Tag Archives: Spam Campaign

Malicious ‘Facebook Account Cancellation Request” themed emails serve client-side exploits and malware

Posted on by

By Dancho Danchev

In December, 2012, we intercepted a professional-looking email that was impersonating Facebook Inc. in an attempt to trick its users into thinking that they’ve received an “Account Cancellation Request“. In reality, once users clicked on the links, their hosts were automatically exploited through outdated and already patched client-side vulnerabilities, which dropped malware on the affected PCs.

Over the past 24 hours, cybercriminals have resumed spamvertising tens of thousands of legitimate-looking Facebook themed emails, once again using the same social engineering theme.

More details:

Continue reading

Fake ‘FedEx Online Billing – Invoice Prepared to be Paid’ themed emails lead to Black Hole Exploit Kit

Posted on by

By Dancho Danchev

Users of FedEx’s Online Billing service, watch out!

Cybercriminals are currently mass mailing tens of thousands of emails impersonating the company, in an attempt to trick its customers into clicking on exploits and malware dropping links found in the legitimate-looking emails.

More details:

Continue reading

Bogus ‘Your Paypal Transaction Confirmation’ themed emails lead to Black Hole Exploit Kit

Posted on by

By Dancho Danchev

Financial institutions and online payment processors are a common target for cybercriminals, who systematically brand-jack and abuse the reputation of their trusted brands, in an attempt to scam or serve malware to their customers.

Over the past 24 hours, cybercriminals have launched yet another spam campaign, impersonating PayPal, in an attempt to trick its users into thinking that they’ve received a “Transaction Confirmation“, which in reality they never really made. Once users click on any of the links found in the malicious emails, they’re exposed to the client-side exploits served by the Black Hole Exploit Kit.

More details:

Continue reading

Fake Intuit ‘Direct Deposit Service Informer’ themed emails lead to Black Hole Exploit Kit

Posted on by

By Dancho Danchev

Cybercriminals are currently spamvertising tens of thousands of fake emails, impersonating Intuit, in an attempt to trick its customers and users into clicking on the malicious links found in the emails.

Once users click on any of the links, they’re exposed to the client-side exploits served by the latest version of the Black Hole Exploit Kit, which ultimately drops malware on the affected hosts.

More details:

Continue reading

Cybercriminals resume spamvertising fake Vodafone ‘A new picture or video message’ themed emails, serve malware

Posted on by

By Dancho Danchev

Over the past 24 hours, cybercriminals resumed spamvertising fake Vodafone MMS themed emails, in an attempt to trick the company’s customers into executing the malicious attachment found in these emails.

More details:

Continue reading

‘Batch Payment File Declined’ EFTPS themed emails lead to Black Hole Exploit Kit

Posted on by

By Dancho Danchev

Cybercriminals are currently mass mailing tens of thousands of emails, impersonating the EFTPS (Electronic Federal Tax Payment System), in an attempt to trick its users into clicking on exploits and malware serving malicious links found in the emails.

More details:

Continue reading

Fake ‘ADP Speedy Notifications’ lead to client-side exploits and malware

Posted on by

By Dancho Danchev

Over the past week, cybercriminals have resumed spamvertising fake “ADP Immediate Notifications” in an attempt to trick users into clicking on the malicious links found in the emails. The links point to the latest version of the Black Hole Exploit Kit, and consequently, exploit CVE-2013-0422, affecting the latest version of Java.

With no fix for this vulnerability currently available, users are advised  to disable Java immediately.

More details:

Continue reading

‘Please confirm your U.S Airways online registration’ themed emails lead to Black Hole Exploit Kit

Posted on by

By Dancho Danchev

In 2012, fake flight reservation confirmations and bogus E-ticket verifications were a popular social engineering theme for cybercriminals. On numerous occasions, we intercepted related campaigns attempting to trick customers into clicking on malicious links, which ultimately exposed them to the client-side exploits served by the latest version of the Black Hole Exploit Kit.

Apparently, the click-through rates for these campaigns were good enough for cybercriminals to resume spamvertising related campaigns. In this post, I’ll profile the most recently spamvertised campaign impersonating U.S Airways.

More details:

Continue reading

Spamvertised AICPA themed emails serve client-side exploits and malware

Posted on by

By Dancho Danchev

Certified Public Accountants (CPAs) are a common target for cybercriminals. Throughout 2012, we intercepted several campaigns directly targeting CPAs in an attempt to trick them into clicking on the malicious links found in the emails. Once they click on any of the links, they’re automatically exposed to the client-side exploits served by the latest version of the Black Hole Exploit Kit.

In this post, I’ll analyze one of the most recently spamvertised campaigns impersonating the American Institute of Certified Public Accountants, also known as AICPA.

More details:

Continue reading