New underground service offers access to hundreds of hacked PCs
Want to buy anonymous access to hacked PCs, spam-free SMTP servers (Simple Mail Transfer Protocol), or compromised bank accounts?
A newly launched underground Web service, is currently offering access to hundreds of hacked PCs, SMTP servers, and hacked bank accounts.
Let’s take a deeper look:
Spamvertised ‘US Airways’ themed emails serving client-side exploits and malware
Cybercriminals are currently spamvertising yet another social-engineering driven malicious email campaign, this time impersonating U.S Airways.
Upon clicking on the malicious links found in the emails, end and corporate users are exposed to client-side exploits courtesy of the BlackHole web malware exploitation kit.
More details:
Email hacking for hire going mainstream – part two
Remember the email hacking for hire service which Webroot extensively profiled in this post “Email hacking for hire going mainstream“?
Recently, I stumbled upon another such service, advertised at cybercrime-friendly web forums, offering potential customers the opportunity to hack a particular Mail.ru and Gmail.com email address, using a variety of techniques, such as brute-forcing, phishing, XSS vulnerabilities and social engineering.
More details:
Adobe patches critical security flaws, introduces auto-updating mechanism
Last week Adobe released the APSB12-17 Flash Player update. The update patches two critical security flaws — CVE-2012-0772 and CVE-2012-0773 — in the Adobe Flash player, and also, for the first time ever, introduces auto-patching mechanism. The update affects the following operating systems – Windows, Mac OS X, Linux and Solaris.
More details:
Spamvertised ‘Scan from a Hewlett-Packard ScanJet’ emails lead to client-side exploits and malware
Security researchers from Webroot have intercepted a currently spamvertised malicious campaign, impersonating Hewlett Packard, and enticing end and corporate users into downloading and viewing a malicious .htm attachment.
More details:
Spamvertised Verizon-themed ‘Your Bill Is Now Available’ emails lead to ZeuS crimeware
Cybercriminals newest spamvertised malware campaign is brand-jacking Verizon Wireless in an attempt to trick end users into clicking on the malicious links embedded in the email.
More details:
read more…Tens of thousands of web sites affected in ongoing mass SQL injection attack
Hundreds of thousands of legitimate web sites are currently affected in a a mass SQL injection attack that has been ongoing for the past several months. The ongoing mass SQL injection attacks, are directly related to last year’s scareware-serving Lizamoon mass SQL injection attacks.
The cybercriminals behind it, are automatically exploiting the legitimate web sites, and embedding a tiny script on the affected pages, abusing an input validation flaw, or exploiting vulnerable and outdated versions of the web application software running on them.
More details:
Spamvertised LinkedIn notifications serving client-side exploits and malware
Cybercriminals are currently spamvertising LinkedIn themed messages, in an attempt to trick end and corporate users into clicking on the malicious links embedded in the emails.
The campaign is using real names of LinkedIn users in an attempt to increase the authenticity of the spamvertised campaign.
More details:
read more…Malicious USPS-themed emails circulating in the wild
Cybercriminals are currently spamvertising malicious USPS-themed emails, that entice end and corporate users into clicking on malicious links found in the emails.
More details:
Rogue APKs continue to find new homes
by Armando Orozco
We’ve been tracking rogue premium-sms Android apps for sometime now. Here’s an interesting site we came across offering a download of the Google Music application, but this one comes with a cost. This site serves up a premium-sms Trojan of the ransom variety. Targeting Russian speakers these Rogue’s, we call Android.FakeInst, offer to give access to the app but for a fee.
Spamvertised ‘Your tax return appeal is declined’ emails serving client-side exploits and malware
Cybercriminals are currently spamvertising with IRS (Internal Revenue Service) themed emails, enticing end and corporate users into downloading and viewing a malicious .htm attachment.
More details:
Trojan Downloaders actively utilizing Dropbox for malware distribution
By Curtis Fechner
It’s never surprising to see the multitude of tactics a cybercriminal will use to deliver malware. In this case, I came across a collection of files masquerading as RealNetworks updater executables. These files were all located in a user’s %AppData%realupdate_ob directory, and the sizes were all quite consistent.
At first glance there was nothing too special about this finding – malware appearing to be legitimate software is nothing new.
When I looked into the specific behaviors of the file, it became clearer that the software is in fact malicious, and that it is actually downloading malicious files from the popular web-based file hosting service Dropbox. These files came in two varieties: some files were randomly-named; other files were named for legitimate software. For example: utorrent.exe, Picasa3.exe, Skype.exe, and Qttask.exe.