Cybercrime-friendly underground traffic exchanges help facilitate fraudulent and malicious activity – part two


By Dancho Danchev

The list of monetization tactics a cybercriminal can take advantage of, once they manage to hijack a huge portion of Web traffic, is virtually limitless and is entirely based on his experience within the cybercrime ecosystem.

Through the utilization of blackhat SEO (search engine optimization), RFI (Remote File Inclusion), DNS cache poisoning, or direct impersonation of popular brands in spam/phishing campaigns tactics, on a daily basis, traffic is sold and resold for achieving a customer’s or a seller’s fraudulent/malicious objectives, and is then most commonly converted to malware-infected hosts.

In this post, I’ll profile two cybercrime-friendly iFrame traffic exchanges, with the second ‘vertically integrating’ by also offering spamming services, as well as services violating YouTube’s ToS (Terms of Service) such as likes, comments, views, favorites and subscribers on demand, with an emphasis on the most common ways through which a potential cybercriminal can abuse any such traffic exchange network.

More details:

Continue reading

Cybercriminals offer spam-ready SMTP servers for rent/direct managed purchase


By Dancho Danchev

We continue to observe an increase in underground market propositions for spam-ready bulletproof SMTP servers, with the cybercriminals behind them trying to differentiate their unique value proposition (UVP) in an attempt to attract more customers.

Let’s profile the underground market propositions of what appears to be a novice cybercriminal offering such spam-ready SMTP servers and discuss their potential, as well as the re-emergence of bulletproof SMTP servers as a propagation method of choice.

More details:

Continue reading

DIY automatic cybercrime-friendly ‘redirectors generating’ service spotted in the wild


By Dancho Danchev

Redirectors are a popular tactic used by cybercriminal on their way to trick Web filtering solutions. And just as we’ve seen in virtually ever segment of the underground marketplace, demand always meets supply.

A newly launched, DIY ‘redirectors’ generating service, aims to make it easier for cybercriminals to hide the true intentions of their campaign through the use of ‘bulletproof redirector domains’. Let’s take a peek inside the cybercriminal’s interface, list all the currently active redirectors, as well as the actual pseudo-randomly generated redirection URLs.

More details:

Continue reading

DIY Craigslist email collecting tools empower spammers with access to fresh/valid email addresses


By Dancho Danchev

In need of a good reason to start using Craigslist ‘real email anonymization’ option? We’re about to give you a pretty good one. For years, the popular classified Web site has been under fire from spammers using DIY email collecting tools, allowing them to easily obtain fresh and valid emails to later be abused in fraudulent/malicious campaigns.

Let’s take a peek at some of the DIY Craigslist themed spamming tools currently in (commercial) circulation.

More details:

Continue reading

From Vietnam with tens of millions of harvested emails, spam-ready SMTP servers and DIY spamming tools


By Dancho Danchev

How would a cybercriminal differentiate his unique value proposition (UVP) in order to attract new customers wanting to purchase commoditized underground market items like, for instance, harvested and segmented email databases? He’d impress them with comprehensiveness and ‘vertically integrated’ products and services. At least that’s what the cybercriminals behind the cybercrime-friendly market proposition I’m about to profile in this post are doing.

Tens of millions of harvested and segmented email databases, spam-ready bulletproof SMTP servers and DIY spamming tools, this one-stop-shop for novice spammers is also a great example of an OPSEC-unaware vendor who’s not only accepting Western Union/Money Gray payments, but also, has actually included his SWIFT wire transfer bank account details.

More details:

Continue reading

Email hacking for hire going mainstream – part three


By Dancho Danchev

Just as we anticipated on two occasions in 2012, managed email hacking for hire services continue popping-up at publicly accessible cybercrime-friendly communities, a trend that’s largely driven by the demand for such services by unethical competition, “friends”, or current/ex-spouses.

Often pitched as “forgotten password recovery” services, they rely on social engineering, brute-forcing, and spear phishing campaigns, often leading to a successful compromise of a targeted account. Based on the number of positive vouches, the services continue receiving a steady stream off satisfied and verified customers.

In this post, I’ll profile one of the most recently advertised email hacking for hire services, specializing in hacking GMail and Yahoo! accounts, as well as email accounts using popular free Russian email service providers. How much does it cost to hack a Gmail or Yahoo! account? What about corporate email?

Let’s find out.

Continue reading

Webroot’s Threat Blog Most Popular Posts for 2012


By Dancho Danchev

It’s that time of the year! The moment when we look back, and reflect on Webroot’s Threat Blog most popular content for 2012.

Which are this year’s most popular posts? What distinguished them from the rest of the analyses published on a daily basis, throughout the entire year?

Let’s find out.

Continue reading