Webroot Antivirus
A peek inside a managed spam service
By Dancho Danchev Just how easy is it to become a spammer in 2012? Too easy to be true. Especially in times when everything needed to become a spammer, starting for a managed spam appliance, DIY email harvesters, and millions of harvested emails, are available for sale within the cybercrime ecosystem. Despite the numerous botnet [...]
Webroot Threat Blog
Poison Ivy trojan spreading across Skype
By Dancho Danchev Last night, a friend of mine surprisingly messaged me at 6:33 AM on Skype, with a message pointing to what appeared to be a photo site with the message “hahahahaha foto” and a link to hxxp://random_subdomain.photalbum.org What was particularly interesting is that he created a group, and was basically sending the same [...]
Webroot Threat Blog
Spamvertised ‘Pizzeria Order Details’ themed campaign serving client-side exploits and malware
By Dancho Danchev End and corporate users (and especially Pizza eaters), beware! Cybercriminals are currently spamvertising hundreds of thousands of emails, impersonating FLORENTINO`s Pizzeria, and enticing users into clicking on a client-side exploits and malware serving link in order to cancel a $ 169.90 order that they never really made. More details: Once the user clicks on the [...]
Webroot Threat Blog
Cybercriminals release ‘Sweet Orange’ – new web malware exploitation kit
By Dancho Danchev From DIY (do-it-yourself) exploit generating tools, to efficient platforms for exploitation of end and corporate users, today’s efficiency-oriented cybercriminals are constantly looking for ways to monetize hijacked web traffic. In order to do so, they periodically introduce new features in the exploit kits, initiate new partnerships with managed malware/script crypting services, and [...]
Webroot Threat Blog
A peek inside a boutique cybercrime-friendly E-shop
By Dancho Danchev The vibrant cybercrime ecosystem is populated by a diverse set of market players. From sellers, to buyers and vendors, sophisticated cybercriminals next to novice cybercriminals, everyone is persistently looking for ways to monetize their assets and increase their revenue. Over the past two years, the industry witnessed the maturing business models in [...]
Webroot Threat Blog
Managed SMS spamming services going mainstream
By Dancho Danchev Are you receiving SMS spam? According to the latest reports, millions of mobile users do. The trend is largely driven by what Webroot is observing as an increase in underground market propositions offering managed SMS spamming services to new market entrants not interested in building and maintaining the spamming infrastructure on their [...]
Webroot Threat Blog
“You Want To Pay For What!?”
by Nathan Collier Recently we found new apps in alternative Chinese markets that we are considering a Potentially Unwanted Application (PUA). We are calling these apps Android.PUA.SMS.QuickPay. Lets look at a sample of this app. The sample we will look at is an app called “Screen Detection” which is an app that helps find dead [...]
Webroot Threat Blog
London’s InfoSec 2012 Event – recap
By Dancho Danchev As many of you know, Webroot attended London’s annual security event — Europe largest 3 day security show — last week. The show was a blast! Countless number of new partnerships being formed, dozens of press briefings on a daily basis, daily presentations on “Current and Emerging Trend Within the Cybercrime Ecosystem”, and [...]
Webroot Threat Blog
Upcoming Webroot briefing at InfoSec, 2012, London – “Current and Emerging Trends Within the Cybercrime Ecosystem”
By Dancho Danchev Dear blog readers, are you going to this year’s InfoSec 2012, event in London? If so, don’t forget to stop by Webroot’s stand G90, where I’ll be briefing our visitors on “Current and Emerging Trends Within the Cybercrime Ecosystem” on the 24th of April to 26th of April. More details: Address of [...]
Webroot Threat Blog
New DIY email harvester released in the wild
By Dancho Danchev In order for cybercriminals to launch, spam, phishing and targeted attacks, they would first have to obtain access to a “touch point”, in this case, your valid email address, IM screen name, or social networking account. Throughout the years, they’ve been experimenting with multiple techniques to obtain usernames (YouTube user names, IM screen names, [...]
Webroot Threat Blog