Webroot Threat Blog - Internet Security Threat Updates from Around the World

Rogue ‘Oops Video Player’ attempts to visually social engineer users, mimicks Adobe Flash Player’s installation process

ddanchev — Wed, 19 Jun 2013 07:00:26 +0000

By Dancho Danchev Our sensors have just detected yet another rogue advertisement served through the Yieldmanager ad network, this one enticing users into downloading a rogue video player known as the ‘Oops Video Player’. What’s particularly interesting about this rogue ad campaign is that the PUA (Potentially Unwanted Application) attempts to visually trick users by […]

New boutique iFrame crypting service spotted in the wild

ddanchev — Tue, 18 Jun 2013 07:00:36 +0000

By Dancho Danchev In a series of blog posts shedding more light into the emergence of the boutique cybercrime ‘enterprise’, we’ve been profiling underground market propositions that continue populating the cybercrime ecosystem on a daily basis, but fail to result in any widespread damage or introduce potential ecosystem disrupting features. Despite these observations, the novice […]

Rogue ads target EU users, expose them to Win32/Toolbar.SearchSuite through the KingTranslate PUA

ddanchev — Mon, 17 Jun 2013 07:00:43 +0000

By Dancho Danchev Who would need a virtually unknown, but supposedly free, desktop based application in order to translate texts between multiple languages? Tens of thousands of socially engineered European ads, who continue getting exposed to the rogue ads served through Yieldmanager’s network, are promoting more Potentially Unwanted Applications (PUAs) courtesy of Bandoo Media Inc and their subsidiary […]

How cybercriminals apply Quality Assurance (QA) to their malware campaigns before launching them

ddanchev — Fri, 14 Jun 2013 07:00:48 +0000

By Dancho Danchev In 2013, the use of basic Quality Assurance (QA) practices has become standard practice for cybercrininals when launching a new campaign. In an attempt to increase the probability of a successful outcome for their campaigns — think malware infection, increased visitor-to-malware infected conversion, improved conversion of blackhat SEO acquired traffic leading to the purchase of counterfeit pharmaceutical items etc. — […]

Rogue ads lead to SafeMonitorApp Potentially Unwanted Application (PUA)

ddanchev — Thu, 13 Jun 2013 07:00:42 +0000

By Dancho Danchev Our sensors just picked up yet another rogue ad enticing users into installing the SafeMonitorApp, a potentially unwanted application (PUA) that socially engineers users into giving away their privacy through deceptive advertising of the rogue application’s “features”. More details: Sample screenshot of the landing page, featuring a bogus ‘Norton Secured’ Seal: Sample screenshot […]

Tens of thousands of spamvertised emails lead to W32/Casonline

ddanchev — Wed, 12 Jun 2013 07:00:25 +0000

By Dancho Danchev Fraudsters are currently spamvertising tens of thousands of emails enticing users into installing rogue, potentially unwanted (PUAs) casino software. Most commonly known as W32/Casonline, this scam earns revenue through the rogue online gambling software’s affiliate network. More details: Sample screenshots of the landing URLs: Spamvertised URLs: hxxp://luckynuggetcasino.com – 67.211.111.163 hxxp://888casino.com – 213.52.252.59 hxxp://spinpalace.com – 109.202.114.65 hxxp://alljackpotscasino.com – […]

How not to install Adobe Flash Player

Richard Melick — Tue, 11 Jun 2013 15:00:09 +0000

By Dan Para It seems simple enough, I want to install Adobe Flash Player so I search for “flash player download and click on the first result, right? Ignoring the second link which doesn’t have a five star rating and 37 reviews, I’m brought to a page called downloadinfo.com. I click the download button, click […]

Fake ‘Unsuccessful Fax Transmission’ themed emails lead to malware

ddanchev — Tue, 11 Jun 2013 11:16:38 +0000

By Dancho Danchev Have you sent an eFax recently? Watch out for an ongoing malicious spam campaign that tries to convince you that there’s been an unsuccessful fax transmission. Once socially engineered users execute the malicious attachment found in the fake emails, their PCs automatically join the botnet of the cybercriminals behind the campaign. More […]

Scammers impersonate the UN Refugee Agency (UNHCR), seek your credit card details

ddanchev — Mon, 10 Jun 2013 07:00:39 +0000

By Dancho Danchev Opportunistic scammers have just launched a targeted spam campaign impersonating the UN Refugee Agency (UNHCR) in an attempt to trick users into handing over their complete credit card details as they supposedly make a donation to support Syria’s refugees. Needless to say, this scam is seeking full access to your credit card details through a fraudulent […]

Hacked Origin, Uplay, Hulu Plus, Netflix, Spotify, Skype, Twitter, Instagram, Tumblr, Freelancer accounts offered for sale

ddanchev — Fri, 07 Jun 2013 07:00:22 +0000

By Dancho Danchev Aiming to capitalize on the multi-billion gaming market, cybercriminals actively data mine their botnets for accounting credentials, not just for popular gaming platforms, but also the actual activation keys for some of the most popular games on the market. A newly launched e-shop aims to monetize stolen accounting credentials, not just for […]