by Blog Staff | Mar 19, 2013 | Industry Intel, Threat Lab
By Dancho Danchev
Utilizing basic site ‘stickiness’ and visitor retention practices, over the years, cybercrime-friendly communities have been vigorously competing to attract, satisfy, and retain their visitors. From exclusive services available only to community members, to DIY cybercrime-friendly tools, the practice is still a common way for the community administrators to boost the underground reputation of their forum.
However, there are certain communities that will use the underground reputation of their forum to boost their sales, by releasing private DIY cybercrime-friendly tools, and promoting them under the umbrella of the community brand.
In this post, I’ll profile a HTTP/SMTP-based keylogger that’s been commercially available to members of a cybercrime-friendly community since 2011.
More details:
(more…)
by Blog Staff | Mar 18, 2013 | Industry Intel, Threat Lab
By Dancho Danchev
A currently ongoing malicious email campaign is impersonating ADP in an attempt to trick its customers into thinking that they’ve received a ‘Package Delivery Notification.’ In reality though, once a user clicks on any of the links found in the malicious email, they’re automatically exposed to the client-side exploits served by the Black Hole Exploit Kit.
More details:
(more…)
by Blog Staff | Mar 15, 2013 | Industry Intel, Threat Lab
Over the last couple of days, a cybercricriminal/gang of cybercriminals that we’ve been extensively profiling, resumed spamvertising tens of thousands of emails, in an attempt to trick users that they have a pending wire transfer. Once users click on any of the links found in the malicious emails, they’re exposed to the client-side exploits served by the Black Hole Exploit Kit.
More details:
(more…)
by Blog Staff | Mar 14, 2013 | Industry Intel, Threat Lab
By Dancho Danchev
We have recently spotted a new underground market ad, featuring a new commercially available malware bot+rootkit based on the ZeuS crimeware’s leaked source code. According to its author, the modular nature of the bot, allows him to keep coming up with new plugins, resulting in systematic “innovation” and the introduction of new features.
What’s the long-term potential of this malware bot with rootkit functionality? Does it have the capacity to challenge the market leading malware bot families? What are some of the features that differentiate it from the rest of competing bots currently in the wild? What’s the price of the bot, and what are the prices for the separate plugins available for purchase? Let’s find out.
More details:
(more…)
by Blog Staff | Mar 13, 2013 | Industry Intel, Threat Lab
Over the past week, a cybercriminal/gang of cybercriminals whose activities we’ve been actively profiling over a significant period of time, launched two separate massive spam campaigns, this time impersonating the Better Business Bureau (BBB), in an attempt to trick users into thinking that their BBB accreditation has been terminated.
Once users click on any of the links found in the malicious emails, they’re automatically exposed to the client-side exploits served by the Black Hole Exploit Kit.
More details:
(more…)
by Blog Staff | Mar 12, 2013 | Industry Intel, Threat Lab
By Dancho Danchev
Over the past 24 hours, we intercepted tens of thousands of malicious emails attempting to socially engineer BofA’s CashPro users into downloading and executing a bogus online digital certificate attached to the fake emails.
More details:
(more…)
by Blog Staff | Mar 11, 2013 | Industry Intel, Threat Lab
By Dancho Danchev
Despite the fact that the one-to-many type of malicious campaign continues dominating the threat landscape, cybercriminals are constantly looking for new ways to better tailor their campaigns to the needs, wants, and demands of potential customers. Utilizing basic marketing concepts such as localization, market segmentation, as well as personalization, today’s sophisticated cybercriminals would never choose to exclusively specialize in one-to-many or one-to-one marketing communication strategies. Instead, they will multitask in an attempt to cover as many market segments as possible.
In this post, I’ll emphasize on a targeted attacks potentially affecting Steams’ users, thanks to the commercial availability of a DIY (do it yourself) Steam ‘information harvester/mass group inviter’ tool, currently available at multiple cybercrime-friendly online communities. What’s so special about the application? How would cybercriminals potentially use it to achieve their fraudulent objectives? How much does it cost? Is the author/vendor of the application offering access to its features as a managed service?
Let’s find out.
(more…)
by Blog Staff | Mar 8, 2013 | Industry Intel, Threat Lab
By Dancho Danchev
Just as we anticipated on numerous occassions in our series of blog posts exploring the emerging DIY (do it yourself) trend within the cybercrime ecosystem, novice cybercriminals continue attempting to steal market share from market leaders, in order for them to either gain credibility within a particular cybercrime-friendly community, or secure a revenue stream.
Throughout 2012, we’ve witnessed the emergence of both, publicly obtainable, and commercially available, DIY unsigned Java applet generators. Largely relying on social engineering thanks to their built-in feature allowing them to “clone” any given Web site, these tools remain a popular attack vector in the arsenal of the less sophisticated cybercriminal, looking for ways to build his very own botnet.
In this post, I’ll profile one of the most recently released DIY tools.
More details:
(more…)
by Blog Staff | Mar 7, 2013 | Industry Intel, Threat Lab
What would an average cybercriminal do if he had access to tens of thousands of compromised email accounts? He’d probably start outsourcing the CAPTCHA solving process, in an attempt to hijack the IP reputation of both Domain Keys verified and trusted domains of all major free Web based email service providers.
What about sophisticated attackers wanting to conduct cyber espionage on a mass scale, in an efficient and anonymous — think malware-infected hosts as stepping stones — way? As of early 2013, those willing to pay the modest price of 3000 rubles ($97.47), can get access to a command line DIY tool that’s specifically designed for this purpose – automatic, anonymous and efficient data mining combined with compromised email account content grabbing.
Let’s profile the DIY tool, feature screenshots of the tool in action, and discuss its potential in the context of utilizing OSINT through botnets.
More details:
(more…)
by Blog Staff | Mar 6, 2013 | Industry Intel, Threat Lab
What is the Russian underground up to when it comes to ‘spear phishing’ attacks? How prevalent is the tactic among Russian cybercriminals? What “data acquisition tactics” do they rely on, and just how sophisticated are their “data mining” capabilities?
Let’s find out by emphasizing on a recent underground market advertisement offering access to data which can greatly improve the click-through rate for a spear phishing campaign. The irony? It’s being pitched as “spam leads”.
More details:
(more…)
