Monthly Archives: January 2012

Cybercriminals generate malicious Java applets using DIY tools

January 30, 2012 – 3:22 pm

By Dancho Danchev Who said there’s such a thing as a trusted Java applet? In situations where malicious attackers cannot directly exploit client-side vulnerabilities on the targeted host, they will turn to social engineering tricks, like legitimate-looking Java Applets, which will on the other hand silently download the malicious payload of the attacker, once the [...]

By ddanchev | Posted in Backdoors, Downloaders, Firefox, Google Chrome, Internet Explorer, Keyloggers, malware, social engineering, Stupid malware tricks, Threat Research, Trojans | Tags: , , , , , | Comments (1)

Cisco releases ‘Cisco Global Threat Report’ for 4Q11

January 29, 2012 – 7:12 pm

By Dancho Danchev Cisco Systems, recently announced the release of ’Cisco Global Threat Report’ for 4Q11, containing threat intelligence based on Cisco’s observation of the malicious threat landscape. Key summary points:

By ddanchev | Posted in Botnet activity, Enterprises, Internet security industry, malware, phishing, spam, Targets | Tags: , , , , , , | Comments (2)

A peek inside the uBot malware bot

January 26, 2012 – 12:18 pm

By Dancho Danchev Participants in the dynamic cybercrime underground ecosystem are constantly working on new cybercrime-friendly releases in the form of malware bots, Remote Access Tools (RATs) and malware loaders. Continuing the “A peek inside…” series, in this post I will profile yet another DIY (do-it-yourself) malware bot, available at the disposal of cybercriminals at [...]

By ddanchev | Posted in Backdoors, Downloaders, Keyloggers, malware, Passwords, Threat Research, Trojans | Tags: , , , | Comments (3)

Researchers intercept a client-side exploits serving malware campaign

January 25, 2012 – 12:14 pm

By Dancho Danchev Security researchers from Webroot have intercepted a currently active, client-side exploits-serving malicious campaign that has already managed to infect 18,544 computers across the globe, through the BlackHole web malware exploitation kit. More details:

By ddanchev | Posted in Backdoors, Downloaders, Firefox, Google Chrome, Internet Explorer, Keyloggers, malware, Passwords, rootkit, Threat Research, Trojans | Tags: , , , , , , , | Comments (7)

How phishers launch phishing attacks

January 23, 2012 – 7:27 pm

By Dancho Danchev Just like in every other industry, participants in the cybercrime ecosystem are no strangers to the concept of standardization. Standardization results in efficiencies, which on the other hand results in economies of scale. In this case, malicious economies of scale. Just how easy is it to launch a phishing attack nowadays? What tools, [...]

By ddanchev | Posted in Online shopping threats, Passwords, phishing, social engineering, spam, Threat Research | Tags: , , , , , , | Leave a Comment

A peek inside the Umbra malware loader

January 20, 2012 – 11:46 am

By Dancho Danchev The thriving cybercrime underground marketplace has a lot to offer. From DIY botnet builders, DIY DDoS platforms, to platforms for executing clickjacking and likejacking campaigns, next to drive-by malware attacks, the ecosystem is always a step ahead of the industry established to fight back. Continuing the “A peek inside…” series, in this [...]

By ddanchev | Posted in Backdoors, Keyloggers, malware, Threat Research, Trojans | Tags: , , , , | Comments (3)

How malware authors evade antivirus detection

January 18, 2012 – 6:37 pm

By Dancho Danchev Aiming to ensure that their malware doesn’t end up in the hands of vendors and researchers, cybercriminals are actively experimenting with different quality assurance processes whose objective is to increase the probability of their campaigns successfully propagating in the wild without detection. Some of these techniques include multiple offline antivirus scanning interfaces [...]

By ddanchev | Posted in Backdoors, Dialers, Downloaders, Keyloggers, malware, Phishing Trojans, Ransomware, Rogue Security Products, rootkit, Trojans, Uncategorized | Tags: , , , | Comments (8)

Inside AnonJDB – a Java based malware distribution platforms for drive-by downloads

January 17, 2012 – 2:06 pm

by Dancho Danchev With the even decreasing prices of underground tools and services, thanks to the commoditization of these very same market items, the price for renting a botnet, or purchasing access to already infected hosts, is constantly decreasing. Although the majority of cybercriminals are actively exploiting end and corporate users while using client-side vulnerabilities [...]

By ddanchev | Posted in Uncategorized | Leave a Comment

Zappos.com hacked, 24 million users affected

January 16, 2012 – 3:47 pm

by Dancho Danchev According to an internal memo issued by Zappos, the shoe-and-apparel-selling division of Amazon has been breached by unknown cyber attackers, leading to the compromised accounts of over 24 million users. The company has indicated that names, email addresses, mailing addresses, and the last four digits of customer’s credit card numbers have been [...]

By ddanchev | Posted in Enterprises, Targets, Uncategorized | Tags: , , , , | Comments (5)

Inside a clickjacking/likejacking scam distribution platform for Facebook

January 13, 2012 – 9:10 am

by Dancho Danchev How would you convert Facebook users into slaves participating in clickjacking and likejackings scams, next to using them to spamvertise your latest event promotion message? Presumably by using one of the clickjacking/likejacking distribution platforms promising 100 slaves per day that I will profile in this post.

By ddanchev | Posted in malware, social engineering, social networks, Uncategorized | Tags: , , , , | Comments (5)
Follow

Get every new post delivered to your Inbox.

Join 609 other followers