English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1
Latest posting
By rating
By popularity

Join our blog

You can contribute to our blog if you have +100 points. Comment on articles and blogposts, and other users will rate your comments. You receive points for positive ratings.

0.4
 

    To complement the already mentioned findings, the same cybercriminal’s server contains additional interesting things but before mentioning them, I want to give a little bit more information about the email database used to spam victims to infect them with the Betabot malware.

E-mail database
How big is the list of email addresses to spam victims? It has 8,689,196 different addresses.  It is a very complete database. Even if only 10% of the machines of the people included in this list get infected, cybercriminals would gain more than 800,000 infected PCs!

The geographic distribution of the emails is already published here. If we just look at the number of the most interesting domains belonging to governments, educational institutions and such used to spam and to infect, they are still very high numbers:

Domain    number of emails
org            13772
edu            2015
gov            1575
gob            312

Spam Test|Stealing user's password with Free Online Forms

Dmitry Bestuzhev
Kaspersky Lab Expert
Posted November 06, 16:17  GMT
Tags: Social Engineering, Email
0.4
 

I just received a spam e-mail in Portuguese stating that my mailbox had exceeded its maximum storage.

Translation: Attention! Your email box has exceeded the 20Gb storage limit set by the Administrator. At this moment you are using 20,9Gb and can’t send or receive new messages unless you revalidate your email inbox.
Please click on or copy the link below to revalidate and to update it.
You have to access your email box via the link below to update and revalidate your email inbox.
Thank you,
Email Administrator.

Opinions|Securing your Email space

GReAT
Kaspersky Lab Expert
Posted August 09, 13:46  GMT
Tags: Website Hacks, Identity Theft, Email, Data leaks, Cyber espionage
0.4
 

Yesterday, Lavabit - a secure e-mail provider - announced that it's closing down their operations. The official text and the Website looks like this:
 

Lavabit was one of the very few secure e-mail service providers bringing security for its paid customers by encrypting all locally stored e-mail messages with an asymmetric key and AES-256. This means that in order to decrypt the messages, an attacker would need to compromise the server first and then to know your password. There was no way even for Lavabit to decrypt emails without a user’s password. A detailed description of how the Lavabit technology worked is available here: pastebin.com/rQ1Gvfy0

Few hours later, Silent Circle, another secure e-mail provider, announced shutting down its Silent Mail service too.
 
In general in order to make an e-mail server secure there are several criteria to match:

  1. Secure encrypted connections between the user and the e-mail server (it must be encrypted with a strong algorithm and to have a validation process to avoid the risk of a man-in-the-middle attack)
0.3
 

On March 4th we spotted a large number of unusual emails being blocked by our Linux Mail Security product. The emails all contained the same PDF attachment (MD5: 97b720519aefa00da58026f03d818251) but were being sent from many different source addresses.

The emails were written in German and most were sent from German IP addresses. Below is a map showing the distribution of addresses:

The computer names referenced in the mail headers were often of the form Andreas-PC or Kerstin-Laptop (the names have been changed to protect the innocent) suggesting that they had been sent from German home computers.

0.5
 

This is the topic that cybercriminals are speculating about and using as a hook to infect victims. The campaign stems from malicious emails that are sent in bulk to victims:

0.2
 

=== Not really, especially in Latin America. Every day we register lots of similar attacks, each abusing local DNS settings. Actually these attacks are a bit different because they modify the local HOST file but the principle is the same – redirecting the victim to a malicious host via malicious DNS records.

Latin American cybercriminals are used to recycling old techniques used elsewhere in the past and what is happening right now is a growth of attacks abusing local DNS settings. The latest social engineering-based malware attack in Mexico – which imitated the Mexican tax office – is a recent example of this.

0.2
 

    Carolina Dieckmann, a famous Brazilian actress, recently became the victim of cyber attacks that allowed cybercriminals to steal personal property - nude pictures of her- from her computer. Many pictures or maybe all of them got leaked to the Internet. This incident has served as a good incentive for the Brazilian government to have new cybercrime laws in the country (the current law to fight cybercrime in Brazil was approved back in the 40’s of XX century). As a result of this incident, a new cybercrime law that carries a punishment of up to 2 years in prison for such crimes has finally been proposed for consideration. This is a good and right move! A press article in Portuguese can be

Spam Test|Spam and YouTube: a long-term relationship

Darya Gudkova
Kaspersky Lab Expert
Posted September 22, 09:59  GMT
Tags: Spammer techniques, Email
0.1
 

We recently noticed a mass mailing among the general flow of spam that at first glance looked just like the usual “forum” junk mail that appears on forums and bulletin boards, and which are sent as email notifications to users of those forums.

Events|Pentagon for sale

Natalia Zablotskaya
Kaspersky Lab Expert
Posted February 17, 12:12  GMT
Tags: Spam Letters, Email
0.1
 

Here’s an unusual spam message that turned up today:

If it wasn’t for the official name at the top of the message, you could almost be forgiven for thinking it was just another real estate advert… “Fully furnished. Situated close to retail outlets. Excellent access to public transport and local schools. Contact US Department of Defense for more details…”

But on a more serious note, the aim of this mailing was most probably to check an address database. So, whatever you do, don’t reply to stuff like this. In any case, spammers often fake their return address so that all your emotional outpourings are unlikely to reach the right people. And if the spammers do use their real address, any response from you will confirm your account is active and you’ll end up getting much more unwanted mail.

Comment      Link

Research|Internal needs on the black market

Dmitry Bestuzhev
Kaspersky Lab Expert
Posted January 17, 00:03  GMT
Tags: Malware Statistics, Campaigns, Email, ZeuS
0.4
 

At the end of 2010 I noticed a big wave of recruitment spam for money mule work. Initially, the criminals used spam sent from hacked email accounts. I even got some messages like this from people I know personally:

Right after that, to speed-up the recruitment process, the messages came via Windows Live Messenger (aka MSN):

And of course, the criminals also used legitimate accounts that had been hacked to spread their messages. Finally, right before the end of the year I saw a big campaign on Facebook, especially targeting Spanish speaking communities. But yesterday I was completely surprised when I found an advertising banner on a legitimate IT site leading to the same page – money mule recruitment.

All these developments make think there is a huge demand on the black market for money mule workers. The criminals seem to have enough stolen information like credit card PINs, as well as details for online banking accounts and payment systems. Their problem now is how to launder the money they have made. Our statistics confirm there is a clear growth in Trojan-Spy malware able to steal any kind of personal information. This includes well known Trojans like Zbot (Zeus) or SpyEye.

It’s worth remembering that money mule activity is considered illegal. Basically, if nobody wanted to launder their money, cybercriminals would find it much harder to make money from stolen account details. Everyone can contribute in their own way to the global security, not just AV and other Security companies.
comments      Link