Showing 29 results for: Phishing ×

Malware Authors Adopt CEO Fraud Techniques

CEO Fraud scams, a type of Business Email Compromise (BEC), have gained popularity among scammers recently. These scams use the power of the CEO's name to try and elicit a response from a targeted employee of an organization. For more...

Suzy's Phishing Season

Although most SWG-related blogs talk about exploit kits and malicious code, today we would like to discuss something else in the form of a phishing campaign we recently spotted. Phishing often receives less attention from the InfoSec industry because unlike...

Deobfuscating Malicious Macros Using Python

Over the past few weeks, we've observed cybercriminals spamming users, particularly in the UK, using document files embedded with malicious macros masquerading as invoices. The attachment is either a Word or an Excel document file. Here are some examples incorporating...

Reflected File Download - A New Web Attack Vector

PLEASE NOTE: As promised, I've published a full white paper that is now available for download: White paper "Reflected File Download: A New Web Attack Vector" by Oren Hafif. On October 2014 as part of my talk at the Black...

Hacking a Reporter: UK Edition

Over the summer, a U.K. journalist asked the Trustwave SpiderLabs team to target her with an online attack. You might remember that we did the same in 2013 by setting our sites on a U.S.-based reporter. This scenario, however, would...

Stupid Spammer Tricks – Reversing Characters

Spammers engaged in phishing attacks constantly try to get their emails past spam filters. They try many different tactics, and these can include taking advantage of HTML coding characteristics. These HTML tricks can make the email look normal when rendered...

Analysis of a New Banking Trojan Spammed by Cutwail

The Cutwail spambot has a long history of sending spam with attached malicious files such as Zbot, Blackhole Exploit Kit and Cryptolocker. Another trick in Cutwail’s portfolio is to use links pointing to popular file hosting services. Over the past...

Beware! Bats hide in your jQuery!

Injection of malicious code into JavaScript files is not new; however, we recently observed a steep increase in the use of this method, particularly in jQuery libraries, in order to redirect users to malicious web pages. Why has injecting malicious...

Hey, can I use your server for spamming?

Over the last few months I have encountered two separate cases of our customers being impacted by outbound spam, i.e., spam originating from within their networks. The first sign that anything was wrong was that the customers' mail servers were...

Behind the Phish: Romance Perhaps?

When I look at the masses of spam we receive on a daily basis, I often wonder who is behind it all. What systems do they have in place, and who are the people behind such madness? We have often...

Analysis of Malicious Document Files Spammed by Cutwail

In our Global Security Report, we highlighted a zero day vulnerability in the Windows Common Controls affecting Microsoft Office (CVE-2012-0158). This was reportedly being used for targeted attacked against NGOs and human rights activist. Over the past week, the Cutwail...

More on the TrustKeeper Phish

Yesterday we alerted people to a widespread phishing campaign misusing Trustwave's brand. Here we go into some more detail about the campaign. First up, I'd like to repeat, these messages did not originate from Trustwave, and at no time was...

Trustwave TrustKeeper PCI Scan Notification - Phishing ALERT

Over the last few hours, Trustwave has received multiple reports of individuals receiving fake emails pretending to be from Trustwave. These emails did not originate from Trustwave. Recipients should immediately delete the emails and not follow any links presented in...