Category Archives: Botnet activity

New DIY HTTP-based botnet tool spotted in the wild

Posted on by

By Dancho Danchev

What are cybercrime-facilitating programmers up to when they’re not busy fulfilling custom orders? Releasing DIY (do-it-yourself) user-friendly tools allowing anyone an easy entry into the world of cybercrime, and securing their revenue streams thanks to the active advertisements of these tools across closed cybercrime-friendly Web communities.

In this post, I’ll profile a recently advertised DIY HTTP-based botnet tool, that allows virtually anyone to operate their own botnet.

More details:

Continue reading

‘Your Kindle e-book Amazon receipt’ themed emails lead to Black Hole Exploit Kit

Posted on by

By Dancho Danchev

Kindle owners, watch what you click on!

Cybercriminals are currently attempting to trick Kindle owners into thinking that they’ve received a receipt from an E-book purchase from Amazon.com. In reality, when users click on any of the links found in the malicious emails, they’re automatically exposed to the  client-side exploits served by the Black Hole Exploit Kit.

More details:

Continue reading

Fake FedEx ‘Tracking ID/Tracking Number/Tracking Detail’ themed emails lead to malware

Posted on by

By Dancho Danchev

On a daily basis, we intercept hundreds of thousands of fraudulent or malicious emails whose purpose is to either infect users with malicious software or turn them into victims of fraudulent schemes. About 99% of these campaigns rely on social engineering tactics, and in the cases where they don’t include direct links to the actual malware, they direct users to the market leading Black Hole Exploit Kit.

In terms of volume and persistence, throughout January, 2013, a single malicious campaign impersonating FedEx topped our metrics data. What’s so special about this campaign? It’s the fact that the digital fingerprint of one of the most recently introduced malware variants used in the campaign corresponds to the digital fingerprint of a malware-serving campaign that we’ve already profiled, indicating that they’ve been launched by the same cybercriminal/gang of cybercriminals.

More details:

Continue reading

Fake Booking.com ‘Credit Card was not Accepted’ themed emails lead to malware

Posted on by

By Dancho Danchev

Cybercriminals are mass mailing tens of thousands of emails, impersonating Booking.com, in an attempt to trick its users into thinking that their credit card was not accepted. Users are then urged to click on a fake “Print Booking Details” link, which leads them to the malware used in the campaign.

More details:

Continue reading

Malicious ‘Facebook Account Cancellation Request” themed emails serve client-side exploits and malware

Posted on by

By Dancho Danchev

In December, 2012, we intercepted a professional-looking email that was impersonating Facebook Inc. in an attempt to trick its users into thinking that they’ve received an “Account Cancellation Request“. In reality, once users clicked on the links, their hosts were automatically exploited through outdated and already patched client-side vulnerabilities, which dropped malware on the affected PCs.

Over the past 24 hours, cybercriminals have resumed spamvertising tens of thousands of legitimate-looking Facebook themed emails, once again using the same social engineering theme.

More details:

Continue reading

Fake ‘FedEx Online Billing – Invoice Prepared to be Paid’ themed emails lead to Black Hole Exploit Kit

Posted on by

By Dancho Danchev

Users of FedEx’s Online Billing service, watch out!

Cybercriminals are currently mass mailing tens of thousands of emails impersonating the company, in an attempt to trick its customers into clicking on exploits and malware dropping links found in the legitimate-looking emails.

More details:

Continue reading

Bogus ‘Your Paypal Transaction Confirmation’ themed emails lead to Black Hole Exploit Kit

Posted on by

By Dancho Danchev

Financial institutions and online payment processors are a common target for cybercriminals, who systematically brand-jack and abuse the reputation of their trusted brands, in an attempt to scam or serve malware to their customers.

Over the past 24 hours, cybercriminals have launched yet another spam campaign, impersonating PayPal, in an attempt to trick its users into thinking that they’ve received a “Transaction Confirmation“, which in reality they never really made. Once users click on any of the links found in the malicious emails, they’re exposed to the client-side exploits served by the Black Hole Exploit Kit.

More details:

Continue reading

Fake Intuit ‘Direct Deposit Service Informer’ themed emails lead to Black Hole Exploit Kit

Posted on by

By Dancho Danchev

Cybercriminals are currently spamvertising tens of thousands of fake emails, impersonating Intuit, in an attempt to trick its customers and users into clicking on the malicious links found in the emails.

Once users click on any of the links, they’re exposed to the client-side exploits served by the latest version of the Black Hole Exploit Kit, which ultimately drops malware on the affected hosts.

More details:

Continue reading

Android malware spreads through compromised legitimate Web sites

Posted on by

By Dancho Danchev

Over the past 24 hours, our sensor networks picked up an interesting website infection affecting a popular Bulgarian website for branded watches, which ultimately redirects and downloads premium rate SMS Android malware on the visiting user devices. The affected Bulgarian website is only the tip of the iceberg, based on the diversified portfolio of malicious domains known to have been launched by the same party that launched the original campaign.

More details:

Continue reading