being dropped is from the Zeus family of infections, which are banking Trojans designed to steal login information when the user logs into […]

Continue Reading »

Top consumer security predictions for 2014

by

Top Predictions for 2014 FBI/ICE MoneyPak Cryptolocker Rogues As this year comes to a close we’ve seen some measurable progress on the infiltration techniques for malware. We’re going to give you some insight into some of the top threats of 2013 and what it could mean for 2014. FBI/ICE MoneyPak   We saw some frightening improvements with Ransomware this year. FBI/ICE MoneyPak or Win32.Reveton was a huge hit to the PC community. Although first seen in 2012 it wasn’t until 2013 that it was tweaked to be one of the most annoying and difficult Ransomware to remove. Once dropped on your […]

Continue Reading »

Cybercrime Trends 2013 – Year in Review

by

It’s that time of the year! The moment when we reflect back on the cybercrime tactics, techniques and procedures (TTPs) that shaped 2013, in order to constructively speculate on what’s to come for 2014 in terms of fraudulent and malicious campaigns, orchestrated by opportunistic cybercriminal adversaries across the globe. Throughout 2013, we continued to observe and profile TTPs, which were crucial for the success, profitability and growth of the cybercrime ecosystem internationally, such as, for instance, widespread proliferation of the campaigns, professionalism and the implementation of basic business/economic/marketing concepts, improved QA (Quality Assurance), vertical integration in an attempt to occupy […]

Continue Reading »