Security researchers from Webroot have intercepted a currently spamvertised malicious campaign, impersonating Hewlett Packard, and enticing end and corporate users into downloading and viewing a malicious .htm attachment.
Hundreds of thousands of legitimate web sites are currently affected in a a mass SQL injection attack that has been ongoing for the past several months. The ongoing mass SQL injection attacks, are directly related to last year’s scareware-serving Lizamoon mass SQL injection attacks.
The cybercriminals behind it, are automatically exploiting the legitimate web sites, and embedding a tiny script on the affected pages, abusing an input validation flaw, or exploiting vulnerable and outdated versions of the web application software running on them.
We’ve been tracking rogue premium-sms Android apps for sometime now. Here’s an interesting site we came across offering a download of the Google Music application, but this one comes with a cost. This site serves up a premium-sms Trojan of the ransom variety. Targeting Russian speakers these Rogue’s, we call Android.FakeInst, offer to give access to the app but for a fee.
It’s never surprising to see the multitude of tactics a cybercriminal will use to deliver malware. In this case, I came across a collection of files masquerading as RealNetworks updater executables. These files were all located in a user’s %AppData%\real\update_ob\ directory, and the sizes were all quite consistent.
At first glance there was nothing too special about this finding – malware appearing to be legitimate software is nothing new.
When I looked into the specific behaviors of the file, it became clearer that the software is in fact malicious, and that it is actually downloading malicious files from the popular web-based file hosting service Dropbox. These files came in two varieties: some files were randomly-named; other files were named for legitimate software. For example: utorrent.exe, Picasa3.exe, Skype.exe, and Qttask.exe.
It appears that cybercriminals are continuing to innovate in this underground market segment by offering geolocated databases of millions of harvested emails for better targeting in their upcoming spam campaigns.
In this post, I’ll profile yet another cybercrime underground service selling millions of harvested emails to potential cybercriminals.