X

Image Gallery: June's cyber threat landscape

June's cyber threat landscape gallery, features images from the malware, spam, phishing and crimeware campaigns that took place during the month. See also: Image Gallery: April's cyber threat landscape
By Dancho Danchev, Contributor
441678.jpg
1 of 38 Dancho Danchev/ZDNET
Cybercriminals often generate fake news items regarding celebrities, in an attempt to generate traffic to their malware or exploits serving sites. This campaign, impersonating CBS News, was using the "Eminem died in a car crash" theme in order to trick end users into downloading and executing a copy of the ZeuS crimeware. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: Fake News of Eminem’s Death Leads to Malware
441679.jpg
2 of 38 Dancho Danchev/ZDNET
FIFA World Cup themed spam and scams showed a tremendous growth in June, 2010, with the scammers behind them constantly diversifying the topics of the scam in an attempt to lure gullible users into sending them advance fees in order to obtain non-existent awards. With the arsenal of tools and tactics available to the cybercriminals, expanding, their malicious efforts expanded on multiple fronts such as - blackhat search engine optimization serving scareware campaigns, and client-side exploits serving attacks. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Related: Protection tips for the upcoming FIFA World Cup themed cybercrime campaigns
441680.jpg
3 of 38 Dancho Danchev/ZDNET
In June, a French group of security researchers, has obtained the emails of 114,000 iPad users who signed up for AT&T’s 3G wireless service, including their associated ICC-IDs, relying on a flaw in the company’s site which allowed them to automate the process. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: The security and privacy ramifications of AT&T's iLeak
441681.png
4 of 38 Dancho Danchev/ZDNET
This campaign was part of a systematic rotation of different topics, with the idea to trick end users into clicking on the attached HTML files. Upon clicking on the malicious HTML file, an obfuscated JavaScript script loads a tiny iFrame refreshing the actual malicious link. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: Malware Watch: Adobe zero day attack, malicious FIFA-themed spam, exploit serving Virus Alerts
441682.jpg
5 of 38 Dancho Danchev/ZDNET
One of the most commonly seen spam campaigns in June, is the OEM software bargain deals themed ones. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Is It Legal To Buy OEM Software?
441684.jpg
7 of 38 Dancho Danchev/ZDNET
Cybercriminals regularly showcase their underground propositions at various forums, by including such screenshots next to them, in an attempt to add more legitimacy. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: Inside the Carding Underworld
441685.jpg
8 of 38 Dancho Danchev/ZDNET
This screenshot courtesy of McAfee while they were profiling a particular cybercrime-friendly community, shows stolen financial and personal data. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: Inside the Carding Underworld
441686.png
9 of 38 Dancho Danchev/ZDNET
In June, cybercriminals once again attempted to spread scareware and exploits through Twitter. By systematically registering bogus accounts and using them to spam users, the campaign had to potential to cause damage if it wasn't for the quick community reaction. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: Dissecting the Exploits/Scareware Serving Twitter Spam Campaign
441687.png
10 of 38 Dancho Danchev/ZDNET
is.gd's response to the Twitter malware/exploits serving campaign, prevented users from interacting with the malicious links. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: Dissecting the Exploits/Scareware Serving Twitter Spam Campaign
441688.png
11 of 38 Dancho Danchev/ZDNET
Black hat search engine optimization remains one of the most traffic acquisition tactics applied by cybercriminals, followed by the hijacked traffic obtained from compromising legitimate sites. This blackhat SEO campaign, exclusively relying on U.S Federal Form keywords, has been ongoing since August, 2009, and continues serving scareware as a key component of its monetization strategy. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: Dissecting the Ongoing U.S Federal Forms Themed Blackhat SEO Campaign - Part Two
441689.png
12 of 38 Dancho Danchev/ZDNET
One of the most popular and widely seen scareware/rogueware window is still surprisingly not recognized as a fake one, by a huge number of end users. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: Dissecting the Ongoing U.S Federal Forms Themed Blackhat SEO Campaign - Part Two
441690.png
13 of 38 Dancho Danchev/ZDNET
In June, the Electronic Frontier Foundation, in a cooperation with the Tor Project, has released a beta version of the “HTTPS Everywhere” Firefox extension. Although the extension is a step in the right direction, the EFF emphasizes on the fact that insecure third-party content like the one seen in the screenshot, could pose a number of risk. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: The EFF releases new HTTPS Everywhere Firefox extension
441693.jpg
14 of 38 Dancho Danchev/ZDNET
A spamvertised through Facebook personal messages, Photo Album themed campaign, with the domain IP responding to ZeuS C&Cs, combined with an indirect connection between this campaign and the "100,000+ Scareware Serving Fake YouTube Pages Campaign", followed by a domain portfolio used in a currently active mass SQL injection attack serving CVE-2007-5659 exploits, parked within the same AS as the Facebook's campaign itself. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: Facebook Photo Album Themed Malware Campaign, Mass SQL Injection Attacks Courtesy of AS42560
441694.png
15 of 38 Dancho Danchev/ZDNET

With Facebook increasingly getting abused by clickjacking campaigns, it's worth taking a peek into the traffic these campaigns generate. This image shows the disturbingly high click-through rate for a sampled campaign, clearly demonstrating that the potential for abuse is there. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

441695.png
16 of 38 Dancho Danchev/ZDNET
Pat of 100,000+ scareware serving pages campaign seen in June, the phony MyBookFace service was used as a second traffic optimization strategy by the cybercriminals, serving scareware in between redirectors visitors to the site. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: Dissecting the 100,000+ Scareware Serving Fake YouTube Pages Campaign
441696.png
17 of 38 Dancho Danchev/ZDNET
In June, researchers from eSoft reported on discovering 135,000 Fake YouTube pages serving scareware, in between using multiple monetization/traffic optimization tactics for the hijacked traffic. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: Dissecting the 100,000+ Scareware Serving Fake YouTube Pages Campaign
441697.png
18 of 38 Dancho Danchev/ZDNET

Yet another variation of the fake "Your Computer is Infected" scareware window, seen in blackhat search engine optimization (blackhat SEO) campaigns. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

441698.png
19 of 38 Dancho Danchev/ZDNET
441699.png
20 of 38 Dancho Danchev/ZDNET
What happens when users fall victim into this clickjacking campaign which took place in June? According to Sophos: "Clicking anywhere on the page will - if you are logged into Facebook - update your Facebook page without your permission to say that you also "Like" the page. You are probably oblivious to this, of course, as by now your web browser has been redirect to pictures of attractive female celebrities on the website of men's magazine Maxim." For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: Facebook users clickjacked by the 101 Hottest Women in the World
441700.jpg
21 of 38 Dancho Danchev/ZDNET
This spamvertised campaign was relying on thousands of automatically generated short URLs, or subdomains at free site hosting services, in an attempt to trick the user into downloading and executing the tax-statement.exe ZeuS crimeware binary. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: Malware Watch: Twitter password reset emails, IRS-themed crimeware, malicious PDFs, and fake YouTube pages
441701.jpg
22 of 38 Dancho Danchev/ZDNET

In June, researchers from Intego discovered the OSX/OpinionSpy spyware in 29 free Mac OS X screensavers. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

441702.png
23 of 38 Dancho Danchev/ZDNET
441703.jpg
24 of 38 Dancho Danchev/ZDNET
DIY (commercial) mobile spyware, allowing affiliate partners to generate custom samples for their clients. The price tag? A hefty price tag of £3000, and no refunds offered. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: Vendor of Mobile Spying Apps Drives Biz Model Through DIY Generators
441704.png
25 of 38 Dancho Danchev/ZDNET

Fraudulent online gambling propositions, continue getting spammed, with the spammers earning revenue using an affiliate program. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

441705.png
26 of 38 Dancho Danchev/ZDNET
In June, F-Secure reported on another spamvertised campaign, relying on malicious PDFs using the /Launch feature, and “Please, review my CV, Thank You!” theme. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: Exploit.PDF-Dropper.Gen
441707.png
28 of 38 Dancho Danchev/ZDNET
Researchers from F-Secure spotted digitally signed malware samples, using Microsoft's Authenticode. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: It's signed, therefore it's clean, right?
441708.jpg
29 of 38 Dancho Danchev/ZDNET
This malwae campaign was not just directly impersonating Skype, but was also part of series of spam emails serving client-side exploits, launched by the same malicious attackers. Related themes the bad guys were using at the time are: “Reset your Facebook password“; “Virus Notifications” “Twitter Password Resets“, and “FIFA World Cup Scandals/Bad news“, all of which contain malicious .html attachments. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: Malware Watch: Skype exploit, Skype-themed malicious spam campaigns detected
441709.png
30 of 38 Dancho Danchev/ZDNET

Professionally designed scam sites like this one, continue tricking tens of thousands of uses into purchasing Rolexes for $500, even less. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

441710.png
31 of 38 Dancho Danchev/ZDNET
441711.png
32 of 38 Dancho Danchev/ZDNET
Shady online/pirated movies marketplace, which is often used as a second monetization vector used in numerous malware campaigns. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: Dissecting the Exploits/Scareware Serving Twitter Spam Campaign
441712.png
33 of 38 Dancho Danchev/ZDNET
This Twitter password-reset themed campaign was attempting to trick uses into downloading and executing Twitter_security_model_setup.zip which in reality was scareware. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: Malware Watch: Twitter password reset emails, IRS-themed crimeware, malicious PDFs, and fake YouTube pages
441713.png
34 of 38 Dancho Danchev/ZDNET
Legitimately looking, often using publicly obtainable schedules, targeted malware attacks serving client-side exploits, continue propagating.For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: Targeted Attacks with Excel Files
441714.png
35 of 38 Dancho Danchev/ZDNET
In June 22, WebSense detected more than 100,000 of these messages. Upon clicking on the link, the use is tricked into downloading a binary, in between loading a web site which automatically exploits vulnerable client-side applications.For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: Malicious Notification Spam: Account Verification
36 of 38 Dancho Danchev/ZDNET
Targeted malware attacks using FIFA World Cup themed content, significantly infected during June. The cybercriminals' malicious extension of choice? According to Symantec, it was malicious PDF files - .pdf 41%.exe 18%.doc 14%.xls 7%.scr 4%.ppt 1%. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: FIFA World Cup Used to Lure Victims in Targeted Attack
442266.png
37 of 38 Dancho Danchev/ZDNET
The Canadian Pharmacy scam was observed in a huge percentage of the spam, and exploit serving campaigns during June. Constantly multitasking, cybercriminals have included exploits and redirectors to pharmaceutical scam sites like this one, in a single campaign. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Related: Inside an affiliate spam program for pharmaceuticals
442267.png
38 of 38 Dancho Danchev/ZDNET

Related Galleries

Holiday wallpaper for your phone: Christmas, Hanukkah, New Year's, and winter scenes
Holiday lights in Central Park background

Related Galleries

Holiday wallpaper for your phone: Christmas, Hanukkah, New Year's, and winter scenes

21 Photos
Winter backgrounds for your next virtual meeting
Wooden lodge in pine forest with heavy snow reflection on Lake O'hara at Yoho national park

Related Galleries

Winter backgrounds for your next virtual meeting

21 Photos
Holiday backgrounds for Zoom: Christmas cheer, New Year's Eve, Hanukkah and winter scenes
3D Rendering Christmas interior

Related Galleries

Holiday backgrounds for Zoom: Christmas cheer, New Year's Eve, Hanukkah and winter scenes

21 Photos
Hyundai Ioniq 5 and Kia EV6: Electric vehicle extravaganza
img-8825

Related Galleries

Hyundai Ioniq 5 and Kia EV6: Electric vehicle extravaganza

26 Photos
A weekend with Google's Chrome OS Flex
img-9792-2

Related Galleries

A weekend with Google's Chrome OS Flex

22 Photos
Cybersecurity flaws, customer experiences, smartphone losses, and more: ZDNet's research roundup
shutterstock-1024665187.jpg

Related Galleries

Cybersecurity flaws, customer experiences, smartphone losses, and more: ZDNet's research roundup

8 Photos
Inside a fake $20 '16TB external M.2 SSD'
Full of promises!

Related Galleries

Inside a fake $20 '16TB external M.2 SSD'

8 Photos