Showing 24 results for: Phishing ×

Deobfuscating Malicious Macros Using Python

Over the past few weeks, we've observed cybercriminals spamming users, particularly in the UK, using document files embedded with malicious macros masquerading as invoices. The attachment is either a Word or an Excel document file. Here are some examples incorporating...

Reflected File Download - A New Web Attack Vector

PLEASE NOTE: As promised, I've published a full white paper that is now available for download: White paper "Reflected File Download: A New Web Attack Vector" by Oren Hafif. On October 2014 as part of my talk at the Black...

Hacking a Reporter: UK Edition

Over the summer, a U.K. journalist asked the Trustwave SpiderLabs team to target her with an online attack. You might remember that we did the same in 2013 by setting our sites on a U.S.-based reporter. This scenario, however, would...

Stupid Spammer Tricks – Reversing Characters

Spammers engaged in phishing attacks constantly try to get their emails past spam filters. They try many different tactics, and these can include taking advantage of HTML coding characteristics. These HTML tricks can make the email look normal when rendered...

Analysis of a New Banking Trojan Spammed by Cutwail

The Cutwail spambot has a long history of sending spam with attached malicious files such as Zbot, Blackhole Exploit Kit and Cryptolocker. Another trick in Cutwail’s portfolio is to use links pointing to popular file hosting services. Over the past...

Beware! Bats hide in your jQuery!

Injection of malicious code into JavaScript files is not new; however, we recently observed a steep increase in the use of this method, particularly in jQuery libraries, in order to redirect users to malicious web pages. Why has injecting malicious...

Hey, can I use your server for spamming?

Over the last few months I have encountered two separate cases of our customers being impacted by outbound spam, i.e., spam originating from within their networks. The first sign that anything was wrong was that the customers' mail servers were...

Behind the Phish: Romance Perhaps?

When I look at the masses of spam we receive on a daily basis, I often wonder who is behind it all. What systems do they have in place, and who are the people behind such madness? We have often...

Analysis of Malicious Document Files Spammed by Cutwail

In our Global Security Report, we highlighted a zero day vulnerability in the Windows Common Controls affecting Microsoft Office (CVE-2012-0158). This was reportedly being used for targeted attacked against NGOs and human rights activist. Over the past week, the Cutwail...

More on the TrustKeeper Phish

Yesterday we alerted people to a widespread phishing campaign misusing Trustwave's brand. Here we go into some more detail about the campaign. First up, I'd like to repeat, these messages did not originate from Trustwave, and at no time was...

Trustwave TrustKeeper PCI Scan Notification - Phishing ALERT

Over the last few hours, Trustwave has received multiple reports of individuals receiving fake emails pretending to be from Trustwave. These emails did not originate from Trustwave. Recipients should immediately delete the emails and not follow any links presented in...

Photobucket: An Identity Thief's Playground

Photobucket is a popular social media site that acts as gallery and cloud storage for user photos. Users can upload photos and arrange them into individual galleries or simply leave everything unsorted in one large library. Adding support for smartphones...

Fraud, Passwords, and Pwnage on the Interwebz

This past weekend I was lucky enough to attend Microsoft's BlueHat Conference in Redmond WA and Security B-Sides Seattle. The combination of some of those talks succeeded in keeping some persistent issues alive in the hopes of finding a solution....

An Analysis of a Fake Vodafone Bill PDF File

We haven't come across many malicious PDF files recently in our spam traps, so when we found this message, ostensibly from Vodafone Deutschland, we naturally took a closer look. In this example, the cyber crooks are targeting Vodafone Deutschland customers...

Phishing Evolves: Rogue IVRs

As someone who's worked in the financial industry for years, I'm fascinated by methods used by phishers to encourage people to part with their money. Most of us can easily recognize and avoid the more obvious and clumsy phishing attacks...