Malware for which the primary or sole function is to retrieve data or files from the Internet.
By Dancho Danchev
Cybercriminals are mass mailing tens of thousands of emails, impersonating Booking.com, in an attempt to trick its users into thinking that their credit card was not accepted. Users are then urged to click on a fake “Print Booking Details” link, which leads them to the malware used in the campaign.
More details:
By Dancho Danchev
On a daily basis, we continue to observe the emergence of the DIY (do-it-yourself) trend within the entire cybercrime ecosystem. And although the DIY activity cannot be compared to the malicious impact caused by “cybercrime-as-a-service” managed underground market propositions, it allows virtually anyone to enter the profitable world of cybercrime, thanks to the ongoing leaks of proprietary malware generating tools and freely available alternatives.
In this post, I’ll profile the latest version of a Russian DIY password stealing malware that’s targeting multiple browers, Email, IM, FTP clients, as well as online poker clients.
By Dancho Danchev
LinkedIn users, watch what you click on!
Over the past 24 hours, cybercriminals have launched yet another massive spam campaign, impersonating LinkedIn, in an attempt to trick its users into clicking on the malicious links found in the bogus “Invitation Notification” themed emails. Once they click on the links, users are automatically exposed to the client-side exploits served by the Black Hole Exploit Kit.
More details:
By Dancho Danchev
Cybercriminals are currently spamvertising tens of thousands of fake emails, impersonating Intuit, in an attempt to trick its customers and users into clicking on the malicious links found in the emails.
Once users click on any of the links, they’re exposed to the client-side exploits served by the latest version of the Black Hole Exploit Kit, which ultimately drops malware on the affected hosts.
More details:
By Dancho Danchev
How easy is it to create an undetected piece of malware these days? Too easy to be true!
With more DIY malware botnets and DIY malware generating tools continuing to leak at public cybercrime-friendly forums, today’s novice cybercriminals have access to sophisticated point’n'click malware generating tools that were once only available in the arsenal of the experienced cybercriminal.
In this post, I’ll profile a recently leaked DIY malware generating tool, discuss its core features, and emphasize on its relevance in the context of the big picture when it comes to ongoing waves of malicious activity we’ve been monitoring over the years.
More details:
By Dancho Danchev
Over the past week, cybercriminals have resumed spamvertising fake “ADP Immediate Notifications” in an attempt to trick users into clicking on the malicious links found in the emails. The links point to the latest version of the Black Hole Exploit Kit, and consequently, exploit CVE-2013-0422, affecting the latest version of Java.
With no fix for this vulnerability currently available, users are advised to disable Java immediately.
More details:
By Dancho Danchev
Certified Public Accountants (CPAs) are a common target for cybercriminals. Throughout 2012, we intercepted several campaigns directly targeting CPAs in an attempt to trick them into clicking on the malicious links found in the emails. Once they click on any of the links, they’re automatically exposed to the client-side exploits served by the latest version of the Black Hole Exploit Kit.
In this post, I’ll analyze one of the most recently spamvertised campaigns impersonating the American Institute of Certified Public Accountants, also known as AICPA.
More details:
By Dancho Danchev
Cybercriminals have recently launched yet another massive spam campaign, impersonating a rather popular brand used in a decent percentage of social engineering driven email campaigns – the BBB (Better Business Bureau).
Once users click on any of the links in the malicious emails, they’re automatically exposed to the client-side exploits served by the Black Hole Exploit kit.
More details:
By Dancho Danchev
It’s that time of the year! The moment when we look back, and reflect on Webroot’s Threat Blog most popular content for 2012.
Which are this year’s most popular posts? What distinguished them from the rest of the analyses published on a daily basis, throughout the entire year?
Let’s find out.
