Tag Archives: vulnerabilities

‘Attention! Changes in the bank reports!’ themed emails lead to Black Hole Exploit Kit

Posted on by

By Dancho Danchev

Cybercriminals are currently spamvertising tens of thousands of emails in an attempt to impersonate the recipients’ bank, tricking them into thinking that the Ministry of Finance in their country has introduced new rules for records keeping, and that they need to print and sign a non-existent document.

Once users click on the links found in the malicious emails, they’re automatically exposed to the client-side exploits served by the latest version of the Black Hole Exploit Kit.

More details:

Continue reading

Fake BBB (Better Business Bureau) Notifications lead to Black Hole Exploit Kit

Posted on by

By Dancho Danchev

Cybercriminals have recently launched yet another massive spam campaign, impersonating a rather popular brand used in a decent percentage of social engineering driven email campaigns – the BBB (Better Business Bureau).

Once users click on any of the links in the malicious emails, they’re automatically exposed to the client-side exploits served by the Black Hole Exploit kit.

More details:

Continue reading

Spamvertised ‘Your Recent eBill from Verizon Wireless’ themed emails serve client-side exploits and malware

Posted on by

By Dancho Danchev

Throughout 2012, we intercepted two malicious campaigns impersonating Verizon Wireless in an attempt to trick its customers into clicking on links pointing to fake eBills.

It appears that cybercriminals are back in the game, with yet another Verizon Wireless themed malicious campaign, enticing users to click on the malicious link found in the email. Once users click on the link, they’re automatically exposed to the client-side exploits served by the latest version of the Black Hole Exploit Kit.

More details:

Continue reading

Fake ‘UPS Delivery Confirmation Failed’ themed emails lead to Black Hole Exploit Kit

Posted on by

By Dancho Danchev

Continuing their well proven social engineering tactic of impersonating the market leading courier services, cybercriminals are currently mass mailing tens of thousands of emails impersonating UPS, in an attempt to trick users into clicking on the malicious links found in the legitimate-looking emails.

Once they click on the links, they’re automatically exposed to the client-side exploits served by the Black Hole Exploit kit.

More details:

Continue reading

Fake ‘Citi Account Alert’ themed emails lead to Black Hole Exploit Kit

Posted on by

By Dancho Danchev

Cybercriminals are currently mass mailing hundreds of thousands of emails impersonating Citi, using two different professionally looking email templates. Upon clicking on any of the links found in the malicious emails, users are exposed to the client-side exploits served by the latest version of the Black Hole Exploit Kit.

More details:

Continue reading

Malicious ‘Sendspace File Delivery Notifications’ lead to Black Hole Exploit Kit

Posted on by

By Dancho Danchev

Cybercriminals are currently attempting to trick hundreds of thousands of users into clicking on the malicious links found in the currently spamvertised bogus ‘Sendspace File Delivery Notifications‘.

Upon clicking on any of the links found in the email, users are exposed to the client-side exploits served by the latest version of the Black Hole Exploit Kit.

More details:

Continue reading

Fake ‘Flight Reservation Confirmations’ themed emails lead to Black Hole Exploit Kit

Posted on by

By Dancho Danchev

In the midst of the holidays season, cybercriminals are currently spamvertising tens of thousands of malicious “Flight Reservation Confirmations“, in an attempt to trick users into clicking on the link found in the fake emails. Once they click on the link, users are exposed to the client-side exploits served by the latest version of the Black Hole Exploit Kit.

More details:

Continue reading

Malicious ‘Security Update for Banking Accounts’ emails lead to Black Hole Exploit Kit

Posted on by

By Dancho Danchev

Cybercriminals have recently launched yet another massive spam campaign attempting to trick e-banking users into thinking that their ability to process ACH transactions has been temporarily disabled. Upon clicking on the link found in the malicious email, users are exposed to the client-side exploits served by the Black Hole Exploit Kit.

More details Continue reading

Bogus ‘Facebook Account Cancellation Request’ themed emails serve client-side exploits and malware

Posted on by

By Dancho Danchev

Facebook users, watch what you click on!

Cybercriminals are currently mass mailing bogus “Facebook Account Cancellation Requests“, in an attempt to trick Facebook’s users into clicking on the malicious link found in the email. Upon clicking on the link, users are exposed to client-side exploits which ultimately drop malware on the affected host.

More details:

Continue reading

Bogus ‘End of August Invoices’ themed emails serve malware and client-side exploits

Posted on by

By Dancho Danchev

Cybercriminals have recently launched yet another massive spam campaign attempting to trick users into clicking on malicious links or executing malicious attachments found in the spamvertised emails.

More details:

Continue reading