DIY automatic cybercrime-friendly ‘redirectors generating’ service spotted in the wild


By Dancho Danchev

Redirectors are a popular tactic used by cybercriminal on their way to trick Web filtering solutions. And just as we’ve seen in virtually ever segment of the underground marketplace, demand always meets supply.

A newly launched, DIY ‘redirectors’ generating service, aims to make it easier for cybercriminals to hide the true intentions of their campaign through the use of ‘bulletproof redirector domains’. Let’s take a peek inside the cybercriminal’s interface, list all the currently active redirectors, as well as the actual pseudo-randomly generated redirection URLs.

More details:

Continue reading

From Vietnam with tens of millions of harvested emails, spam-ready SMTP servers and DIY spamming tools


By Dancho Danchev

How would a cybercriminal differentiate his unique value proposition (UVP) in order to attract new customers wanting to purchase commoditized underground market items like, for instance, harvested and segmented email databases? He’d impress them with comprehensiveness and ‘vertically integrated’ products and services. At least that’s what the cybercriminals behind the cybercrime-friendly market proposition I’m about to profile in this post are doing.

Tens of millions of harvested and segmented email databases, spam-ready bulletproof SMTP servers and DIY spamming tools, this one-stop-shop for novice spammers is also a great example of an OPSEC-unaware vendor who’s not only accepting Western Union/Money Gray payments, but also, has actually included his SWIFT wire transfer bank account details.

More details:

Continue reading

DIY commercially-available ‘automatic Web site hacking as a service’ spotted in the wild


By Dancho Danchev

A newly launched underground market service, aims to automate the unethical penetration testing process, by empowering virtually all of its (paying) customers with what they claim is ‘private exploitation techniques’ capable of compromising any Web site.

More details:

Continue reading

New commercially available Web-based WordPress/Joomla brute-forcing tool spotted in the wild


By Dancho Danchev

Thanks to the fact that users not only continue to use weak passwords, but also, re-use them across multiple Web properties, brute-forcing continues to be an effective tactic in the arsenal of every cybercriminal. With more malicious underground market releases continuing to utilize this technique in an attempt to empower potential cybercriminals with the necessary tools to achieve their objectives, several questions worth discussing emerge in the broader context of trends and fads within the cybercrime ecosystem.

What’s the current state of the brute-forcing attack concept? Is it still a relevant attack technique, or have cybercriminals already found more efficient, evasive and effective tactics to compromise as many Web sites/servers as possible? Let’s discuss the relevance of the attack concept in 2013, by profiling a recently released WordPress/Joomla brute-forcing and account verification tool.

More details:

Continue reading

SIP-based API-supporting fake caller ID/SMS number supporting DIY Russian service spotted in the wild


By Dancho Danchev

One of the most common myths regarding the emerging TDoS (Telephony Denial of Service) market segment, portrays a RBN (Russian Business Network) type of bulletproof infrastructure used to launch these attacks. The infrastructure’s speculated resilience is supposed to be acting as a foundation for the increase of TDoS services and products. Fact or fiction? Keep reading.

In this post, we’ll profile a SIP-based, API-supporting fake caller ID/SMS number supporting DIY service, and discuss its relevance in the overall increase in TDoS underground market propositions.

More details:

Continue reading

New subscription-based SHA256/Scrypt supporting stealth DIY Bitcoin mining tool spotted in the wild


By Dancho Danchev

A recently released subscription-based SHA256/Scrypt supporting stealth DIY Bitcoin mining tool is poised to empower cybercriminals with advanced Bitcoin mining capabilities to be used on the malware-infected hosts that they have direct access to, or have purchased through a boutique cybercrime-friendly E-shop selling access to hacked PCs.

Let’s take a peek at the DIY Bitcoin mining tool, and discuss some of its core features.

Continue reading

A peek inside a CVE-2013-0422 exploiting DIY malicious Java applet generating tool


By Dancho Danchev

On a regular basis we profile various DIY (do it yourself) releases offered for sale on the underground marketplace with the idea to highlight the re-emergence of this concept which allows virtually anyone obtaining the leaked tools, or purchasing them, to launch targeted malware attacks.

Can DIY exploit generating tools be considered as a threat to the market domination of Web malware exploitation kits? What’s the driving force behind their popularity? Let’s find out by profiling a tool that’s successfully generating an exploit (CVE-2013-0422) embedded Web page, relying on malicious Java applets.

More details:

Continue reading