Image Gallery: June's cyber threat landscape

June's cyber threat landscape gallery, features images from the malware, spam, phishing and crimeware campaigns that took place during the month. See also: Image Gallery: April's cyber threat landscape

By Dancho Danchev, Contributor on July 6, 2010

1 of 38 Dancho Danchev/ZDNET

Cybercriminals often generate fake news items regarding celebrities, in an attempt to generate traffic to their malware or exploits serving sites. This campaign, impersonating CBS News, was using the "Eminem died in a car crash" theme in order to trick end users into downloading and executing a copy of the ZeuS crimeware. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: Fake News of Eminem’s Death Leads to Malware

2 of 38 Dancho Danchev/ZDNET

FIFA World Cup themed spam and scams showed a tremendous growth in June, 2010, with the scammers behind them constantly diversifying the topics of the scam in an attempt to lure gullible users into sending them advance fees in order to obtain non-existent awards. With the arsenal of tools and tactics available to the cybercriminals, expanding, their malicious efforts expanded on multiple fronts such as - blackhat search engine optimization serving scareware campaigns, and client-side exploits serving attacks. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Related: Protection tips for the upcoming FIFA World Cup themed cybercrime campaigns

3 of 38 Dancho Danchev/ZDNET

In June, a French group of security researchers, has obtained the emails of 114,000 iPad users who signed up for AT&T’s 3G wireless service, including their associated ICC-IDs, relying on a flaw in the company’s site which allowed them to automate the process. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: The security and privacy ramifications of AT&T's iLeak

4 of 38 Dancho Danchev/ZDNET

This campaign was part of a systematic rotation of different topics, with the idea to trick end users into clicking on the attached HTML files. Upon clicking on the malicious HTML file, an obfuscated JavaScript script loads a tiny iFrame refreshing the actual malicious link. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: Malware Watch: Adobe zero day attack, malicious FIFA-themed spam, exploit serving Virus Alerts

5 of 38 Dancho Danchev/ZDNET

One of the most commonly seen spam campaigns in June, is the OEM software bargain deals themed ones. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Is It Legal To Buy OEM Software?

6 of 38 Dancho Danchev/ZDNET

Another FIFA World Cup lottery scam, as seen by Symantec. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: FIFA World Cup Scams Continue to Circulate

7 of 38 Dancho Danchev/ZDNET

Cybercriminals regularly showcase their underground propositions at various forums, by including such screenshots next to them, in an attempt to add more legitimacy. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: Inside the Carding Underworld

8 of 38 Dancho Danchev/ZDNET

This screenshot courtesy of McAfee while they were profiling a particular cybercrime-friendly community, shows stolen financial and personal data. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: Inside the Carding Underworld

9 of 38 Dancho Danchev/ZDNET

In June, cybercriminals once again attempted to spread scareware and exploits through Twitter. By systematically registering bogus accounts and using them to spam users, the campaign had to potential to cause damage if it wasn't for the quick community reaction. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: Dissecting the Exploits/Scareware Serving Twitter Spam Campaign

10 of 38 Dancho Danchev/ZDNET

is.gd's response to the Twitter malware/exploits serving campaign, prevented users from interacting with the malicious links. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: Dissecting the Exploits/Scareware Serving Twitter Spam Campaign

11 of 38 Dancho Danchev/ZDNET

Black hat search engine optimization remains one of the most traffic acquisition tactics applied by cybercriminals, followed by the hijacked traffic obtained from compromising legitimate sites. This blackhat SEO campaign, exclusively relying on U.S Federal Form keywords, has been ongoing since August, 2009, and continues serving scareware as a key component of its monetization strategy. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: Dissecting the Ongoing U.S Federal Forms Themed Blackhat SEO Campaign - Part Two

12 of 38 Dancho Danchev/ZDNET

One of the most popular and widely seen scareware/rogueware window is still surprisingly not recognized as a fake one, by a huge number of end users. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: Dissecting the Ongoing U.S Federal Forms Themed Blackhat SEO Campaign - Part Two

13 of 38 Dancho Danchev/ZDNET

In June, the Electronic Frontier Foundation, in a cooperation with the Tor Project, has released a beta version of the “HTTPS Everywhere” Firefox extension. Although the extension is a step in the right direction, the EFF emphasizes on the fact that insecure third-party content like the one seen in the screenshot, could pose a number of risk. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: The EFF releases new HTTPS Everywhere Firefox extension

14 of 38 Dancho Danchev/ZDNET

A spamvertised through Facebook personal messages, Photo Album themed campaign, with the domain IP responding to ZeuS C&Cs, combined with an indirect connection between this campaign and the "100,000+ Scareware Serving Fake YouTube Pages Campaign", followed by a domain portfolio used in a currently active mass SQL injection attack serving CVE-2007-5659 exploits, parked within the same AS as the Facebook's campaign itself. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: Facebook Photo Album Themed Malware Campaign, Mass SQL Injection Attacks Courtesy of AS42560

15 of 38 Dancho Danchev/ZDNET

With Facebook increasingly getting abused by clickjacking campaigns, it's worth taking a peek into the traffic these campaigns generate. This image shows the disturbingly high click-through rate for a sampled campaign, clearly demonstrating that the potential for abuse is there. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

16 of 38 Dancho Danchev/ZDNET

Pat of 100,000+ scareware serving pages campaign seen in June, the phony MyBookFace service was used as a second traffic optimization strategy by the cybercriminals, serving scareware in between redirectors visitors to the site. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: Dissecting the 100,000+ Scareware Serving Fake YouTube Pages Campaign

17 of 38 Dancho Danchev/ZDNET

In June, researchers from eSoft reported on discovering 135,000 Fake YouTube pages serving scareware, in between using multiple monetization/traffic optimization tactics for the hijacked traffic. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: Dissecting the 100,000+ Scareware Serving Fake YouTube Pages Campaign

18 of 38 Dancho Danchev/ZDNET

Yet another variation of the fake "Your Computer is Infected" scareware window, seen in blackhat search engine optimization (blackhat SEO) campaigns. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

19 of 38 Dancho Danchev/ZDNET

Graph showing the clear increase of FIFA World Cup themed spam/scams. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: FIFA World Cup Scams Continue to Circulate

20 of 38 Dancho Danchev/ZDNET

What happens when users fall victim into this clickjacking campaign which took place in June? According to Sophos: "Clicking anywhere on the page will - if you are logged into Facebook - update your Facebook page without your permission to say that you also "Like" the page. You are probably oblivious to this, of course, as by now your web browser has been redirect to pictures of attractive female celebrities on the website of men's magazine Maxim." For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: Facebook users clickjacked by the 101 Hottest Women in the World

21 of 38 Dancho Danchev/ZDNET

This spamvertised campaign was relying on thousands of automatically generated short URLs, or subdomains at free site hosting services, in an attempt to trick the user into downloading and executing the tax-statement.exe ZeuS crimeware binary. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: Malware Watch: Twitter password reset emails, IRS-themed crimeware, malicious PDFs, and fake YouTube pages

22 of 38 Dancho Danchev/ZDNET

In June, researchers from Intego discovered the OSX/OpinionSpy spyware in 29 free Mac OS X screensavers. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

23 of 38 Dancho Danchev/ZDNET

The end user agreement found within the spyware elements of the Mac OS X screensavers. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: Malware Watch: Free Mac OS X screensavers bundled with spyware

24 of 38 Dancho Danchev/ZDNET

DIY (commercial) mobile spyware, allowing affiliate partners to generate custom samples for their clients. The price tag? A hefty price tag of £3000, and no refunds offered. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: Vendor of Mobile Spying Apps Drives Biz Model Through DIY Generators

25 of 38 Dancho Danchev/ZDNET

Fraudulent online gambling propositions, continue getting spammed, with the spammers earning revenue using an affiliate program. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

26 of 38 Dancho Danchev/ZDNET

In June, F-Secure reported on another spamvertised campaign, relying on malicious PDFs using the /Launch feature, and “Please, review my CV, Thank You!” theme. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: Exploit.PDF-Dropper.Gen

27 of 38 Dancho Danchev/ZDNET

Yet another OEM softwae selling spam campaign. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: Is It Legal To Buy OEM Software?

28 of 38 Dancho Danchev/ZDNET

Researchers from F-Secure spotted digitally signed malware samples, using Microsoft's Authenticode. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: It's signed, therefore it's clean, right?

29 of 38 Dancho Danchev/ZDNET

This malwae campaign was not just directly impersonating Skype, but was also part of series of spam emails serving client-side exploits, launched by the same malicious attackers. Related themes the bad guys were using at the time are: “Reset your Facebook password“; “Virus Notifications” “Twitter Password Resets“, and “FIFA World Cup Scandals/Bad news“, all of which contain malicious .html attachments. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: Malware Watch: Skype exploit, Skype-themed malicious spam campaigns detected

30 of 38 Dancho Danchev/ZDNET

Professionally designed scam sites like this one, continue tricking tens of thousands of uses into purchasing Rolexes for $500, even less. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

31 of 38 Dancho Danchev/ZDNET

Automatically registered Twitter accounts spamming messages leading to malware and exploits. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: Dissecting the Exploits/Scareware Serving Twitter Spam Campaign

32 of 38 Dancho Danchev/ZDNET

Shady online/pirated movies marketplace, which is often used as a second monetization vector used in numerous malware campaigns. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: Dissecting the Exploits/Scareware Serving Twitter Spam Campaign

33 of 38 Dancho Danchev/ZDNET

This Twitter password-reset themed campaign was attempting to trick uses into downloading and executing Twitter_security_model_setup.zip which in reality was scareware. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: Malware Watch: Twitter password reset emails, IRS-themed crimeware, malicious PDFs, and fake YouTube pages

34 of 38 Dancho Danchev/ZDNET

Legitimately looking, often using publicly obtainable schedules, targeted malware attacks serving client-side exploits, continue propagating.For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: Targeted Attacks with Excel Files

35 of 38 Dancho Danchev/ZDNET

In June 22, WebSense detected more than 100,000 of these messages. Upon clicking on the link, the use is tricked into downloading a binary, in between loading a web site which automatically exploits vulnerable client-side applications.For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: Malicious Notification Spam: Account Verification

36 of 38 Dancho Danchev/ZDNET

Targeted malware attacks using FIFA World Cup themed content, significantly infected during June. The cybercriminals' malicious extension of choice? According to Symantec, it was malicious PDF files - .pdf 41%.exe 18%.doc 14%.xls 7%.scr 4%.ppt 1%. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Image Source: FIFA World Cup Used to Lure Victims in Targeted Attack

37 of 38 Dancho Danchev/ZDNET

The Canadian Pharmacy scam was observed in a huge percentage of the spam, and exploit serving campaigns during June. Constantly multitasking, cybercriminals have included exploits and redirectors to pharmaceutical scam sites like this one, in a single campaign. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Related: Inside an affiliate spam program for pharmaceuticals

38 of 38 Dancho Danchev/ZDNET

Yet another variation of the Canadian Pharmacy scam, as seen in spam campaigns during June. For the latest security news, cyber threats and malware incidents, visit the Zero Day blog

Related: Inside an affiliate spam program for pharmaceuticals

Show Comments