With the amount of media coverage surrounding this year’s papal conclave and inauguration, it’s hardly a surprise that cybercriminals have taken advantage of this event to victimize users. We recently spotted spam that use newly-elected Pope Francis as the subject.
These email messages use the new pope and controversies surrounding the Catholic Church to pique the recipients’ curiosity. To convince users of the legitimacy of the emails, these cite CNN as the alleged source. A screenshot of an email can be ...
Cybercriminals tend to leverage what’s popular and new. Case in point, the much-anticipated Google Project Glass is being used as a social engineering lure to trick unsuspecting users into scams.
We found that one of the top results for the search term “free Google glasses” is an eye-catching YouTube link with the title [{FREE}] Google Project Glass [[FREE GOOGLE GLASSES]:
Figure 1. Search results for 'free Google glasses'
The video was copied from the original Google Glass YouTube advertisement. The YouTube video also contains ...
Over the course of the past few weeks, we've talked a lot Advanced Persistent Threats (APT), and how such threats require a different class of protection in order to be managed effectively.
There can be no doubt that APT attacks are a real threat. Such threats are unpredictable in nature, could lead to devastating consequences, and could affect just about any organization. The recent work from ISACA on the 2012 Advanced Persistent Threat (APT) Awareness Study shows 63% of security professionals ...
In the course of our threat research, we've encountered different types of social engineering lures that aim to trigger different emotions such as fear and happiness. These lures are often effective, as we've seen happen in several incidents in the past. However, they are also easily recognizable as they often use a common theme, be it a recent event or an ongoing season.
There are also other techniques that use different, more sober approach. These techniques do not aim to trigger ...
2013 has seen some significant changes in the way that attackers use the Blackhole exploit kit in spam attacks. To understand what these changes are, however, let us first go into what Blackhole did in late 2012.
Last year, the majority of URLs found in Blackhole-related phishing messages had the following format:
http://{compromised or abused site}/{eight-digit code}/index.html
For example, a spam run in November contained a link to the website at:
http://{domain #1}/Pz1Fa7u/index.html
Users were redirected by the above link to two URLs:
http://{domain #2}/9WFM1cgc/js.js
http://{domain #3}/0s3FmfEC/js.js
Both ...
