‘Intuit Payroll Confirmation inquiry’ themed emails lead to the Black Hole exploit kit
Over the past 24 hours, cybercriminals launched two consecutive massive email campaigns, impersonating Intui Payroll’s Direct Deposit Service system, in an attempt to trick end and corporate users into clicking on the malicious links found in the mails.
Upon clicking on any of links found in the emails, users are exposed to the client-side exploits served by the latest version of the Black Hole exploit kit.
More details:
Spamvertised ‘KLM E-ticket’ themed emails serve malware
KLM customers, beware!
Cybercriminals are currently spamvertising millions of legitimate-looking emails, in an attempt to trick current and prospective KLM customers into executing the malicious attachment found in the email.
More details:
Bogus Facebook notifications lead to malware
In an attempt to trick users into getting themselves infected with malware, cybercriminals are currently spamvertising millions of emails impersonating Facebook.
More details:
American Airlines themed emails lead to the Black Hole Exploit Kit
Over the past 24 hours, cybercriminals launched yet another massive spam campaign, this time impersonating American Airlines in an attempt to trick its customers into clicking on a malicious link found in the mail. Upon clicking on the link, users are exposed to the client-side exploits served by the Black Hole Exploit Kit v2.0
More details:
Cybercriminals spamvertise ‘Amazon Shipping Confirmation’ themed emails, serve client-side exploits and malware
Over the past week, cybercriminals have been spamvertising millions of emails impersonating Amazon.com in an attempt to trick customers into thinking that they’ve received a Shipping Confirmation for a Vizio XVT3D04, HD 40-Inch 720p 100 Hz Cinema 3D LED-LCD HDTV FullHD and Four Pairs of 3D Glasses.
Once users click on any of the links found in the malicious email, they’re automatically exposed to the client-side exploits served by the latest version of the Black Hole Exploit kit.
More details:
‘Your video may have illegal content’ themed emails serve malware
Cybercriminals are currently spamvertising millions of emails impersonating Google’s YouTube team, in an attempt to trick end and corporate users into executing the malicious attachment found in the email. Upon execution, the samples opens a backdoor on the affected host, allowing full access to the targeted host by the cybercriminals behind the campaign.
More details:
Cybercriminals impersonate UPS, serve client-side exploits and malware
Over the past 24 hours, cybercriminals spamvertised millions of email addresses, impersonating UPS, in an attempt to trick end users into viewing the malicious .html attachment. Upon viewing, the file loads a tiny iFrame attempting to serve client-side exploit served by the latest version of the Black Hole Exploit kit, which ultimately drops malware on the affected host.
More details:
‘Vodafone Europe: Your Account Balance’ themed emails serve malware
Cybercriminals are currently spamvertising millions of emails, impersonating Vodafone Europe, in an attempt to trick their customers into executing the malicious file attachment found in the email.
More details:
New Russian service sells access to compromised Steam accounts
For years, cybercriminals have been trying to capitalize on the multi-billion dollar PC gaming market. From active development of game cracks and patches aiming to bypass the distribution protection embedded within the games, to today’s active data mining of a botnet’s infected population looking for gaming credentials in an attempt to resell access to this asset, cybercriminals are poised to capitalize on this market.
What are some current trends within this market segment, and how are today’s modern cybercriminals monetizing the stolen accounting data belonging to gamers internationally? Pretty simple – by automating the data mining process and monetizing the results in the form of E-shops selling access to these stolen credentials.
In this post, I’ll profile a recently launched Russian service selling access to compromised Steam accounts.
More details:
Recently launched E-shop sells access to hundreds of hacked PayPal accounts
Largely relying on sophisticated and legitimate-looking phishing campaigns, next to active data mining of a botnet’s infected population, today’s cybercriminals are in a perfect position to monetize these fraudulently obtained assets in the form of compromised accounts.
From compromised social networking accounts, to direct access to compromised servers and desktop PCs, the market segment has been steadily growing over the past couple of months.
In this post I’ll profile a newly launched cybercrime-friendly E-shop selling access to compromised accounts belonging primarily to PayPal users, but also, compromised accounts belonging to Apple, Walmart, Ebay and Skype users.
More details:
Upcoming Webroot presentation on Cyber Jihad and Cyberterrorism at RSA Europe 2012
Are you in London next week?
If so, don’t forget to attend my presentation at this year’s RSA Europe conference, hosted in the magnificent Hilton Metropole Hotel.
More details:
Russian cybercriminals release new DIY SMS flooder
Just like in every market, in the underground ecosystem demand too, meets supply on a regular basis.
Thanks to the systematically released DIY SMS flooding applications, cybercriminals have successfully transformed this market segment into a growing and professionally oriented niche market. From the active abuse of the features offered by legitimate infrastructure providers such as ICQ and Skype, to the abuse of Web-based SMS sending gateways, cybercriminals continue developing and releasing point’n’click DIY SMS flooding tools.
In this post, I’ll profile one of the most recently released DIY SMS flooders, this time relying on 23 publicly available SMS-sending Web services, primarily located in Russia.
More details: