Category Archives: Threat Research

It’s what we do.

The United Nations hacked, Team Poison claims responsibility

February 10, 2012 – 6:33 pm

By Dancho Danchev A well known group of hackers has penetrated the networks of the United Nations, according to a note posted on Pastebin.com. The group claiming responsibility is Team Poison, a hacking group closely associated with the Anonymous hactivist movement. Team Poison members include TriCk, iN^SaNe, MLT,Phantom~, C0RPS3, f0rsaken, aXioM and ap0calypse. More details:

By ddanchev | Comments (1)

Researchers intercept two client-side exploits serving malware campaigns

February 8, 2012 – 4:52 pm

By Dancho Danchev Security researchers from Webroot have intercepted two currently live client-side exploits serving malware campaigns that have already managed to infect over 20,000 PCs across the globe, primarily in the United States. Based upon detailed analysis, it can be concluded that both campaigns are launched by the same cybercriminal. More details:

By ddanchev | Also posted in Firefox, Keyloggers, Passwords, Downloaders, malware, Trojans, Google Chrome, Internet Explorer | Comments (1)

Researchers spot Citadel, a ZeuS crimeware variant

February 8, 2012 – 1:35 pm

By Dancho Danchev Security researchers from “Tracking Cyber Crime” have spotted a new ZeuS crimeware variant, that’s based on the leaked ZeuS source code from last year. Dubbed Citadel, the crimeware is positioned as a universal spyware system, whose modular nature allows cybercriminals to offer flexibly priced value-added services such as managed malware crypting, and [...]

By ddanchev | Also posted in Downloaders, Keyloggers, malware, Passwords, rootkit, Trojans | Leave a Comment

A peek inside the Smoke Malware Loader

February 3, 2012 – 5:07 pm

By Dancho Danchev The competitive arms race between security vendors and malicious cybercriminals constantly produces new defensive mechanisms, next to new attack platforms and malicious tools aiming to efficiently exploit and infect as many people as possible. Continuing the “A peek inside…” series, in this post I will profile yet another malware loader. This time it’s [...]

By ddanchev | Also posted in Downloaders, Keyloggers, malware, Passwords, Trojans | Leave a Comment

Research: Google’s reCAPTCHA under fire

February 1, 2012 – 4:03 pm

By Dancho Danchev Who needs automated bots solving CAPTCHAs, when you have teams of low-waged humans recognizing them for pennies? In an underground cybercrime ecosystem dominated by managed services and countless outsourcing opportunities, it’s fairly logical to assume that Google’s reCAPTCHA is under constant fire. Just how easy is it to recognize reCAPTCHA images for [...]

By ddanchev | Comments (1)

Cybercriminals generate malicious Java applets using DIY tools

January 30, 2012 – 3:22 pm

By Dancho Danchev Who said there’s such a thing as a trusted Java applet? In situations where malicious attackers cannot directly exploit client-side vulnerabilities on the targeted host, they will turn to social engineering tricks, like legitimate-looking Java Applets, which will on the other hand silently download the malicious payload of the attacker, once the [...]

By ddanchev | Also posted in Backdoors, Downloaders, Firefox, Google Chrome, Internet Explorer, Keyloggers, malware, social engineering, Stupid malware tricks, Trojans | Comments (1)

A peek inside the uBot malware bot

January 26, 2012 – 12:18 pm

By Dancho Danchev Participants in the dynamic cybercrime underground ecosystem are constantly working on new cybercrime-friendly releases in the form of malware bots, Remote Access Tools (RATs) and malware loaders. Continuing the “A peek inside…” series, in this post I will profile yet another DIY (do-it-yourself) malware bot, available at the disposal of cybercriminals at [...]

By ddanchev | Also posted in Backdoors, Downloaders, Keyloggers, malware, Passwords, Trojans | Comments (1)

Researchers intercept a client-side exploits serving malware campaign

January 25, 2012 – 12:14 pm

By Dancho Danchev Security researchers from Webroot have intercepted a currently active, client-side exploits-serving malicious campaign that has already managed to infect 18,544 computers across the globe, through the BlackHole web malware exploitation kit. More details:

By ddanchev | Also posted in Backdoors, Downloaders, Firefox, Google Chrome, Internet Explorer, Keyloggers, malware, Passwords, rootkit, Trojans | Comments (1)

How phishers launch phishing attacks

January 23, 2012 – 7:27 pm

By Dancho Danchev Just like in every other industry, participants in the cybercrime ecosystem are no strangers to the concept of standardization. Standardization results in efficiencies, which on the other hand results in economies of scale. In this case, malicious economies of scale. Just how easy is it to launch a phishing attack nowadays? What tools, [...]

By ddanchev | Also posted in Online shopping threats, Passwords, phishing, social engineering, spam | Leave a Comment

A peek inside the Umbra malware loader

January 20, 2012 – 11:46 am

By Dancho Danchev The thriving cybercrime underground marketplace has a lot to offer. From DIY botnet builders, DIY DDoS platforms, to platforms for executing clickjacking and likejacking campaigns, next to drive-by malware attacks, the ecosystem is always a step ahead of the industry established to fight back. Continuing the “A peek inside…” series, in this [...]

By ddanchev | Also posted in Backdoors, Keyloggers, malware, Trojans | Comments (2)
Follow

Get every new post delivered to your Inbox.

Join 528 other followers