Category: cyren

Compromised websites provide neat spam sending form – based on PHPThumbs exploit

What do the following websites have in common?  www.alwaysnewyou.com – a health and beauty advice site levelvet.com – a Russian shopping site www.villahadir.lu – a site describing a restaurant in Luxembourg These sites and thousands more use a script called “PHPThumb” to manage the images on their webpages. The script

Russian brides worried by improved Baltic brides

Russian brides can no longer sit complacently and wait for potential husbands. There is now competition on the (Western) horizon. Baltic brides are waiting and there are several important advantages as pointed out in the spam email below:  EUROPEAN PASSPORTs – All our Baltic Brides have European Union residence. No

This week’s Facebook and Twitter abuse

Spam and malware distribution is a business. So if something works then don’t change it. We speculate that these attacks work since our labs have seen them repeated almost unchanged for months now. (See this post about Twitter spam and this post about twitter spam). The recipe for success when

Feminists just wanna have fun (and send spam)

As a feminist who sees an above-average amount of spam (due to many years in the Internet security space), the spam sample below caught my eye and elicited a chuckle.  It’s dating spam with sense of humor: the spammer sent a “looking for sex on the side” spam message with

Free hosting for malware

Malware distributors are abusing the names of well known security suites to trick users into downloading malicious files. The email message informs recipients that they may have been infected with a worm requiring them to download and run a scanning tool.  Google translation: Your e-mailcan be blocked byinappropriate use.Attention: We

IRS Summer Tax forum – the things they don’t teach you

Lesson one: The IRS is a confirmed favorite of spammers, phishers and malware distributors. As an example consider the attacks from the last few weeks that have targeted users of the IRS’s electronic payment portal. This time the attack starts with an email about tax forums to train and serve

Email Account Takeover Leads to BEC & VEC

In our most recent report, we describe our observations about phishing, BEC, and malware attacks including: Per capita, malicious inbox content has more than doubled within the past two years Almost 80% of malicious inbox threats are phishing attacks  Phishing attacks have been known as the origin of large breaches

Getting the most out of Tumblr (for a work-at-home scam)

Tumblr is a microblogging platform that allows users to post text, images, videos, links, quotes and audio to their short-form blogs. The last few days have turned up Tumblr accounts being used by scammers to redirects users to their work-from-home sites. The redirection is based on functionality provided by Tumblr.

US taxpayers beware

Cybercriminals targeting US taxpayers have launched a second wave of phony “tax payment rejected” emails. The first major outbreak started around June 21st. As before the emails warn recipients that their tax payments, submitted via the IRS’s electronic payment system, have been rejected. To understand why, recipients are provided with

The LoveGame virus gets hearts racing

The LoveGame virus gets hearts racing  The concept sounds interesting: A new game called “lovegame” which is still freeware has been received as an email attachment. Email text: Hello Dear! Do you play games ? lovegame. us present new project This game is still freeware. You can find it in