November 17th, 2009

Thousands of web sites compromised, redirect to scareware

Posted by Dancho Danchev @ 12:12 pm

Categories: Anti Virus, Botnets, Browsers, Hackers, Malware, Passwords, Web 2.0

Tags: Search Engine Optimization, Web Application, Web Site, Attack Vector, Google Search, Search, Security, Dancho Danchev

Updated: Thursday, November 19 - According to eSoft who contacted me, they’ve been monitoring the campaign since September, with another 720,000 affected sites back then.

There are now over a million affected sites serving scareware, with only a small percentage of them currently marked as harmful. Google has been notified. As always, NoScript and your decent situational awareness are your best friends.

Security researchers have detected a massive blackhat SEO (search engine optimization) campaign consisting of over 200,000 compromised web sites, all redirecting to fake security software (Inst_58s6.exe), commonly referred to as scareware.

More details on the campaign:

Read the rest of this entry »

October 14th, 2009

New Koobface campaign spoofs Adobe's Flash updater

Posted by Dancho Danchev @ 7:11 am

Categories: Adobe, Anti Virus, Botnets, Browsers, Facebook, Flash, Hackers, Malware, Passwords, Social Networking Applications, Web 2.0

Tags: Adobe Systems Inc., CAPTCHA, Facebook, Malware, Social Engineering, Koobface, Spyware, Adware & Malware, Cyberthreats, Security, Dancho Danchev

Earlier this week, the botnet masters behind the most efficient social engineering driven botnet, Koobface, launched a new campaign currently spreading across Facebook with a new template spoofing Adobe’s Flash updater embedded within a fake Youtube page.

The malware campaign is relying on compromised legitimate web sites, now representing 77% of malicious sites in general, and on hundreds of automatically registered Blogspot accounts with the CAPTCHA recognition process done on behalf of the users already infected by Koobface, compared to the gang’s previous reliance on commercial CAPTCHA recognition services.

Here some of the most popular messages posted on Facebook for the time being:

Read the rest of this entry »

October 8th, 2009

Click fraud facilitating Bahama botnet steals ad revenue from Google

Posted by Dancho Danchev @ 9:56 am

Categories: Anti Virus, Botnets, Browsers, Complex Attacks, Google, Hackers, Malware, Research, Web 2.0

Tags: Google Inc., Advertisement, Click Fraud, Domain, Computer, Security, Cybercrime, Dancho Danchev

Originally exposed as a botnet redirecting and monetizing hijacked traffic to over 200,000 parked domains primarily located in the Bahamas, researchers from ClickForensics have recently found evidence on active DNS hijacking of Google properties allowing cybercriminals to steal revenue from Google by pulling search results and displaying them on a bogus homepage (Cybercriminals promoting malware-friendly search engines) which serves ads from pay-per-click ad networks (Microsoft’s Bing invaded by pharmaceutical scammers) maintained by similar cybercrime enterprises.

Here’s how Bahama’s click fraud scheme steals ad revenue from Google and its advertisers according to ClickForensics:

Read the rest of this entry »

September 23rd, 2009

Scareware scammers hijack Twitter trending topics

Posted by Dancho Danchev @ 6:48 am

Categories: Anti Virus, Browsers, Hackers, Malware, Passwords, Social Networking Applications, Ukraine, Web 2.0

Tags: Twitter Inc., Spamming, Spam, Cyberthreats, Viruses And Worms, Security, Spam And Phishing, Dancho Danchev

Researchers from F-Secure and Sophos are reporting on an ongoing scareware serving campaign abusing the popular micro-blogging service Twitter.

Hundreds of tweets using four different URL shortening services are currently spammed through the automatically registered Twitter accounts, relying on a pseudo-random text generation using Twitter’s trending topics.

Read the rest of this entry »

September 16th, 2009

Google + reCAPTCHA could raise bar in anti-bot, anti-spam battle

Posted by Ryan Naraine @ 12:54 pm

Categories: Anti Virus, Botnets, Browsers, Data theft, Denial of Service (DoS), Google, Hackers, Malware, Patch Watch, Phishing, Research, Vulnerability research, Web 2.0

Tags: CAPTCHA, Google Inc., Anti-spam, Bot, Ryan Naraine

Locked in a cat-and-mouse game with spammers who use bots to defeat anti-fraud mechanisms and create fake accounts, Google today announced a deal to acquire reCAPTCHA, a company that provides those squiggly words at login screens (see image at right).

The ReCAPTCHA deal isn’t exactly a security transaction.  Strategically, it gives Google an excellent crowd-sourcing tool to beef up its already impressive machine-vision algorithms (think book-scanning and maps) but, in the long run, the ability to use CAPTCHAs that are near-impossible for bots to decipher allows Google to raise the bar significantly in the fight against bots and spam.

Read the rest of this entry »

September 13th, 2009

The ultimate guide to scareware protection

Posted by Dancho Danchev @ 5:49 pm

Categories: Anti Virus, Botnets, Browsers, Complex Attacks, Data theft, Hackers, Malware, Passwords, Social Networking Applications, Spyware and Adware, Viruses and Worms, Web 2.0

Tags: Search Engine Optimization, Antivirus, Malware, Security Software, Search, Spyware, Adware & Malware, Cyberthreats, Viruses And Worms, Security, Dancho Danchev

Throughout the last two years, scareware (fake security software), quickly emerged as the single most profitable monetization strategy for cybercriminals to take advantage of. Due to the aggressive advertising practices applied by the cybercrime gangs, thousands of users fall victim to the scam on a daily basis, with the gangs themselves earning hundreds of thousands of dollars in the process.

Not surprisingly, Q3 of 2009 was prone to mark the peak of the scareware business model, whose affiliate program revenue sharing scheme is not only attracting new cybercriminals due to its high pay-out rates, but also, is directly driving innovation within the cybercrime underground acting as a reliable financial incentive.

This end user-friendly guide aims to educate the Internet user on what scareware is, the risks posed by installing it, how it looks like, its delivery channels, and most importantly, how to recognize, avoid and report it to the security community taking into consideration the fact that 99% of the current releases rely on social engineering tactics.

Read the rest of this entry »

September 11th, 2009

9/11 related keywords hijacked to serve scareware

Posted by Dancho Danchev @ 12:30 pm

Categories: Anti Virus, Botnets, Browsers, Hackers, Malware, Passwords, Ukraine, Web 2.0

Tags: Malware, 9/11 Commission, Keyword, Spyware, Adware & Malware, Cyberthreats, Viruses And Worms, Security, Dancho Danchev

Anticipating the logical peak of 9/11 related keywords on the 8th anniversary of the attacks, cybercriminals have hijacked the trending topic by occupying thousands of related keywords for the purpose of serving fake security software.

None of the sites are currently marked as harmful by the SafeBrowsing initiative, due to the evasive tactics applied in the campaign, with the majority of them already appearing within the first twenty results.

Is this a deliberate 9/11 themed blackhat SEO campaign, or is it “blackhat SEO for scareware serving purposes as usual” type of campaign?

Read the rest of this entry »

September 10th, 2009

Cutwail botnet spamming 'IRS unreported income' themed malware

Posted by Dancho Danchev @ 11:43 am

Categories: Anti Virus, Botnets, Browsers, Hackers, Malware, Passwords, Spyware and Adware, Web 2.0

Tags: Malware, Internal Revenue Service, Spam, E-mail, Spyware, Adware & Malware, Security, Spam And Phishing, Dancho Danchev

Researchers from MX Logic — now part of McAfee — have intercepted a new malware campaign spammed by the Pushdo/Cutwail botnet, that’s using an ‘IRS unreported income‘ notices in an attempt to trick the recipients into downloading a tax-statement.exe executable.

The Pushdo/Cutwail botnet remains among the most aggressively spamming cybercrime platforms, with the latest campaign traffic averaging about 90,000 emails per hour according to the company.

Read the rest of this entry »

August 27th, 2009

The most dangerous celebrities to search for in 2009

Posted by Dancho Danchev @ 1:27 pm

Categories: Anti Virus, Botnets, Browsers, Hackers, Malware, Passwords, Russia, Ukraine, Uncategorized, Web 2.0

Tags: Web, Digg, Malware, Spyware, Adware & Malware, Cyberthreats, Viruses And Worms, Security, Dancho Danchev

Searching for which celebrity has the highest probability of tricking you into visiting a malware-friendly web site?

Last year it was Brad Pitt, but according to this year’s McAfee report “Riskiest Celebrities to Search on the Web“, it’s Jessica Biel related searches that have “one in five chance of landing at a Web site that’s tested positive for online threats, such as spyware, adware, spam, phishing, viruses and other malware“.

Read the rest of this entry »

August 11th, 2009

Microsoft: Exploits likely for 'critical' Windows vulnerabilities

Posted by Ryan Naraine @ 1:01 pm

Categories: Arbitrary Code Execution, Botnets, Browsers, Complex Attacks, Data theft, Exploit code, Locally Running Web Servers, Microsoft, Passwords, Patch Watch, Research, Responsible disclosure, Spyware and Adware, Vulnerability research, Web 2.0, Web Applications, Windows Vista

Tags: Windows Vulnerability, Vulnerability, Exploit Code, Microsoft Corp., Microsoft Windows, Security, Operating Systems, Software, Ryan Naraine

Microsoft today dropped a mega patch bundle with fixes for several “critical” vulnerabilities affecting the Windows platform and warned that “consistent, reliable exploit code” was likely to be released within 30 days.

The Redmond, Wash. software maker released nine bulletins — five rated critical — to provide cover for a total of 19 documented security vulnerabilities.   Of the nine updates, eight affect Windows and one affects Office Web Components (OWC).

Read the rest of this entry »