We’ve just intercepted a currently circulating malicious spam campaign that’s attempting to trick iPhone owners into thinking that they’ve received a ‘picture snapshot message’. Once users execute the malicious attachment, their PCs automatically join the botnet operated by the cybercriminal/gang of cybercriminals, whose activities we’ve been closely monitoring over the last couple of months.
More details:
Whether it’s abusing the ‘Long Tail’ of the Web by systematically and efficiently exploiting tens of thousands of legitimate Web sites, or the quest to compromise few, but high-trafficked, high page rank empowered Web sites, compromised shell accounts are an inseparable part of the cybercrime ecosystem.
Aiming to fill in a niche in the market segment for compromised/hacked shells, a newly launched service is offering a self-service type of underground market proposition, whose inventory is currently listing over 6000 compromised/hacked shells internationally.
More details:
Malware-infected hosts with clean IP reputation have always been a desirable underground market item. On the majority of occasions, they will either be abused as distribution/infection vector, used as cash cows, or as ‘stepping stones’, risk-forwarding the responsibility, and distorting the attribution process, as well as adding an additional OPSEC (Operational Security) layer to the campaign of the malicious attacker.
A newly launched ‘malware-infected hosts as stepping stones’ service, is offering access to Socks5-enabled malware hosts, located primarily in the United States, allowing virtually anyone to route their fraudulent/malicious traffic through these hosts.
More details:
A newly launched underground market service, aims to automate the unethical penetration testing process, by empowering virtually all of its (paying) customers with what they claim is ‘private exploitation techniques’ capable of compromising any Web site.
More details:
When Microsoft disabled AutoRun on XP and Vista back in February, 2011, everyone thought this was game over for the bad guys who were abusing the removable media distribution/infection vector in particular. However, pragmatic and market demand-driven opportunistic cybercrime-friendly vendors quickly realized that this has opened up a new business opportunity, that is, if they ever manage to find a way to bypass Microsoft’s AutoRun protection measures.
Apparently, they seem to have a found a way to bypass the protection measure by tricking Windows into thinking that the connected USB memory stick is actually a ‘Human Interface Device’ (keyboard for instance), allowing them to (physically) execute custom scripts within 30/40 seconds of connecting the custom USB memory stick to the targeted PC.
From theory into practice, let’s profile their international underground market propositions and discuss the impact these USB sticks could have in today’s bring your own device (BYOD) corporate environment.
More details:
By Dancho Danchev
For years, many of the primary and market-share leading ‘malware-infected hosts as a service’ providers have become used to selling exclusive access to hosts from virtually the entire World, excluding the sale and actual infection of Russian and Eastern European based hosts. This sociocultural trend was then disrupted by the Carberp gang, which started targeting Russian and Eastern European users, demonstrating that greed knows no boundaries and which ultimately led Russian and Ukrainian law enforcement to the group.
What’s the probability that Russian/Eastern European cybercriminals will continue targeting their own fellow citizens in an attempt to monetize the access to their PCs in the most efficient and profitable way possible? Huge.
In this post, I’ll profile a recently launched ‘malware-infected hosts as a service’ type of underground market service proposition selling access to Eastern European based hosts, discuss the pricing scheme used, as well as emphasize on the long-term perspective of these services. All during a time where novice cybercriminals have access to sophisticated DIY (do it yourself) malware generating tools.
More details:
Remember the Win32/Somoto.BetterInstaller Potentially Unwanted Application (PUA)? We’ve just intercepted the latest rogue ad-campaign launched by a participant in their affiliate network, potentially exposing socially engineered users to privacy-invading risks without their knowledge.
More details:
Cybercriminals continue targeting U.K based Internet users in an attempt to trick them into thinking that they’ve received a legitimate email from Vodafone U.K. We’ve intercepted two, currently circulating, malicious spam campaign that once again impersonate Vodafone U.K, this time relying on a bogus “Copy of Vodafone U.K” themed messages, the ubiquitous ‘MMS Message Received‘ campaign, as well as the most recent ‘Your Monthly Vondafone Bill is Ready‘ theme.
More details:
A newly launched managed ‘HTTP-based botnet setup as a service’ aims to attract novice cybercriminals who’ve just purchased their first commercially available malware bot — or managed to obtain a cracked/leaked version of it — but still don’t have the necessary experience to operate, and most importantly, host the command and control server online.
More details:
To view this protected post, enter the password below: