• Targeted Attacks

  • Is The Raspberry Pi Secure?
  • What Connections Between Attacks Say About Them
  • Hiding in Plain Sight: A New Targeted Attack Campaign
  • Backdoor Built With Aheadlib Used In Targeted Attacks?
  • Malicious PDFs On The Rise
  Bookmark the Threat Intelligence Resources site to stay updated on valuable information you can use in your APT defense strategy

• Mobile

  • Get Free Followers! on Instagram? Get Free Malware, Survey Scams Instead
  • Mobile Ads Pushed by Android Apps Lead to Scam Sites
  • Finding Banking Trojans in Eastern Asia – Report From CeCOS VII
  • How Mobile Malware Uses The Web
  • (Lack of) Android Updates To Come Under FTC Scrutiny?
  For information on all mobile threats and other security risks, see Mobile Threat Information Hub on the Trend Micro Threat Encyclopedia.

Archive for the ‘Spam’ Category

Tweet

May20

Blackhole Spam Run Evades Detection Using Punycode 8:25 am (UTC-7)   |    by Emmanuel Nispersos (Anti-Spam Research Engineer)

The Blackhole Exploit Kit (BHEK) spam run has already assumed various disguises during its course. Some variants have taken various forms, such as official bank notice, cable provider email update, social networking email, and fake courier notification. Lately, we have seen a slew of spam crafted as a notice from the popular retail chain Walmart. However, this spam run offers something different. Figure 1. Notice supposedly from Walmart In this campaign, some of the URLs lead to Cyrillic domain names.  These domains were ...

Posted in Exploits, Malware, Spam |

Tweet

May10

Finding Banking Trojans in Eastern Asia – Report From CeCOS VII 11:57 am (UTC-7)   |    by Noriaki Hayashi (Senior Threat Researcher)

Last April 23 - 25, I attended the seventh Counter eCrime Operations Summit (CeCOS VII) initiated by the Anti-Phishing Working Group (APWG). This year, the conference was held in Buenos Aires, Argentina. Security experts from Japan, Paraguay, Brazil, North America, Russia, and India flew to the South American city to discuss about the developments in the cybercrime arena. Together with 8 other participants from Japan, I arrived in Buenos Aires after a 38-hour flight. However, the talks and the level ...

Posted in Malware, Mobile, Spam |

Tweet

May10

How Cybercriminals Are Getting Better At Stealing Your Money 8:56 am (UTC-7)   |    by Ryan Certeza (Technical Communications)

Recent incidents highlight how frequently - and creatively - cybercriminals try to steal data. From "homemade browsers" to million-user data breaches, to the daily theft carried out every day by infostealers and phishing attacks, every day. All this stolen information ends up for sale in the underground to the highest bidder. From there, it can be used in many uniformly illegal ways - from identity theft, to credit card fraud, to launching attacks on other users. They can also be used to ...

Posted in Bad Sites, Botnets, Exploits, Hacked Sites, Malware, Spam, Vulnerabilities | TrackBacks (2) »

Tweet

Apr30

Hackers To Manage Your Apple ID, If Caught From Phishing Bait 7:05 am (UTC-7)   |    by Paul Pajares (Fraud Analyst)

Phishers appear to have concentrated their fire on a relatively new target: Apple IDs. In recent days, we've seen a spike in phishing sites that try to steal Apple IDs. Upon looking at the URLS, we noted that there was a consistent pattern to the URLs of these phishing sites. They are under a folder named ~flight. Interestingly, trying to access the folder itself will load the following page: Technically, the sites were only compromised, but not hacked (as the original content ...

Posted in Spam |

Tweet

Apr19

Cybercriminals Quickly Take Advantage of Texas Fertilizer Plant Blast, MIT Shooting 12:34 pm (UTC-7)   |    by Ryan Certeza (Technical Communications)

No less than a day or so after we discovered the spam campaign taking advantage of the Boston Marathon bombing, we came upon yet another spam campaign, very similar to the previous one except this time it uses the Texas fertilizer plant explosion as a lure.  The fertilizer plant explosion occurred a mere few days after the tragedy in Boston, with 35 suspected dead and more than 160 people injured. What’s disturbing about the discovery of this particular campaign is that ...

Posted in Spam |