Category Archives: Keyloggers

Software designed to record the keystrokes (and also, more recently, images of on-screen activity). Keyloggers frequently operate surreptitiously, to the detriment of the person whose computer is being monitored, but can also be used ‘in the open’ for legitimate business purposes, such as for monitoring the efficiency of data entry clerks.

Cybercriminals populate Scribd with bogus adult content, spread malware using Comodo Backup

Posted on by

By Dancho Danchev

On their way to convert legitimate traffic into malware-infected hosts using web malware exploitation kits, cybercriminals have been actively experimenting with multiple traffic acquisition techniques over the past couple of years. From malvertising (the process of displaying malicious ads), to compromised high-trafficked web sites, to blackhat SEO (search engine optimization), the tools in their arsenal have been systematically maturing to become today’s sophisticated traffic acquisition platforms delivering millions of unique visits from across the world, to the cybercriminals behind the campaigns.

What are some of the latest campaigns currently circulating in the wild? How are cybercriminals monetizing the hijacked traffic? Are they basically redirecting to the landing page of an affiliate network, earning revenue in the process, or are they serving malicious software to unsuspecting and gullible end and corporate users?

Let’s find out by profiling a currently active blackhat SEO (search engine optimization) campaign at the popular document sharing web site Scribd, currently using double monetization of the anticipated traffic, namely, redirecting users to a dating affiliate network, and serving malware in between.

More details:

Continue reading

Spamvertised ‘Your Amazon.com order confirmation’ emails serving client-side exploits and malware

Posted on by

By Dancho Danchev

Everyone uses Amazon! At least that’s what the cybercriminals are hoping.  Cybercriminals are currently spamvertising millions of emails impersonating Amazon.com Inc. in an attempt to trick end and corporate users into clicking on the malicious links found in the emails.

More details:

Continue reading

Skype propagating Trojan targets Syrian activists

Posted on by

By Dancho Danchev

The Electronic Frontier Foundation (EFF) is reporting on a recently intercepted malicious documents distributed over Skype, apparently targeting Syrian activists.

Upon viewing the document, it drops additional files on the infected hosts, and opens a backdoor allowing the cyber spies behind the campaign access to the infected PC. 

Webroot has obtained a copy of the malware and analyzed its malicious payload.

More details:

Continue reading

‘Windstream bill’ themed emails serving client-side exploits and malware

Posted on by

By Dancho Danchev

Cybercriminals are currently spamvertising millions of emails impersonating the Windstream Corporation, in an attempt to trick end and corporate users into clicking on links found in the malicious email.

Upon clicking on the links hosted on compromised web sites, users are exposed to client-side exploits served by the BlackHole web malware exploitation kit.

More details:

Continue reading

Spamvertised CareerBuilder themed emails serving client-side exploits and malware

Posted on by

By Dancho Danchev

End and corporate users, and especially CareerBuilder users, beware!

Cybercriminals are currently spamvertising millions of emails impersonating the popular jobs portal CareerBuilder in an attempt to trick users into  clicking on client-side exploits serving links.

The current campaign, originally circulating in the wild since 26 Apr, 2012, is a great example of a lack of QA (quality assurance) since they’re spamvertising a binary that’s largely detected by the security community.

More details:

Continue reading

Spamvertised ‘Pizzeria Order Details’ themed campaign serving client-side exploits and malware

Posted on by

By Dancho Danchev

End and corporate users (and especially Pizza eaters), beware!

Cybercriminals are currently spamvertising hundreds of thousands of emails, impersonating FLORENTINO`s Pizzeria, and enticing  users into clicking on a client-side exploits and malware serving link in order to cancel a $169.90 order that they never really made.

More details:

Continue reading

Cybercriminals release ‘Sweet Orange’ – new web malware exploitation kit

Posted on by

By Dancho Danchev

From DIY (do-it-yourself) exploit generating tools, to efficient platforms for exploitation of end and corporate users, today’s efficiency-oriented cybercriminals are constantly looking for ways to monetize hijacked web traffic. In order to do so, they periodically introduce new features in the exploit kits, initiate new partnerships with managed malware/script crypting services, and do their best to stay ahead of the security industry.

What are some of the latest developments in this field?

Meet Sweet Orange, one of the most recently released web malware exploitation kits, available for sale at selected invite-only cybercrime-friendly communities.

What’s so special about Sweet Orange? Does it come with customer support? What client-side exploits is it serving? How are the Russian cybercriminals behind it differentiating their underground market proposition in comparison with competing kits, such as the market leading Black Hole web malware exploitation kit?

Let’s find out.

Continue reading

Hewlett-Packard shipping malware-infected compact flash cards

Posted on by

By Dancho Danchev

Earlier this week, HP’s Software Security Response Team issued a security bulletin, alerting users that certain HP ProCurve 5400 zl switches were shipped with malware installed on the associated compact flash cards. No details were given about the type of malware shipped to unaware customers.

More details on the affected switches, including their serial numbers:

Continue reading

New underground service offers access to hundreds of hacked PCs

Posted on by

By Dancho Danchev

Want to buy anonymous access to hacked PCs, spam-free SMTP servers (Simple Mail Transfer Protocol), or compromised bank accounts?

A newly launched underground Web service, is currently offering access to hundreds of hacked PCs, SMTP servers, and hacked bank accounts.

Let’s take a deeper look:

Continue reading

Spamvertised ‘US Airways’ themed emails serving client-side exploits and malware

Posted on by

By Dancho Danchev

Cybercriminals are currently spamvertising yet another social-engineering driven malicious email campaign, this time impersonating U.S Airways.

Upon clicking on the malicious links found in the emails, end and corporate users are exposed to client-side exploits courtesy of the BlackHole web malware exploitation kit.

More details:

Continue reading