A peek inside a (cracked) commercially available RAT (Remote Access Tool)

Posted on by

By Dancho Danchev

In an attempt to add an additional layer of legitimacy to their malicious software, cybercriminals sometimes simply reposition them as Remote Access Tools, also known as R.A.Ts. What they seem to be forgetting is that, no legitimate Remote Access Tool would posses any spreading capabilities, plus, has the capacity to handle tens of thousands of hosts at the same time, or possesses built-in password stealing capabilities.

Pitched by its author as a Remote Access Tool, the DIY (do it yourself) malware that I’ll profile in this post is currently cracked, and available for both novice, and experienced cybercriminals to take advantage of at selected cybercrime-friendly communities.

More details: Continue reading

How mobile spammers verify the validity of harvested phone numbers – part two

Posted on by

By Dancho Danchev

Just as we anticipated earlier this year in our “How mobile spammers verify the validity of harvested phone number” post, mobile spammers and cybercriminals in general will continue ensuring that QA (Quality Assurance) is applied to their upcoming campaigns. This is done in an attempt to both successfully reach a wider audience and to charge a higher price for a verified database of mobile numbers.

In this post I’ll profile yet another commercially available phone/mobile number verification tool that’s exclusively supporting Huawei 3G USB modems.

More details: Continue reading

Cybercriminals offer spam-friendly SMTP servers for rent

Posted on by

By Dancho Danchev

In times when modern cybercriminals take advantage of the built-in SMTP engines in their malware platforms, as well as efficient and systematic abuse of Web-based email service providers for mass mailing fraudulent or malicious campaigns, others seem to be interested in the resurrection of an outdated, but still highly effective way to send spam, namely, through spam-friendly SMTP servers.

In this post, I’ll profile a recently posted underground market ad for spam-friendly SMTP servers, offered for sale for $30 on a monthly basis.

More details: Continue reading

American Airlines ‘You can download your ticket’ themed emails lead to malware

Posted on by

By Dancho Danchev

Cybercriminals are currently spamvertising tens of thousands of emails impersonating American Airlines in an attempt to trick its customers into thinking that they’ve received a download link for their E-ticket. Once they download and execute the malicious attachment, their PCs automatically join the botnet operated by the cybercriminal/gang of cybercriminals behind the campaign.

More details:

Continue reading

BitCoin Jackers Ask: “What’s in Your Wallet?”

Posted on by

By Adam McNeil

BitCoinJacker-StealMeMoney

With all the recent media coverage and extreme changes of the BitCoin value, it should come as no surprise that malware authors are trying to capitalize on the trends.  These people attempt to make money on all sorts of digital transactions and it’s probably a safe bet to expect their rapid expansion into the up-and-coming Digital Currency market.

The Webroot Threat Research Department has already seen many malware campaigns targeting BitCoin users.  The recent explosion (and subsequent implosion) of the BitCoin value has expedited the need for custom compiled BitCoin harvesters and the malware authors are happy to abide.

More details: Continue reading

A peek inside a ‘life cycle aware’ underground market ad for a private keylogger

Posted on by

By Dancho Danchev

What’s greed to some cybercriminals, is profit maximization to others, especially in times when we’re witnessing the maturing state of the modern cybercrime ’enterprise’. Many enter this vibrant marketplace as vendors without really realizing that, thanks to the increasing transparency within the cybercrime ecosystem, their basic and valued added services will be directly benchmarked against a competing vendor, sometime rendering their unique value proposition completely irrelevant. Others will take a different approach by releasing a ‘life cycle aware’ underground market ad and will still manage to generate some revenue, as well as secure a decent number of customers in the long-term.

In this post, I’ll profile a ‘life cycle aware’ underground market ad for a private keylogger, relying on a limited number of licenses for its business model.

More details:

Continue reading

Spamvertised ‘Your order for helicopter for the weekend’ themed emails lead to malware

Posted on by

By Dancho Danchev

Cybercriminals are currently mass mailing tens of thousands of emails, in an attempt to trick users into thinking that the order for their “air transportation services has been accepted and processed”. In reality though, once users execute the malicious attachments, their PCs will automatically become part of the botnet managed by the malicious actors.

More details: Continue reading