Remember the LinkedIn exploits and malware serving campaigns which I profiled in March, and May?
Over the past 24 hours, cybercriminals launched the most recent spam campaign impersonating LinkedIn, in an attempt to trick LinkedIn’s users into clicking on the client-side exploits and malware serving links found in the emails.
More details:
Sticking to their well proven social engineering tactics consisting of systematic rotation of the abused brands, cybercriminals are currently spamvertising millions of emails impersonating PayPal, in an attempt to trick end and corporate users into interacting with the malicious campaign.
Once the interaction takes place, users are exposed to the client-side exploits served by the Black Hole exploit kit, currently the market share leader within the cybercrime ecosystem.
More details:
Certified public accountants, beware what you click on!
Cybercriminals are currently spamvertising millions of emails impersonating AICPA (American Institute of Certified Public Accountants) in an attempt to trick users into clicking on the client-side exploits and malware serving links found in the emails.
More details:
Cybercriminals are currently mass mailing millions of emails impersonating eBay and PayPal in an attempt to trick end and corporate users into clicking on the malicious links found in the emails. Upon clicking on any of them, user are exposed to the client-side exploits served by the Black Hole exploit kit.
More details:
read more…
Taking advantage of DIY spamming tools and harvested databases of user names, cybercriminals have been systematically abusing multiple instant messaging services in an attempt to trick as many users as possible into interacting with their malicious campaign.
In this post, I’ll profile a newly released DIY Skype spamming tool, discuss its main features, and whether or not it can lead to an increase in the overall spam levels affecting Microsoft’s Skype.
More details:
Twitter users, beware!
Over the past several days, cybercriminals have been persistently spamvertising thousands of exploits and malware serving links across the most popular micro blogging service. Upon clicking on the clicks, users are exposed to the exploits served by the Black Hole web malware exploitation kit.
What’s so special about this campaign? What’s the detection rate of the malware it drops? Where does it phone back once it’s executed? Have we seen additional malware phone back to the same command and control servers, indication a connection between these campaigns? Let’s find out.
More details:
Cybercriminals are currently spamvertising millions of emails impersonating the United States Postal Service (USPS), in an attempt to trick end and corporate users into downloading and unpacking the malicious .zip attachment distributed by them.
What’s so special about this campaign? Where is the malicious sample phoning back to? Are there more malware samples that also phoned back to the same command control servers in the past? Let’s find out.
More details:
Not fearing prosecution, cybercriminals regularly impersonate law enforcement online in an attempt to socially engineer end users and corporate users into interacting with their malicious campaigns. From 419 scams, police ransomware, to law enforcement themed malware-serving email campaigns, cybercriminals continue abusing the international branches of various law enforcement agencies.
In this post, I’ll profile a currently spamvertised malware-serving campaign, indicating that the user has “violated red light traffic signal” and that he should download the fake camera recording of his vehicle attached to the email.
More details:
Cybercriminals are currently spamvertising millions of emails impersonating the popular Craigslist site, in an attempt to trick users into clicking on client-side exploits and malware serving URLs courtesy of the Black Hole exploit kit.
More details:
Globetrotters, beware of these malicious emails!
Cybercriminals are currently spamvertising millions of emails impersonating Booking.com, in an attempt to trick end and corporate users into downloading and executing the malicious archive attached to the emails.
More details:
Cybercriminals are currently spamvertising millions of emails impersonating Intuit, in an attempt to trick end and corporate users into clicking on the malicious links found in the emails.
The emails pretend to be coming from Intuit’s PaymentNetwork and acknowledge the arrival of an incoming payment. In reality though, they redirect users to a Black Hole exploit kit landing URLs where client-side exploits are served, and ultimately malware is dropped on the infected hosts.
More details:
On their way to occupy an even bigger market share, spammers constantly look for new ways to increase visitor conversion, and target as many users as possible with the least amount of time and money invested.
For years, their tactics included the development of cybercrime friendly online communities, sophisticated harvesting and validation of emails and user names across popular Web services, abusing the Domain Keys Identified Mail (DKIM) trust established between the most popular providers of free Web based email, development of DIY image spam generating platforms, conversion of malware-infected hosts into spam spewing zombies, and most importantly, efficient ways to bypass anti-spam filters put in place by the security industry.
In this post, I’ll profile a recently advertised Ask.fm spamming tool, capable of spamming thousands of users through the use of proxies, which are in fact malware-infected hosts converted to anonymization proxies.
More details: