Posts Tagged: vulnerabilities


Fake ‘CNN Breaking News Alerts’ themed emails lead to Black Hole Exploit Kit

by

By Dancho Danchev Cybercriminals are currently mass mailing tens of thousands malicious ‘CNN Breaking News’ themed emails, in an attempt to trick users into clicking on the exploit-serving and malware-dropping links found within. Once users click on any of the links found in the bogus emails, they’re automatically exposed to the client-side exploits served by the Black Hole Exploit Kit. More details:

Continue Reading »

‘ADP Package Delivery Notification’ themed emails lead to Black Hole Exploit Kit

by

By Dancho Danchev A currently ongoing malicious email campaign is impersonating ADP in an attempt to trick its customers into thinking that they’ve received a ‘Package Delivery Notification.’ In reality though, once a user clicks on any of the links found in the malicious email, they’re automatically exposed to the client-side exploits served by the Black Hole Exploit Kit. More details:

Continue Reading »

Cybercriminals resume spamvertising ‘Re: Fwd: Wire Transfer’ themed emails, serve client-side exploits and malware

by

Over the last couple of days, a cybercricriminal/gang of cybercriminals that we’ve been extensively profiling, resumed spamvertising tens of thousands of emails, in an attempt to trick users that they have a pending wire transfer. Once users click on any of the links found in the malicious emails, they’re exposed to the client-side exploits served by the Black Hole Exploit Kit. More details:

Continue Reading »

Spamvertised BBB ‘Your Accreditation Terminated” themed emails lead to Black Hole Exploit Kit

by

Over the past week, a cybercriminal/gang of cybercriminals whose activities we’ve been actively profiling over a significant period of time, launched two separate massive spam campaigns, this time impersonating the Better Business Bureau (BBB), in an attempt to trick users into thinking that their BBB accreditation has been terminated. Once users click on any of the links found in the malicious emails, they’re automatically exposed to the client-side exploits served by the Black Hole Exploit Kit. More details:

Continue Reading »

Cybercriminals release new Java exploits centered exploit kit

by

Yesterday, a relatively unknown group of cybercriminals publicly announced the availability of a new Web malware exploitation kit. What’s so special about it is the fact that its current version is entirely based on Java exploits (CVE-2012-1723 and CVE-2013-0431), naturally, with “more exploits to be introduced any time soon”. Let’s take a peek at the statistics and infection rates produced by this kit, as well as discuss its potential, or lack thereof, to cause widespread damage to endpoints internationally. More details:

Continue Reading »

Malicious ‘Data Processing Service’ ACH File ID themed emails serve client-side exploits and malware

by

A cybercriminal/gang of cybercriminals that we’ve been closely monitoring for a while now has just launched yet another spam campaign, this time impersonating the “Data Processing Service” company, in an attempt to trick its customers into interacting with the malicious emails. Once they do so, they are automatically exposed to the client-side exploits served by the Black Hole Exploit Kit. In this post, I’ll profile their latest campaign and the dropped malware. I will also establish a direct connection between this and three other previously profiled malicious campaigns, as well as an ongoing money mule campaign, all of which appear […]

Continue Reading »

How do we use, secure, and share the information that surrounds us?

by

The mobile landscape has boomed in the last couple of years mostly in part because of Android devices and social networking. This has opened the door for everyone to have access to a smartphone and have the cyber world at their fingertips. Smartphones have become an extension of us, and we now have our email, banking, social networking, television and internet on the go. We live in a world of instant access. With this excitement and convenience, we may lose track something we take serious is our privacy and security. Looming in this mobile landscape are people who want benefit […]

Continue Reading »

Fake ‘Verizon Wireless Statement” themed emails lead to Black Hole Exploit Kit

by

On a periodic basis, cybercriminals are spamvertising malicious campaigns impersonating Verizon Wireless to tens of thousands of Verizon customers across the globe in an attempt to trick them into interacting with the fake emails. Throughout 2012, we intercepted two campaigns pretending to come from the company, followed by another campaign intercepted last month. This tactic largely relies on the life cycle of a particular campaign, intersecting with the publicly generated awareness of its maliciousness. In this post, I’ll profile one of the most recently spamvertised campaigns impersonating Verizon Wireless. Not surprisingly, once users click on any of the links found in the malicious emails, they’re […]

Continue Reading »

Malicious ‘RE: Your Wire Transfer’ themed emails serve client-side exploits and malware

by

Over the last couple of days, we’ve been monitoring a persistent attempt to infect tens of thousands of users with malware through a systematic rotation of multiple social engineering themes. What all of these campaigns have in common is the fact that they all share the same malicious infrastructure. Let’s profile one of the most recently spamvertised campaigns, and expose the cybercriminals’ complete portfolio of malicious domains, their related name servers, dropped MD5 and its associated run time behavior. More details:

Continue Reading »

Spamvertised IRS ‘Income Tax Refund Turned Down’ themed emails lead to Black Hole Exploit Kit

by

Its tax season and cybercriminals are mass mailing tens of thousands of IRS (Internal Revenue Service) themed emails in an attempt  to trick users into thinking that their income tax refund has been “turned down”. Once users click on any of the links found in the malicious emails, they’re automatically exposed to the client-side exploits served by the Black Hole Exploit Kit. More details:

Continue Reading »