Search
Close this search box.

Category: cyren

Vast email malware outbreaks – efaxCorporate and Xerox copiers

Wednesday the 24th saw huge of amounts of email-attached malware distributed – all with an “office” theme. The attacks pushed the amount of email up by several hundred percent and totaled near five billion emails sent worldwide.  The first part of the day saw emails describing an attachment as being

US Election used as malware smokescreen

At first glance this looked like a “standard” email-malware attack. As with many similar attacks the email pretends to be carrying an eticket attachment – this time from Delta. The zip file holds executable malware. In case we weren’t sure this is malware here are some of the giveaways: The

Measuring the success of a malware campaign

We are often asked whether we have any way of knowing how successful a particular malware or spam campaign has been. We assume that the “other side” tracks this sort of thing to see what social engineering works, and which material escapes spam and malware checks. (If any spammer is

Your friend has shared a Groupon malware coupon with you!

A recent collection of malware emails borrows heavily from authentic mailings sent out by Groupon and LinkedIn. The outbreak is different from the blended attacks that have featured regularly in the last few months since it relies on attached malware as opposed to a link to drive-by malware. Using email

Beware the phony Classmates.com email

Classmates.com has become the latest in a series of well-known brands to be abused by a particular gang of malware distributors. The similarities to other outbreaks include:  Linking to multiple compromised sites which then redirect to the malware hosting sites Favoring WordPress sites (that can be exploited) Hosting the malware

284,000 WordPress sites hacked? Probably not.

Some Amazon order confirmation emails have been reported as fakes.  Every link leads to malware. Every link (there are 8 in this example – similar to this attack) leads to a different compromised WordPress site. And they all seem to be using one of the most common WordPress theme directory

Reset your Facebook password – and visit WikiPharmacy!

Using phony Facebook emails to draw recipients to pharmacy websites is not a new trick. But this is no ordinary Viagra shop – it’s the WikiPharmacy! The phony Facebook emails and the pharmacy destination are shown below:   Not surprisingly, the links in the emails above lead to compromised websites.

Yahoo phishing hides in compromised WordPress websites

Yahoo users have been targeted in a phishing attack that starts with an “avoid account deactivation” email. Mousing over the link shows the non-Yahoo link – an easy way to know that something is amiss.   The phishing pages are very authentic looking. Once users have entered their login details