We’re nearing the holiday season and some of you might be going for some early holiday shopping—checking your money to go for a shopping splurge. The holiday season also ushers in cybercrime activities that are typical this time of the year:
We have seen a surge of fake bank emails. We’ve also seen other forms of spammed threats, including KELIHOS, VAWTRACK, and even some forms of the 419 scam.
We have also witnessed the increase in BANKER malware. Variants of this malware ...
PoS malware has been in the news lately due to data breaches in various high-profile retailers. Card information stolen from these attacks have ended up on the well-known underground shop Rescator. We prefer to refer to the people behind this shop as the Lampeduza gang, as Rescator is not the only person running this business.
We have found that other cybercrime gangs are using the fame of the Lampeduza gang to lure other cybercriminals into accessing fake online credit card shops.
Since the discovery of Shellshock, Trend Micro has continuously monitored the threat landscape for any attacks that may leverage these vulnerabilities. So far, we have identified an active IRC bot, exploit attempts in Brazil and China, botnet attacks, and a wide variety of malware payloads such as ELF_BASHLITE.A, ELF_BASHLET.A, and PERL_SHELLBOT.WZ among others. It is reported that other vulnerable protocols like HTTP, SMTP, SSH, and FTP are also affected by Shellshock.
We found that one of the payloads of Bash vulnerabilities, which we ...
During the last week of August 2014, we observed a salad spam surge caused by KELIHOS spambot. Salad spam contains gibberish words in the email body, and is usually employed by cybercriminals so as to bypass spam filters. Here are some samples we spotted:
Figures 1-2: Screenshots of spammed messages
Majority of this outbreak’s victims are from the United States. Based on our data, the top sending countries for this spam run are Spain, Germany, Italy, Iran, and the United States.
Figure 3: Top sending countries ...
Our coverage on the Bash bug vulnerability (more popularly known as “Shellshock”) continues as we spot new developments on Shellshock-related threats and attacks.
Here is a list of our stories related to this threat:
Shellshock: A Technical Report - this technical brief describes the vulnerability in detail, as well as outlying which platforms are affected.
Shellshock-Related Attacks Continue, Targets SMTP Servers - vulnerable SMTP servers are being targeted by Shellshock exploit code to launch an IRC bot
Bash Bug Saga Continues: Shellshock Exploit via ...