Evasion is always a goal of cybercriminals. They are not above misusing legitimate sites and services to hide malicious activities. One recent example would be BKDR_VERNOT.A, which tried to use Evernote to hide its activities. Another variant of this malware was recently spotted, but this variant uses a Japanese blogging platform as its command-and-control (C&C) server, in which it was able to log in successfully.
Network activity of BKDR_VERNOT.B
BKDR_VERNOT.B logs in and creates a draft where it uses the affected machine's ...
Bitcoin is still in the news, even if it's not exactly for the right reasons. From it's peak value of $263.798 per bitcoin on April 10, it has since fallen to just over $100. That actually represents a recovery from it's post-peak low value of just over $50. Clearly, the market for Bitcoins is... volatile.
For those not in the know, Bitcoin is a new digital currency which is generated, or "mined", by software solving computationally difficult problems. Cybercriminals have latched ...
Besides the fake Facebook Profile Viewer ruse, we found another Facebook scam that lures users into downloading a fake Adobe Flash Player plugin. We noticed countless feeds pointing to a Facebook page with more than 90 million "likes". For some, this huge number of Facebook likes may be enough for them to check the page out. It also means that the page is quite popular and may lead users into thinking that it is legitimate and harmless.
Figure 1. Spammed Facebook ...
Within a short time period of less than 24 hours, cybercriminals have already taken advantage of Monday's explosion at the Boston Marathon as a newsworthy item. My colleague Mary Ermitano-Aquino noted a spam outbreak of more than 9,000 Blackhole Exploit Kit (clarification below) spammed messages, all related to the said tragedy that killed at least three people and injured many more. Some of the spammed messages used the subjects "2 Explosions at Boston Marathon," "Aftermath to explosion at Boston Marathon," "Boston Explosion ...
Traditionally, Brazil is known for being the home of BANCOS, which steals the banking information of users and is generally limited to the Latin American region. Other banking Trojans like ZeuS, SpyEye, and CARBERP, which are common in other regions, are not traditionally used by Brazilian cybercriminals and not aimed at Brazilian users either.
However, that might be changing. In a local hacker forum, we saw a post where somebody was selling some rather well-known malware kits:
Zeus version 3
SpyEye version 1.3.48
Citadel ...
