![]() We’re talking well above 10% infection rates for an entire campaign. With such high quality lures, the infection rates have been staggering, according to reports from affected companies, and some insight into back-end control panels for the malware that researchers have been able to gain access to on occasion. Instead, they are driven to a BEP infested site, where their computer is likely to be infected, with the victim usually being none the wiser. Unlike traditional phishing though, when someone clicks on the link embedded in the e-mail, they aren’t taken to a look-alike site and asked for credentials. Other campaigns have been tied to updating software like Adobe and Intuit’s products, unpaid traffic tickets from New York City, airline ticket purchases from many major airlines like American and US Air, and a host of other highly effective lures. Some of the most effective have been fake, but spot-on alerts purporting to be from American Express, AT&T and Verizon about billing issues, using the same template that real alerts from those companies use. These are the spam campaigns you’ve likely seen filling up your inbox of late-warnings from the IRS, NACHA, the BBB, or financial institutions about inappropriate behaviors or mysterious charges. Over the past six to twelve months, this technique has grown rapidly, and is now responsible for a huge portion of the phishing style spam seen today. ![]() Often times this will be one of the very latest in crimeware like Zeus, Bugat, or Cridex. This allows for the installation of any kind of malware the exploiter wants to put on them. Then, when people visit these sites using a vulnerable browser, and large portions of them are, their computers are immediately broken into. These exploit “kits” are installed onto websites, some compromised, others set up by criminals. His software doesn’t actually enable the theft of money, exfiltrate data, or keylog victims as you may suspect, but it is the premier product in the “browser exploit pack” (BEP) software category. Going by the online moniker of “ Paunch,” he is continuously updating his browser exploit software, called “Black Hole” and it is wreaking havoc daily amongst many of the world’s largest brands and government organizations. Tucked away in a small town outside Moscow, Russia one of the world’s most prolific and effective cybercriminals works away on the next version of malicious software that will enable the theft of millions of dollars from unsuspecting victims around the world.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |