Fake ‘iPhone Picture Snapshot Message’ themed emails lead to malware
We’ve just intercepted a currently circulating malicious spam campaign that’s attempting to trick iPhone owners into thinking that they’ve received a ‘picture snapshot message’. Once users execute the malicious attachment, their PCs automatically join the botnet operated by the cybercriminal/gang of cybercriminals, whose activities we’ve been closely monitoring over the last couple of months.
More details:
New ‘Hacked shells as a service’ empowers cybercriminals with access to high page rank-ed Web sites
Whether it’s abusing the ‘Long Tail’ of the Web by systematically and efficiently exploiting tens of thousands of legitimate Web sites, or the quest to compromise few, but high-trafficked, high page rank empowered Web sites, compromised shell accounts are an inseparable part of the cybercrime ecosystem.
Aiming to fill in a niche in the market segment for compromised/hacked shells, a newly launched service is offering a self-service type of underground market proposition, whose inventory is currently listing over 6000 compromised/hacked shells internationally.
More details:
‘Malware-infected hosts as stepping stones’ service offers access to hundreds of compromised U.S based hosts
Malware-infected hosts with clean IP reputation have always been a desirable underground market item. On the majority of occasions, they will either be abused as distribution/infection vector, used as cash cows, or as ‘stepping stones’, risk-forwarding the responsibility, and distorting the attribution process, as well as adding an additional OPSEC (Operational Security) layer to the campaign of the malicious attacker.
A newly launched ‘malware-infected hosts as stepping stones’ service, is offering access to Socks5-enabled malware hosts, located primarily in the United States, allowing virtually anyone to route their fraudulent/malicious traffic through these hosts.
More details:
DIY commercially-available ‘automatic Web site hacking as a service’ spotted in the wild
A newly launched underground market service, aims to automate the unethical penetration testing process, by empowering virtually all of its (paying) customers with what they claim is ‘private exploitation techniques’ capable of compromising any Web site.
More details:
Custom USB sticks bypassing Windows 7/8’s AutoRun protection measure going mainstream
When Microsoft disabled AutoRun on XP and Vista back in February, 2011, everyone thought this was game over for the bad guys who were abusing the removable media distribution/infection vector in particular. However, pragmatic and market demand-driven opportunistic cybercrime-friendly vendors quickly realized that this has opened up a new business opportunity, that is, if they ever manage to find a way to bypass Microsoft’s AutoRun protection measures.
Apparently, they seem to have a found a way to bypass the protection measure by tricking Windows into thinking that the connected USB memory stick is actually a ‘Human Interface Device’ (keyboard for instance), allowing them to (physically) execute custom scripts within 30/40 seconds of connecting the custom USB memory stick to the targeted PC.
From theory into practice, let’s profile their international underground market propositions and discuss the impact these USB sticks could have in today’s bring your own device (BYOD) corporate environment.
More details:
How much does it cost to buy one thousand Russian/Eastern European based malware-infected hosts?
By Dancho Danchev
For years, many of the primary and market-share leading ‘malware-infected hosts as a service’ providers have become used to selling exclusive access to hosts from virtually the entire World, excluding the sale and actual infection of Russian and Eastern European based hosts. This sociocultural trend was then disrupted by the Carberp gang, which started targeting Russian and Eastern European users, demonstrating that greed knows no boundaries and which ultimately led Russian and Ukrainian law enforcement to the group.
What’s the probability that Russian/Eastern European cybercriminals will continue targeting their own fellow citizens in an attempt to monetize the access to their PCs in the most efficient and profitable way possible? Huge.
In this post, I’ll profile a recently launched ‘malware-infected hosts as a service’ type of underground market service proposition selling access to Eastern European based hosts, discuss the pricing scheme used, as well as emphasize on the long-term perspective of these services. All during a time where novice cybercriminals have access to sophisticated DIY (do it yourself) malware generating tools.
More details:
Rogue ads lead to the ‘Free Player’ Win32/Somoto Potentially Unwanted Application (PUA)
Remember the Win32/Somoto.BetterInstaller Potentially Unwanted Application (PUA)? We’ve just intercepted the latest rogue ad-campaign launched by a participant in their affiliate network, potentially exposing socially engineered users to privacy-invading risks without their knowledge.
More details:
Fake ‘Copy of Vodafone U.K Contract/Your Monthly Vodafone Bill is Ready/New MMS Received’ themed emails lead to malware
Cybercriminals continue targeting U.K based Internet users in an attempt to trick them into thinking that they’ve received a legitimate email from Vodafone U.K. We’ve intercepted two, currently circulating, malicious spam campaign that once again impersonate Vodafone U.K, this time relying on a bogus “Copy of Vodafone U.K” themed messages, the ubiquitous ‘MMS Message Received‘ campaign, as well as the most recent ‘Your Monthly Vondafone Bill is Ready‘ theme.
More details:
Newly launched ‘HTTP-based botnet setup as a service’ empowers novice cybercriminals with bulletproof hosting capabilities
A newly launched managed ‘HTTP-based botnet setup as a service’ aims to attract novice cybercriminals who’ve just purchased their first commercially available malware bot — or managed to obtain a cracked/leaked version of it — but still don’t have the necessary experience to operate, and most importantly, host the command and control server online.
More details:
Protected: Deceptive ‘Media Player Update’ ads expose users to the rogue ‘Video Downloader/Bundlore’ Potentially Unwanted Application (PUA)
Password Protected
To view this protected post, enter the password below:
Yet another commercially available stealth Bitcoin/Litecoin mining tool spotted in the wild
Cybercriminals continue releasing new, commercially available, stealth Bitcoin/Litecoin mining tools, empowering novice cybercriminals with the ability to start monetizing the malware-infected hosts part of their botnets, or the ones they have access to which they’ve purchased through a third-party malware-infected hosts selling service.
What’s so special about the latest mining tool that popped up on our radar? Let’s find out.
More details:
Rogue ads targeting German users lead to Win32/InstallBrain PUA (Potentially Unwanted Application)
German Web users, watch what you install on your PCs!
Our sensors just picked up yet another rogue/deceptive ad campaign enticing visitors to install the bogus PC performance enhancing software known as ‘PCPerformer’, which in reality is a Potentially Unwanted Application (PUA), that tricks users into installing (the Delta Toolbar in particular) on their PCs.
More details: