Webroot Threat Blog

Spamvertised ‘YouTube Video Approved’ and ‘Twitter Support” themed emails lead to pharmaceutical scams

ddanchev — Wed, 23 May 2012 20:08:50 +0000

By Dancho Danchev Just like true marketers interested in improving the click-through rates of their campaign, pharmaceutical scammers are constantly looking for new ways to attract traffic to their fraudulent sites. From compromised web shells on web sites with high page rank, the impersonation of legitimate brands, to the development of co-branding campaigns, pharmaceutical scammers [...]

Spamvertised bogus online casino themed emails serving adware

ddanchev — Tue, 22 May 2012 20:21:07 +0000

By Dancho Danchev Cybercriminals are currently spamvertising online casino themed emails, which ultimately redirect users to a bogus casino site offering an executable download. Upon deeper examination, it appears that the download is actually adware. More details: Spamvertised URL, including affiliate ID: hxxp://grand-parker.com/bonus/15free.php?affid=22323&bonus=TAKE15 – currently responding to 212.7.194.232; 195.2.253.22. Detection rate for GrandParker.exe: MD5: 7bec7eb7f891c1c894536c10fe53c34d, Detected by 6 out [...]

Ongoing ‘LinkedIn Invitation’ themed campaign serving client-side exploits and malware

ddanchev — Tue, 22 May 2012 16:40:30 +0000

By Dancho Danchev Remember the ‘LinkedIn Invitations’ themed malware campaign which I profiled in March, 2012? A few hours, ago, the cybercriminals behind it launched another round of malicious emails to millions of end and corporate users. More details: Once the user clicks on the link (hxxp://hseclub.net/main.php?page=d72ac4be16dd8476), a client-side exploit, CVE-2010-1885 in particular, will attempt to [...]

A peek inside a managed spam service

ddanchev — Thu, 17 May 2012 17:18:30 +0000

By Dancho Danchev Just how easy is it to become a spammer in 2012? Too easy to be true. Especially in times when everything needed to become a spammer, starting for a managed spam appliance, DIY email harvesters, and millions of harvested emails, are available for sale within the cybercrime ecosystem. Despite the numerous botnet [...]

Poison Ivy trojan spreading across Skype

ddanchev — Tue, 15 May 2012 21:46:22 +0000

By Dancho Danchev Last night, a friend of mine surprisingly messaged me at 6:33 AM on Skype, with a message pointing to what appeared to be a photo site with the message “hahahahaha foto” and a link to hxxp://random_subdomain.photalbum.org What was particularly interesting is that he created a group, and was basically sending the same [...]

Spamvertised ‘Pizzeria Order Details’ themed campaign serving client-side exploits and malware

ddanchev — Fri, 11 May 2012 15:19:14 +0000

By Dancho Danchev End and corporate users (and especially Pizza eaters), beware! Cybercriminals are currently spamvertising hundreds of thousands of emails, impersonating FLORENTINO`s Pizzeria, and enticing users into clicking on a client-side exploits and malware serving link in order to cancel a $169.90 order that they never really made. More details: Once the user clicks on the [...]

Cybercriminals release ‘Sweet Orange’ – new web malware exploitation kit

ddanchev — Thu, 10 May 2012 14:50:30 +0000

By Dancho Danchev From DIY (do-it-yourself) exploit generating tools, to efficient platforms for exploitation of end and corporate users, today’s efficiency-oriented cybercriminals are constantly looking for ways to monetize hijacked web traffic. In order to do so, they periodically introduce new features in the exploit kits, initiate new partnerships with managed malware/script crypting services, and [...]

A peek inside a boutique cybercrime-friendly E-shop

ddanchev — Tue, 08 May 2012 22:55:56 +0000

By Dancho Danchev The vibrant cybercrime ecosystem is populated by a diverse set of market players. From sellers, to buyers and vendors, sophisticated cybercriminals next to novice cybercriminals, everyone is persistently looking for ways to monetize their assets and increase their revenue. Over the past two years, the industry witnessed the maturing business models in [...]

Managed SMS spamming services going mainstream

ddanchev — Mon, 07 May 2012 19:04:07 +0000

By Dancho Danchev Are you receiving SMS spam? According to the latest reports, millions of mobile users do. The trend is largely driven by what Webroot is observing as an increase in underground market propositions offering managed SMS spamming services to new market entrants not interested in building and maintaining the spamming infrastructure on their [...]

“You Want To Pay For What!?”

Armando Orozco — Thu, 03 May 2012 21:24:15 +0000

by Nathan Collier Recently we found new apps in alternative Chinese markets that we are considering a Potentially Unwanted Application (PUA). We are calling these apps Android.PUA.SMS.QuickPay. Lets look at a sample of this app. The sample we will look at is an app called “Screen Detection” which is an app that helps find dead [...]