DIY Java-based RAT (Remote Access Tool) spotted in the wild

Posted on April 1, 2013 by ddanchev

By Dancho Danchev

While the authors/support teams of some of the market leading Web malware exploitation kits are competing on their way to be the first kit to introduce a new exploit on a mass scale, others, largely influenced by the re-emergence of the DIY (do-it-yourself) trend across the cybercrime ecosystem, continue relying on good old fashioned social engineering attacks.

In this post, I’ll profile a beneath-the-radar type of DIY Java-based botnet building tool, which is served through the usual unsigned, yet malicious Java applet.

More details: Continue reading →

New DIY RDP-based botnet generating tool leaks in the wild

Posted on March 28, 2013 by ddanchev

By Dancho Danchev

In times when we’re witnessing the most prolific and systematic abuse of the Internet for fraudulent and purely malicious activities, there are still people who cannot fully grasp the essence of the cybercrime ecosystem in the context of the big picture — economic terrosm — and in fact often deny its existence, describing it as anything else but an underdeveloped sellers/buyers market.

That’s totally wrong.

In this post, I’ll discuss the cybercrime ecosystem events that eventually led to the leakage of a private DIY botnet building and managing platform - with the idea to raise more awareness on the dynamics taking place within the vibrant ecosystem.

More details: Continue reading →

New DIY IRC-based DDoS bot spotted in the wild

Posted on March 4, 2013 by ddanchev

By Dancho Danchev

Thanks to basic disruptive factors like standardization, DIY (do it yourself) underground market releases, Cybercrime-as-a-Service ”value added” propositions, efficiency-centered client-side exploitation process, QA (Quality Assurance), and adaptation to the ubiquitous endpoint protection mechanisms, such as for instance, signatures-based antivirus scanning, the cybercrime ecosystem is currently enjoying the monetary joys of its mature state.

In this post, I’ll profile a recently advertised DIY IRC-based DDoS bot, with an emphasis on how market followers, like the author of the bot, attempt to steal market share from the competition. Successful or not, this trend has been taking place for years, and based on the positive type and number of “satisfied customer” comments for this bot, market followers can also secure a revenue stream thanks to the fact that the prospective buyers of such “me too” type of malicious software releases don’t know where to acquire the latest cutting-edge DIY DDoS bot technology from.

More details:

Continue reading →

Malicious ‘Data Processing Service’ ACH File ID themed emails serve client-side exploits and malware

Posted on February 25, 2013 by ddanchev

By Dancho Danchev

A cybercriminal/gang of cybercriminals that we’ve been closely monitoring for a while now has just launched yet another spam campaign, this time impersonating the “Data Processing Service” company, in an attempt to trick its customers into interacting with the malicious emails. Once they do so, they are automatically exposed to the client-side exploits served by the Black Hole Exploit Kit.

In this post, I’ll profile their latest campaign and the dropped malware. I will also establish a direct connection between this and three other previously profiled malicious campaigns, as well as an ongoing money mule campaign, all of which appear to have been launched by the same cybercriminal/gang of cybercriminals.

More details:

Continue reading →

Spamvertised IRS ‘Income Tax Refund Turned Down’ themed emails lead to Black Hole Exploit Kit

Posted on February 15, 2013 by ddanchev

By Dancho Danchev

Its tax season and cybercriminals are mass mailing tens of thousands of IRS (Internal Revenue Service) themed emails in an attempt to trick users into thinking that their income tax refund has been “turned down”. Once users click on any of the links found in the malicious emails, they’re automatically exposed to the client-side exploits served by the Black Hole Exploit Kit.

More details:

Continue reading →

New underground service offers access to thousands of malware-infected hosts

Posted on February 12, 2013 by ddanchev

By Dancho Danchev

Thanks to the success of multiple botnet aggregating malicious campaigns launched in the wild, cybercriminals are launching malware-infected-hosts — also known as loads — as a service type of underground market propositions, in an attempt to monetize the botnet’s infected population by selling “partitioned” access to it.

How much does it cost to buy a thousand US-based malware infected hosts? What about hosts based in the European Union? Let’s find out. In this post, I’ll profile a newly launched underground service offering access to thousands of malware-infected hosts to virtually anyone who’s willing to pay the price.

More details:

Continue reading →

New DIY HTTP-based botnet tool spotted in the wild

Posted on February 6, 2013 by ddanchev

By Dancho Danchev

What are cybercrime-facilitating programmers up to when they’re not busy fulfilling custom orders? Releasing DIY (do-it-yourself) user-friendly tools allowing anyone an easy entry into the world of cybercrime, and securing their revenue streams thanks to the active advertisements of these tools across closed cybercrime-friendly Web communities.

In this post, I’ll profile a recently advertised DIY HTTP-based botnet tool, that allows virtually anyone to operate their own botnet.

More details:

Continue reading →

USPS ‘Postal Notification’ themed emails lead to malware

Posted on November 6, 2012 by ddanchev

By Dancho Danchev

Cybercriminals are currently mass mailing millions of emails impersonating The United States Postal Service (USPS), in an attempt to trick its customers into downloading and executing the malicious .zip archive linked in the bogus emails.

Upon execution, the malware opens a backdoor on the affected host, allowing the cybercriminals behind the campaign to gain complete control over the host.

More details:

Continue reading →

A peek inside the Cythosia v2 DDoS Bot

Posted on January 9, 2012 by ddanchev

by Dancho Danchev

With DDoS extortion and DDoS for hire attacks proliferating, next to the ever decreasing price for renting a botnet, it shouldn’t come as a surprise that cybercriminals are constantly experimenting with new DDoS tools.

In this post, I’ll profile a newly released DDoS bot, namely v2 of the Cythosia DDoS bot.

Continue reading →

A peek inside the PickPocket Botnet

Posted on January 6, 2012 by ddanchev

by Dancho Danchev

Malicious attackers quickly adapt to emerging trends, and therefore constantly produce new malicious releases. One of these recently released underground tools, is the PickPocket Botnet, a web-based command and control interface for controlling a botnet.

Let’s review its core features, and find out just how easy it is to purchase it within the cybercrime ecosystem.

Continue reading →

Webroot Threat Blog – Internet Security Threat Updates from Around the World

WEBROOT – INSIGHTS INTO THREATS AND TRENDS FROM OUR INTERNET SECURITY EXPERTS

Tag Archives: botnet

New DIY RDP-based botnet generating tool leaks in the wild

New DIY IRC-based DDoS bot spotted in the wild

New underground service offers access to thousands of malware-infected hosts

New DIY HTTP-based botnet tool spotted in the wild

A peek inside the Cythosia v2 DDoS Bot

A peek inside the PickPocket Botnet

Follow “Webroot Threat Blog - Internet Security Threat Updates from Around the World”

WEBROOT – INSIGHTS INTO THREATS AND TRENDS FROM OUR INTERNET SECURITY EXPERTS

Tell your friends:

Like this:

Tell your friends:

Like this:

Tell your friends:

Like this:

Tell your friends:

Like this:

Tell your friends:

Like this:

Tell your friends:

Like this:

Tell your friends:

Like this:

Tell your friends:

Like this:

Tell your friends:

Like this:

Tell your friends:

Like this:

Follow “Webroot Threat Blog - Internet Security Threat Updates from Around the World”