dcsimg

Red Hen website suffers SEO spam compromise

If you’re thinking about checking out the website owned by the restaurant that asked White House press secretary Sarah Huckabee Sanders to leave the premises, you might want to hold off. There’s some site compromise action afoot. Although the homepage appears to be acting in a perfectly normal manner, turning off scripts so you can see what’s happening under the hood provides a … [Read more...]

Five easy ways to recognize and dispose of malicious emails

I suppose we all get our share of spam. Some more than others. But how do we differentiate between simple commercial spam and the types of emails that want to get us in trouble? The unsolicited commercial spam email is generally easy to recognize, report, and discard, but what about more dangerous types of spam? How can you determine if an email contains a malicious link or attachment, or is … [Read more...]

Instagram story spam claims free Apple Watch

I have to admit, I’m not 100 percent sure who Elton Castee is. “Who’s that?” you ask? Digging around revealed that he’s big on YouTube, has done some films, and raises money for dogs, which is very cool. He’s also popular on Instagram, with 400k+ followers. With that in mind, we’ve seen a few reports of his account being compromised (and by … [Read more...]

Internet Shortcut used in Necurs malspam campaign

The Necurs botnet continues to be one of the most prolific malicious spam distributors, with regular waves of carefully-crafted attachments that are used to download malware. The majority of malspam campaigns that we track are targeting Microsoft Office with documents containing either macros or exploits. We also see a number of other types of malicious attachments that are zipped scripts (.VBS, … [Read more...]

Facebook spammers making things worse

Facebook’s having a bad couple of weeks. Between Congressional testimony and new information coming forward about Cambridge Analytica’s use of user data, the tech giant is having problems keeping its users aboard. Unfortunately, misery loves company. We noticed a few Facebook spam campaigns this week that can only make things worse. Should a browser extension be able to add a Facebook … [Read more...]

“Celebrating Stephen Hawking” with a 419 scam

The recently departed Stephen Hawking is apparently back from the dead, now a target for scammers wanting to extract some quick cash from the unwary in the form of a vaguely surreal 419 scam. The whole thing begins with an email from, er, Stephen Hawking titled “Celebrating Stephen Hawking.” Click to enlarge The body text is a slightly mangled swipe job from this AP article over on … [Read more...]

Boomerang spam bombs Malwarebytes forum—not a smart move

Tech support scammers are generally not the best and brightest. As such, they will occasionally post ads for their fake companies in the comment sections here or on the Malwarebytes forums. Last week, however, scammers struggled with configuring their spambots, resulting in spam bombs on the forum lasting roughly 72 hours, with a slow taper down for two more days. Over six days, 246 spam accounts … [Read more...]

“Who visits your Twitter profile” spam app brings week of chaos

Twitter spam has been around forever, and rogue apps asking for installs in return for a cool feature (to be more accurate, spamming your contacts) is a constant thorn in our Twittery sides. Over the weekend, we observed a new Twitter app doing the rounds and causing a lot of congestion on people’s timelines. What is it? We first noticed this when a number of my contacts using the #FBPE … [Read more...]

Text messages and the Bitcoin Code: follow the money trail

I was a bit surprised to receive lots of messages similar to the one below this past week: I mean, we’ve all done it—managed a bulk text spam campaign offering free Bitcoins in your spare time, while completely forgetting said business exists. Maybe I did it in my sleep? It’s all gone a bit Fight Club. And as we all know, the first Rule of Fight Club is “Don’t run a free … [Read more...]