Cybercriminals impersonate T-Mobile U.K, serve malware
Cybercriminals are currently impersonating T-Mobile U.K, in an attempt to trick its customers into downloading a bogus billing information report. Upon execution, the malware opens a backdoor on the affected host, allowing the cybercriminals behind the campaign complete access to the infected PC.
More details:
Cybercriminals impersonate Vodafone U.K, spread malicious MMS notifications
Over the past couple of days, cybercriminals have launched yet another massive spam campaign, once again targeting U.K users. This time, they are impersonating Vodafone U.K, in an attempt to trick its customers into executing a bogus MMS attachment found in the malicious emails. Upon execution, the sample opens a backdoor on the affected hosts, allowing the cybercriminals behind the campaign complete access to the affected PC.
More details:
Bogus DHL ‘Express Delivery Notifications’ serve malware
From UPS, USPS to DHL, bogus and malicious parcel tracking confirmations are a common social engineering technique often used by cybercriminals to trick users into clicking on malicious links or executing malicious attachments found in the spamvertised emails.
Continuing what appears to be a working social engineering tactic, cybercriminals are currently mass mailing bogus DHL ‘Express Delivery Notifications’ in an attempt to trick users into executing the malicious attachment. Once executed, it opens a backdoor on the affected host allowing the cybercriminals behind the campaign complete access to the infected PC.
More details:
Cybercriminals target U.K users with bogus ‘Pay by Phone Parking Receipts’ serve malware
U.K users, beware!
Cybercriminals are currently mass mailing yet another malicious spam campaign, enticing users into viewing a bogus list of parking transactions. Upon executing the malicious attachment, the malware opens a backdoor on the affected host, allowing the cybercriminals behind the campaign complete access to the host.
More details:
Bogus Facebook ‘pending notifications’ themed emails serve client-side exploits and malware
Facebook users, watch out!
A recently launched malicious spam campaign is impersonating Facebook, Inc. in an attempt to trick its one billion users into thinking that they’ve received a notification alerting them on activities they may have missed on Facebook. Upon clicking on any of the links found in the email, users are exposed to the client-side exploits served by the Black Hole Exploit Kit.
More details:
Multiple ‘Inter-company’ invoice themed campaigns serve malware and client-side exploits
Over the past few weeks, cybercriminals have been persistently spamvertising ‘Inter-company invoice’ themed emails, in an attempt to trick users into viewing the malicious .html attachment, or unpack and execute the malicious binary found in the attached archives. Upon clicking on the link, users are exposed to the client-side exploits served by the latest version of the Black Hole Exploit Kit.
More details: read more…
Cybercriminals release stealthy DIY mass iFrame injecting Apache 2 modules
What would an attacker do if they were attempting to inject malicious iFrames on as many Web sites as possible? Would they rely on search engines’ reconnaissance as a foundation fo their efficient exploitation process, data mine a botnet’s infected population for accounting data related to CPanel, FTP and SSH accounts, purchase access to botnet logs, unethically pen-test a Web property’s infrastructure, or hit the jackpot with an ingenious idea that’s been trending as of recently within the cybercrime ecosystem? No, they wouldn’t rely on any of these. They would just seek access to servers hosting as many domains as possible and efficiently embed malicious iFrames on each and every .php/.html/.js found within these domains. At least that’s what the cybercriminal operations that I’ll elaborate on in this post are all about. Let’s take a peek at a recently advertised DIY mass iFrame injecting Apache 2.x module that appears to have already been responsible for a variety of security incidents across the globe.
This module makes it virtually impossible for a webmaster to remove the infection from their Web site, affects millions of users in the process, and earns thousands of dollars for the cybercriminals operating it. More details: read more…
Cybercriminals spamvertise millions of FDIC ‘Your activity is discontinued’ themed emails, serve client-side exploits and malware
A currently ongoing spam campaign attempts to trick users into thinking that their ability to send Domestic Wire Transfers has been disabled. Impersonating the Federal Deposit Insurance Corporation (FDIC), the cybercriminals behind the campaign are potentially earning thousands of dollars in the process of monetizing the anticipated traffic.
Once users click on the bogus ‘secure download link’, they’re automatically exposed to the client-side exploits served by the Black Hole Exploit Kit.
More details:
Cybercriminals resume spamvertising ‘Payroll Account Cancelled by Intuit’ themed emails, serve client-side exploits and malware
Cybercriminals have resumed spamvertising the Intuit Direct Deposit Service Informer themed malicious emails, which we intercepted and profiled earlier this month. While using an identical email template, the cybercriminals behind the campaign have introduced new client-side exploits serving domains, which ultimately lead to the latest version of the Black Hole Exploit Kit.
More details:
Cybercriminals spamvertise bogus ‘Microsoft License Orders’ serve client-side exploits and malware
Cybercriminals are currently mass mailing millions of emails impersonating Microsoft Corporation in an attempt to trick users into clicking on a link in a bogus ‘License Order” confirmation email. Upon clicking on the link, users are exposed to the client-side exploits served by the latest version of the Black Hole Exploit Kit.
More details:
‘Copies of Missing EPLI Policies’ themed emails lead to Black Hole Exploit Kit
Attempting to achieve a higher click-through rate for their exploits and malware serving malicious campaign, cybercriminals are currently spamvertising millions of emails attempting to trick users into thinking they’ve become part of a private conversation about missing EPLI policies.
In reality, clicking on any of the links in the oddly formulated email will expose them to the client-side exploits served by the latest version of the Black Hole Exploit Kit.
More details:
Bogus IRS ‘Your tax return appeal is declined’ themed emails lead to malware
In March 2012, we intercepted an IRS themed malicious campaign that was serving client-side exploits to prospective victims in an attempt to drop malware on the affected hosts.
This week, we intercepted three consecutive campaigns using the exact same email template used in the March campaign. What has changed? Are the cybercriminals behind these campaigns relying on any new tactics, or are they basically sticking to well proven techniques to infect tens of thousands of socially engineered users?
Let’s find out.
More details: