‘Malware-infected hosts as stepping stones’ service offers access to hundreds of compromised U.S based hosts

‘Malware-infected hosts as stepping stones’ service offers access to hundreds of compromised U.S based hosts

Malware-infected hosts with clean IP reputation have always been a desirable underground market item. On the majority of occasions, they will either be abused as distribution/infection vector, used as cash cows, or as ‘stepping stones’, risk-forwarding the responsibility, and distorting the attribution process, as well as adding an additional OPSEC (Operational Security) layer to the campaign of the malicious attacker.

A newly launched ‘malware-infected hosts as stepping stones’ service, is offering access to Socks5-enabled malware hosts, located primarily in the United States, allowing virtually anyone to route their fraudulent/malicious traffic through these hosts.

More details:

(more…)

Custom USB sticks bypassing Windows 7/8’s AutoRun protection measure going mainstream

Custom USB sticks bypassing Windows 7/8’s AutoRun protection measure going mainstream

When Microsoft disabled AutoRun on XP and Vista back in February, 2011, everyone thought this was game over for the bad guys who were abusing the removable media distribution/infection vector in particular. However, pragmatic and market demand-driven opportunistic cybercrime-friendly vendors quickly realized that this has opened up a new business opportunity, that is, if they ever manage to find a way to bypass Microsoft’s AutoRun protection measures.

Apparently, they seem to have a found a way to bypass the protection measure by tricking Windows into thinking that the connected USB memory stick is actually a ‘Human Interface Device’ (keyboard for instance), allowing them to (physically) execute custom scripts within 30/40 seconds of connecting the custom USB memory stick to the targeted PC.

From theory into practice, let’s profile their international underground market propositions and discuss the impact these USB sticks could have in today’s bring your own device (BYOD) corporate environment.

More details:

(more…)

How much does it cost to buy one thousand Russian/Eastern European based malware-infected hosts?

How much does it cost to buy one thousand Russian/Eastern European based malware-infected hosts?

By Dancho Danchev

For years, many of the primary and market-share leading ‘malware-infected hosts as a service’ providers have become used to selling exclusive access to hosts from virtually the entire World, excluding the sale and actual infection of Russian and Eastern European based hosts. This sociocultural trend was then disrupted by the Carberp gang, which started targeting Russian and Eastern European users, demonstrating that greed knows no boundaries and which ultimately led Russian and Ukrainian law enforcement to the group.

What’s the probability that Russian/Eastern European cybercriminals will continue targeting their own fellow citizens in an attempt to monetize the access to their PCs in the most efficient and profitable way possible? Huge.

In this post, I’ll profile a recently launched ‘malware-infected hosts as a service’ type of underground market service proposition selling access to Eastern European based hosts, discuss the pricing scheme used, as well as emphasize on the long-term perspective of these services. All during a time where novice cybercriminals have access to sophisticated DIY (do it yourself) malware generating tools.

More details:

(more…)

Fake ‘Copy of Vodafone U.K Contract/Your Monthly Vodafone Bill is Ready/New MMS Received’ themed emails lead to malware

Fake ‘Copy of Vodafone U.K Contract/Your Monthly Vodafone Bill is Ready/New MMS Received’ themed emails lead to malware

Cybercriminals continue targeting U.K based Internet users in an attempt to trick them into thinking that they’ve received a legitimate email from Vodafone U.K. We’ve intercepted two, currently circulating, malicious spam campaign that once again impersonate Vodafone U.K, this time relying on a bogus “Copy of Vodafone U.K” themed messages, the ubiquitous ‘MMS Message Received‘ campaign, as well as the most recent ‘Your Monthly Vondafone Bill is Ready‘ theme.

More details:

(more…)

Newly launched ‘HTTP-based botnet setup as a service’ empowers novice cybercriminals with bulletproof hosting capabilities

Newly launched ‘HTTP-based botnet setup as a service’ empowers novice cybercriminals with bulletproof hosting capabilities

A newly launched managed ‘HTTP-based botnet setup as a service’ aims to attract novice cybercriminals who’ve just purchased their first commercially available malware bot — or managed to obtain a cracked/leaked version of it — but still don’t have the necessary experience to operate, and most importantly, host the command and control server online.

More details:

(more…)

Yet another commercially available stealth Bitcoin/Litecoin mining tool spotted in the wild

Yet another commercially available stealth Bitcoin/Litecoin mining tool spotted in the wild

Cybercriminals continue releasing new, commercially available, stealth Bitcoin/Litecoin mining tools, empowering novice cybercriminals with the ability to start monetizing the malware-infected hosts part of their botnets, or the ones they have access to which they’ve purchased through a third-party malware-infected hosts selling service.

What’s so special about the latest mining tool that popped up on our radar? Let’s find out.

More details:

(more…)

Rogue ads targeting German users lead to Win32/InstallBrain PUA (Potentially Unwanted Application)

Rogue ads targeting German users lead to Win32/InstallBrain PUA (Potentially Unwanted Application)

German Web users, watch what you install on your PCs!

Our sensors just picked up yet another rogue/deceptive ad campaign enticing visitors to install the bogus PC performance enhancing software known as ‘PCPerformer’, which in reality is a Potentially Unwanted Application (PUA), that tricks users into installing (the Delta Toolbar in particular) on their PCs.

More details:

(more…)