The Blackhole Exploit Kit is one of the most notorious exploit kits currently in circulation among the cybercriminal underground today. Thus, we continuously monitor for incidents and attacks involving the exploit kit itself. Last week we reported about the spam campaign leveraging the birth of Prince William’s and Kate Middleton’s son. Our analysis of the…
Read MoreThe Andromeda botnet is still active in the wild and not yet dead. In fact, it’s about to undergo a major update real soon. This botnet was first reported back in 2011 but has recently risen to prominence due to the latest modifications in the threat. Initially, this project to update Andromeda was about to…
Read MoreAs July winds down, infection counts for PE_EXPIRO have been trending downwards recently. This file infector can infect Windows files on both 32-bit (detected as PE_EXPIRO.JX) and 64-bit (detected as PE64_EXPIRO.JX) systems. At its peak, we saw thousands of infection counts but then dropped eventually (as seen in our Smart Protection Network feedback). Because of…
Read MoreWe spotted yet another threat lurking around social media sites targeting users of either Google Chrome or Mozilla Firefox. This threat uses fake extensions for both browsers to infiltrate user systems and hijack social media accounts – specifically, Facebook, Google+, and Twitter accounts. To install these fake extensions, users would see various lures on social…
Read MoreSpoofing – whether in the form of DNS, legitimate email notification, IP, address bar – is a common part of Web threats. We’ve seen its several incarnations in the past, but we recently found a technique known as header spoofing, which puts a different spin on evading detection. Header spoofing is when a URL appears…
Read More