English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1
Latest posting
By rating
By popularity

Join our blog

You can contribute to our blog if you have +100 points. Comment on articles and blogposts, and other users will rate your comments. You receive points for positive ratings.

0.6
 

I have never bought a PlayStation and neither has my colleague Micha-san from Japan - well, in his case, at least not from Brazil. Nonetheless, we both received the same email notification:

0.5
 

Malicious macro-enabled Microsoft Office document
The last interesting item found on the same malicious cybercriminal server is a .docm file (a macro-enabled document according to Microsoft Office standards).
 

It is a malicious file that when opened shows its victims the following content:
 

0.4
 

    To complement the already mentioned findings, the same cybercriminal’s server contains additional interesting things but before mentioning them, I want to give a little bit more information about the email database used to spam victims to infect them with the Betabot malware.

E-mail database
How big is the list of email addresses to spam victims? It has 8,689,196 different addresses.  It is a very complete database. Even if only 10% of the machines of the people included in this list get infected, cybercriminals would gain more than 800,000 infected PCs!

The geographic distribution of the emails is already published here. If we just look at the number of the most interesting domains belonging to governments, educational institutions and such used to spam and to infect, they are still very high numbers:

Domain    number of emails
org            13772
edu            2015
gov            1575
gob            312

0.1
 

We just received a spam message in Portuguese stating the following:
 

In short, this message says that WhatsApp for PC is finally available and that the recipient already has 11 pending invitations from friends in his account. This is what the email looks like:
 

0.2
 

Introduction
Last week a good friend (@Dkavalanche) mentioned in his twitter account his findings of a Betabot malware which was spammed via fake emails in the name of Carabineros of Chile. It piqued my attention so I dug a little bit and this is what I found:
The original .biz domain used in the malicious campaign was bought by someone allegedly from Panama. It’s a purely malicious domain used exclusively for cybercriminal activity; however, the server itself is hosted in Russia! The same server has several folders and files inside, which we will discuss a little bit later. First, let’s speak about the initial malicious binary spoofed via email and then about other things. I will only focus on the most interesting details.

Denuncia_penal.exe
This is the name of the original binary. Translation to English is the “Criminal complaint”.
The file is compiled with fake information and it claims to be a legitimate tool build by NoVirusThanks, called NPE File Analyzer.

0.3
 

This will take place on April 8, 2014 and Microsoft has already announced this publicly.  This would not be a problem if all Windows users would have already migrated to more recent versions of Windows or do so by the mentioned date. However, according to our statistics based on the KSN technology during the last 30 days, 18% of Windows users worldwide still use the XP platform.
 

0.2
 

Introduction

Today we got a spam message with a fake e-card in Portuguese leading to an interesting piece of malware:


Header translation: You got a Christmas e-card. Somebody very special has sent this Christmas e-card for you. In case you are not able to visualize it, click here. Much better than any present is a happy family.

0.3
 

    Yesterday morning we received a sample from Cuba of a malware that looks for the following audio and video file extensions after infecting a victim’s machine: .mp3, .mp4, .mpg, .avi, .mkv, .vob, .dat, .rmvb, .flv, .wav

Spam Test|Stealing user's password with Free Online Forms

Dmitry Bestuzhev
Kaspersky Lab Expert
Posted November 06, 16:17  GMT
Tags: Social Engineering, Email
0.4
 

I just received a spam e-mail in Portuguese stating that my mailbox had exceeded its maximum storage.

Translation: Attention! Your email box has exceeded the 20Gb storage limit set by the Administrator. At this moment you are using 20,9Gb and can’t send or receive new messages unless you revalidate your email inbox.
Please click on or copy the link below to revalidate and to update it.
You have to access your email box via the link below to update and revalidate your email inbox.
Thank you,
Email Administrator.

0.3
 

This is one of those scenarios where the user looks for protection but only finds problems.  Sergio de los Santos, a friend of mine, has shared with me a link to a false App that pretends to be AdBlock Plus, the well-known and useful application that many users have in their web browsers. At the time of its download, the application was active in Google Play and all who downloaded it, instead of the App blocking non-desired ads on their web browser, received the exact opposite- more ads and more problems related to data privacy.