Russian cybercriminals release new DIY DDoS malware loader

Posted on October 22, 2012 by ddanchev

By Dancho Danchev

On a daily basis, new market entrants into the cybercrime ecosystem attempt to monetize their coding skills by releasing and branding new DIY DDoS malware loaders. Largely dominated by “me too” features, these DIY malware loaders are purposely released with prices lower than the prices of competing bots, in an attempt by the cybercriminal behind them to gain market share – a necessary prerequisite for a successful long-term oriented business model.

In this post, I’ll profile a recently released Russian DDoS malware bot.

More details:

Continue reading →

‘Regarding your Friendster password’ themed emails lead to Black Hole exploit kit

Posted on October 19, 2012 by ddanchev

By Dancho Danchev

Cybercriminals are currently spamvertising millions of emails, impersonating Friendster, in an attempt to trick its current and prospective users into clicking on a malicious link found in the email.

Upon clicking on the link, users are exposed to the client-side exploits served by the latest version of the Black Hole exploit kit.

More details:

Continue reading →

Malware campaign spreading via Facebook direct messages spotted in the wild

Posted on October 19, 2012 by ddanchev

By Dancho Danchev

Trust is vital, and cybercriminals know that there’s a higher probability that you will click on a link sent by a trusted friend, not from a complete stranger.

Yesterday, one of my Facebook friends sent me a direct message indicating that his host has been compromised, and is currently being used to send links to a malicious .zip archive through direct messages to all of his Facebook friends.

More details:

Continue reading →

‘Intuit Payroll Confirmation inquiry’ themed emails lead to the Black Hole exploit kit

Posted on October 18, 2012 by ddanchev

By Dancho Danchev

Over the past 24 hours, cybercriminals launched two consecutive massive email campaigns, impersonating Intui Payroll’s Direct Deposit Service system, in an attempt to trick end and corporate users into clicking on the malicious links found in the mails.

Upon clicking on any of links found in the emails, users are exposed to the client-side exploits served by the latest version of the Black Hole exploit kit.

More details:

Continue reading →

Spamvertised ‘KLM E-ticket’ themed emails serve malware

Posted on October 18, 2012 by ddanchev

By Dancho Danchev

KLM customers, beware!

Cybercriminals are currently spamvertising millions of legitimate-looking emails, in an attempt to trick current and prospective KLM customers into executing the malicious attachment found in the email.

More details:

Continue reading →

Bogus Facebook notifications lead to malware

Posted on October 17, 2012 by ddanchev

By Dancho Danchev

In an attempt to trick users into getting themselves infected with malware, cybercriminals are currently spamvertising millions of emails impersonating Facebook.

More details:

Continue reading →

American Airlines themed emails lead to the Black Hole Exploit Kit

Posted on October 17, 2012 by ddanchev

By Dancho Danchev

Over the past 24 hours, cybercriminals launched yet another massive spam campaign, this time impersonating American Airlines in an attempt to trick its customers into clicking on a malicious link found in the mail. Upon clicking on the link, users are exposed to the client-side exploits served by the Black Hole Exploit Kit v2.0

More details:

Continue reading →

Cybercriminals spamvertise ‘Amazon Shipping Confirmation’ themed emails, serve client-side exploits and malware

Posted on October 16, 2012 by ddanchev

By Dancho Danchev

Over the past week, cybercriminals have been spamvertising millions of emails impersonating Amazon.com in an attempt to trick customers into thinking that they’ve received a Shipping Confirmation for a Vizio XVT3D04, HD 40-Inch 720p 100 Hz Cinema 3D LED-LCD HDTV FullHD and Four Pairs of 3D Glasses.

Once users click on any of the links found in the malicious email, they’re automatically exposed to the client-side exploits served by the latest version of the Black Hole Exploit kit.

More details:

Continue reading →

‘Your video may have illegal content’ themed emails serve malware

Posted on October 16, 2012 by ddanchev

By Dancho Danchev

Cybercriminals are currently spamvertising millions of emails impersonating Google’s YouTube team, in an attempt to trick end and corporate users into executing the malicious attachment found in the email. Upon execution, the samples opens a backdoor on the affected host, allowing full access to the targeted host by the cybercriminals behind the campaign.

More details:

Continue reading →

Cybercriminals impersonate UPS, serve client-side exploits and malware

Posted on October 15, 2012 by ddanchev

By Dancho Danchev

Over the past 24 hours, cybercriminals spamvertised millions of email addresses, impersonating UPS, in an attempt to trick end users into viewing the malicious .html attachment. Upon viewing, the file loads a tiny iFrame attempting to serve client-side exploit served by the latest version of the Black Hole Exploit kit, which ultimately drops malware on the affected host.

More details:

Continue reading →

Webroot Threat Blog – Internet Security Threat Updates from Around the World

WEBROOT – INSIGHTS INTO THREATS AND TRENDS FROM OUR INTERNET SECURITY EXPERTS

Monthly Archives: October 2012

Russian cybercriminals release new DIY DDoS malware loader

Follow “Webroot Threat Blog - Internet Security Threat Updates from Around the World”

WEBROOT – INSIGHTS INTO THREATS AND TRENDS FROM OUR INTERNET SECURITY EXPERTS

Tell your friends:

Like this:

Tell your friends:

Like this:

Tell your friends:

Like this:

Tell your friends:

Like this:

Tell your friends:

Like this:

Tell your friends:

Like this:

Tell your friends:

Like this:

Tell your friends:

Like this:

Tell your friends:

Like this:

Tell your friends:

Like this:

Follow “Webroot Threat Blog - Internet Security Threat Updates from Around the World”