The Emotet trojan is back, this time spreading via Spam bots. Trend Micro researchers first spotted the banking malware using network sniffing to steal data back in 2014 and recently spotted an increase in activity in August 2017 coming from new variants that all had the potential to unleash different types of payloads.
The latest versions were spotted and each had the potential to drop different malicious payloads. Researchers attributed the malware's resurfacing to two main possible reasons first, the authors behind the attacks may be targeting new regions and because and second, because the new variants are using multiple ways to spread.Read more
What do you suppose the click-through rate is for links received by men in dating app messages from attractive women? Take a guess — 1%? 5%? 15%? According to research conducted by Inbar Raz of PerimeterX, it’s an incredible 70%!
Two out of three men actually click on these links, which makes it without doubt the best conversion rate in the world. Take another guess: What could possibly go wrong? Inbar Raz started his research with building the perfect Tinder profile. This subject is surprisingly well researched — I’m talking mathematically researched. Here’s a short list of the kinds of photos that work the best:Read more
One of the least popular new “features” in Windows 10 is the advertising function Microsoft injected directly into the operating system. Ads show up in a number of ways, from promotions of Windows Store apps in the Start menu to pop-up “reminders” that Microsoft’s Edge browser gets better battery life than Google’s Chrome.
While Microsoft is addressing some other complaints about Windows 10 in the upcoming Creators Update — such as privacy concerns over the data that’s being transmitted and issues regarding how the operating system updates itself — the company seems intent on retaining Windows 10’s advertising functionality.Read more
At its height, River City Media, run by Alvin Slocombe and Matt Ferris, sent out a billion emails a day, slamming Gmail servers with fragmented traffic in order to ensure all of its email went out on time.
After failing to password-protect a remote backup, however, the company has exposed its nearly 1.4 billion email records, some of which contain real names and addresses. The company, for all intents and purposes, is sunk but the privacy implications of this trove of data are staggering. Discovered by a security researcher for MacKeeper, Chris Vickery, the leaked data appeared as a result of a failed rsync backup – essentially a remote backup gone wrong.Read more
The TrickBot banking Trojan, a close relative to Dyre, has a growing target list and new browser manipulation techniques, experts at IBM X-Force said. “We expect to see it amplify infection campaigns and fraud attacks, sharpen its aim on business and corporate accounts,” wrote Limor Kessem, executive security advisor with IBM in a security bulletin Tuesday.
TrickBot, Kessem said, has matured quickly over the past three months during its testing and development stage. She added, the banking Trojan has also implemented two of the “most advanced browser manipulation techniques observed in banking malware in the past few years.”Read more
Operators of the Dridex banking trojan are experimenting with a new technique of delivering spam to their victims, according to independent security researcher MalwareTech.
The researcher has recently spotted a spam wave coming from legitimate but compromised websites, which the crooks were abusing to send spam to victims, most predominantly to users living in the UK. There are two new techniques employed by the Dridex crew in this campaign. The first is the use of compromised servers to send spam. Previously, the Dridex gang had relied on the Necurs botnet, a network of compromised computers.Read more
Hackers are spreading the Chthonic banking trojan via legitimate-looking PayPal emails, security outfit Proofpoint has warned. The emails are 'authentic' and don't trigger antivirus warnings because they come via PayPal from accounts that appear to be legitimate.
"The sender does not appear to be faked. Instead the spam is generated by registering with PayPal and then using the portal to request money," said Proofpoint in a security advisory. The attackers take advantage of a feature that allows users to include notes when sending money request messages. One sample picked up by Proofpoint showed that Gmail failed to block the email since it appeared to be legitimate.Read more
In the past few days, a new version of the TeslaCrypt ransomware was released, and security researchers have now detected a massive spam campaign distributing this new threat.
The first signs of something out of the ordinary were initially spotted on the Bleeping Computer forums, where users started complaining about being infected with ransomware. After further analysis by community members, the ransomware proved to be a new TeslaCrypt version that added minor changes to its code, but these were more than enough to prevent users from using the TeslaDecoder to decrypt their files.Read more
An unknown number of frustrated Skype customers have been pestered by spoof messages on the Microsoft service for weeks, but the company is yet to close what appears to be a gaping hole in its software.
Instead, Redmond has advised Skype users to change their account passwords. But complaints are building up about the lack of communication coming out of the Microsoft camp regarding what seems to be a Skype security flaw. The problem first appeared late last month. Other users were quick to pile in with similar gripes about the service, while some folk moaned that their PCs had been offline when the spoofing attack occurred.Read more
About a decade ago, spam brought email to near-ruin. The contest to save your inbox was on, with two of the world’s biggest tech companies vying for the title of top spam-killer. Microsoft boasted that its spam filters were removing all but 3 percent of the junk messages from Hotmail, the company’s online email service at the time.
Google responded by claiming that its service, Gmail, removed all but about one percent of spam messages, adding that its false positives rate was also about one percent. It was a point of pride for the two companies, particularly Microsoft, whose Hotmail service once carried such a poor reputation for spam.Read more