Category Archives: Keyloggers

Software designed to record the keystrokes (and also, more recently, images of on-screen activity). Keyloggers frequently operate surreptitiously, to the detriment of the person whose computer is being monitored, but can also be used ‘in the open’ for legitimate business purposes, such as for monitoring the efficiency of data entry clerks.

Cybercriminals spamvertise bogus greeting cards, serve exploits and malware

Posted on by

By Dancho Danchev

Think you’ve received an online greeting card from 123greetings.com? Think twice!

Over the past couple of days, cybercriminals have spamvertised millions of emails impersonating the popular e-card service 123greetings.com in an attempt to trick end and corporate users into clicking on client-side exploits and malware serving links, courtesy of the Black Hole web malware exploitation kit.

What’s so special about this campaign? Can we connect it to previously spamvertised campaigns profiled at Webroot’s Threat Blog? Let’s find out.

More details:

Continue reading

IRS themed spam campaign leads to Black Hole exploit kit

Posted on by

By Dancho Danchev

Recently, cybercriminals launched yet another massive spam campaign, this time impersonating the Internal Revenue Service (IRS) in an attempt to trick tax payers into clicking on a link pointing to a bogus Microsoft Word Document. Once the user clicks on it, they are redirected to a Black Hole exploit kit landing URL, where they’re exposed to the client-side exploits served by the kit.

More details:

Continue reading

Cybercriminals impersonate AT&T’s Billing Service, serve exploits and malware

Posted on by

By Dancho Danchev

Cybercriminals have launched yet another massive spam campaign, this time impersonating AT&T’s Billing Center, in an attempt to trick end and corporate users into downloading a bogus Online Bill.

Once gullible and socially engineered users click on any of the links found in the malicious emails, they’re automatically redirected to a Black Hole exploit kit landing URL, where they’re exposed to client-side exploits, which ultimately drop a piece of malicious software on the affected hosts.

More details:

Continue reading

Ongoing spam campaign impersonates LinkedIn, serves exploits and malware

Posted on by

By Dancho Danchev

Remember the LinkedIn exploits and malware serving campaigns which I profiled in March, and May?

Over the past 24 hours, cybercriminals launched the most recent spam campaign impersonating LinkedIn, in an attempt to trick LinkedIn’s users into clicking on the client-side exploits and malware serving links found in the emails.

More details:

Continue reading

Spamvertised ‘Download your USPS Label’ themed emails serve malware

Posted on by

By Dancho Danchev

Cybercriminals are currently spamvertising millions of emails impersonating the United States Postal Service (USPS), in an attempt to trick end and corporate users into downloading and unpacking the malicious .zip attachment distributed by them.

What’s so special about this campaign? Where is the malicious sample phoning back to? Are there more malware samples that also phoned back to the same command control servers in the past? Let’s find out.

More details:

Continue reading

Cybercriminals impersonate UPS in client-side exploits and malware serving spam campaign

Posted on by

By Dancho Danchev

In an attempt to aggregate as much traffic as possible, cybercriminals systematically abuse popular brands and online services. Next to periodically rotating the brands, they also produce professional looking email templates, in an attempt to successfully brand-jack these companies, and trick their customers into interacting with the malicious emails.

Today’s highlight is on a currently spamvertised client-side exploits and malware serving campaign impersonating UPS (United Parcel Service). Once users click on the links found in the malicious email, they’re automatically redirected to a Black Hole exploit kit landing page serving client-side exploits, and ultimately dropping malware on the exploited hosts.

More details:

Continue reading

Spamvertised American Airlines themed emails lead to Black Hole exploit kit

Posted on by

By Dancho Danchev

American Airlines customers, watch where you click! Cybercriminals are currently spamvertising millions of emails impersonating the company in an attempt to trick end and corporate users into clicking on the malicious links found in the spamvertised email.

Upon execution, the campaign redirects users to a Black Hole exploit kit landing URL, where client-side exploits are served against outdated third-party software and browser plugins.

More details:

Continue reading

Spamvertised ‘DHL Express Parcel Tracking Notification’ emails serving malware

Posted on by

By Dancho Danchev

Remember the “Spamvertised ‘DHL Package delivery report’ emails serving malware” campaign profiled earlier this month?

It seems that another cybercrime gang has started impersonating DHL in an attempt to serve malware to the millions of spamvertised end and corporate users.

More details:

Continue reading

Spamvertised ‘Your UPS delivery tracking’ emails serving client-side exploits and malware

Posted on by

By Dancho Danchev

Cybercriminals are currently spamvertising millions of emails impersonating United Parcel Service (UPS) in an attempt to trick end and corporate users into clicking on exploits and malware serving links found in the malicious emails. What exploits are they using? How widespread is the campaign? Is it an isolated incident, or is the campaign linked to more malicious activity?

More details:

Continue reading

Spamvertised ‘Your Paypal Ebay.com payment’ emails serving client-side exploits and malware

Posted on by

By Dancho Danchev

Remember the ‘Your Amazon.com order confirmation’ client-side exploits and malware serving campaign which I profiled earlier this week?

It appears that the gang behind it is back with another campaign, this time impersonating PayPal. For the time being, another round consisting of millions of malicious emails is circulating in the wild, enticing end and corporate users into clicking on malicious links found in the emails.

More details:

Continue reading