Category Archives: mal-effects

The malicious effects and consequences of malware

Managed ‘Russian ransomware’ as a service spotted in the wild

Posted on by

By Dancho Danchev

In 2013, you no longer need to posses sophisticated programming skills to manage a ransomware botnet, potentially tricking tens of thousands of gullible users, per day, into initiating a micro-payment to pay the ransom for having their PC locked down. You’ve got managed ransomware services doing it for you.

In this post I’ll profile a recently spotted underground market proposition detailing the success story of a ransomware botnet master that’s been in business for over 4 years, claiming to be earning over five hundred thousands rubles per month.

More details: Continue reading

How fraudulent blackhat SEO monetizers apply Quality Assurance (QA) to their DIY doorway generators

Posted on by

By Dancho Danchev

How are cybercriminals most commonly abusing legitimate Web traffic?

On the majority of occasions, some will either directly embed malicious iFrames on as many legitimate Web sites as possible, target server farms and the thousands of customers that they offer services to, or generate and upload invisible doorways on legitimate, high pagerank-ed Web properties, in an attempt to monetize the hijacked search traffic.

In this post I’ll profile a DIY blackhat SEO doorway generator, that surprisingly, has a built-in module allowing the cybercriminal using it to detect and remove 21 known Web backdoors (shells) from the legitimate Web site about to be abused, just in case a fellow cybercriminal has already managed to compromise the same site.

Are turf wars back in (the cybercrime) business? Let’s find out.

More details: Continue reading

Cybercriminals impersonate Bank of America (BofA), serve malware

Posted on by

By Dancho Danchev

Relying on tens of thousands of fake “Your transaction is completed” emails, cybercriminals have just launched yet another malicious spam campaign attempting to socially engineer Bank of America’s (BofA) customers into executing a malicious attachment. Once unsuspecting users do so, their PCs automatically join the botnet operated by the cybercriminal/gang of cybercriminals operating it, leading to a successful compromise of their hosts.

More details: Continue reading

Fake ‘DHL Delivery Report’ themed emails lead to malware

Posted on by

By Dancho Danchev

Over the past couple of days, cybercriminals have launched two consecutive malware campaigns impersonating DHL in an attempt to trick users into thinking that they’ve received a parcel delivery notification. The first campaign comes with a malicious attachment, whereas in the second, the actual malicious archive is located on a compromised domain.

More details: Continue reading

Historical OSINT – The ‘Boston Marathon explosion’ and ‘Fertilizer plant explosion in Texas’ themed malware campaigns

Posted on by

By Dancho Danchev

Following the recent events, opportunistic cybercriminals have been spamvertising tens of thousands of malicious emails in an attempt to capitalize on on the latest breaking news.

We’re currently aware of two “Boston marathon explosion” themed campaigns that took place last week, one of which is impersonating CNN, and another is using the “fertilizer plant exposion in Texas” theme, both of which redirect to either the RedKit or the market leading Black Hole Exploit Kit.

Let’s profile the campaigns that took place last week, with the idea to assist in the ongoing attack attribution process.

More details:

Continue reading

How mobile spammers verify the validity of harvested phone numbers – part two

Posted on by

By Dancho Danchev

Just as we anticipated earlier this year in our “How mobile spammers verify the validity of harvested phone number” post, mobile spammers and cybercriminals in general will continue ensuring that QA (Quality Assurance) is applied to their upcoming campaigns. This is done in an attempt to both successfully reach a wider audience and to charge a higher price for a verified database of mobile numbers.

In this post I’ll profile yet another commercially available phone/mobile number verification tool that’s exclusively supporting Huawei 3G USB modems.

More details: Continue reading

Cybercriminals offer spam-friendly SMTP servers for rent

Posted on by

By Dancho Danchev

In times when modern cybercriminals take advantage of the built-in SMTP engines in their malware platforms, as well as efficient and systematic abuse of Web-based email service providers for mass mailing fraudulent or malicious campaigns, others seem to be interested in the resurrection of an outdated, but still highly effective way to send spam, namely, through spam-friendly SMTP servers.

In this post, I’ll profile a recently posted underground market ad for spam-friendly SMTP servers, offered for sale for $30 on a monthly basis.

More details: Continue reading

American Airlines ‘You can download your ticket’ themed emails lead to malware

Posted on by

By Dancho Danchev

Cybercriminals are currently spamvertising tens of thousands of emails impersonating American Airlines in an attempt to trick its customers into thinking that they’ve received a download link for their E-ticket. Once they download and execute the malicious attachment, their PCs automatically join the botnet operated by the cybercriminal/gang of cybercriminals behind the campaign.

More details:

Continue reading

Spamvertised ‘Your order for helicopter for the weekend’ themed emails lead to malware

Posted on by

By Dancho Danchev

Cybercriminals are currently mass mailing tens of thousands of emails, in an attempt to trick users into thinking that the order for their “air transportation services has been accepted and processed”. In reality though, once users execute the malicious attachments, their PCs will automatically become part of the botnet managed by the malicious actors.

More details: Continue reading