Incidents

Hot Fail On SexBoosters

Over the last couple of days we’ve been noticing a few pharmacy spam mails which are a bit different. Somebody seems to have replaced the original graphical content with an alert highlighting that such messages are malicious.

So far we have counted three (ab)used image hosting services for this spam:

  1. imageshack.us
  2. imgur.com
  3. myimg.de

A quick analysis of these showed that #1 currently serves all the replaced images, #2 serves all original spammers images and #3 seems to have removed the offensive content immediately, good work!

At the moment, we don’t have any further information about the source/background of the warning replacements – this gives us plenty of opportunity to use our imaginations when thinking about what’s actually going on. A few of the key words and concepts we’re considering are: white hats, rival spammers, compromised hosting service(s). Not an exhaustive list, but more of a launch pad for further theories and research!

Hot Fail On SexBoosters

Your email address will not be published.

 

Reports

The SessionManager IIS backdoor

In early 2022, we investigated an IIS backdoor called SessionManager. It has been used against NGOs, government, military and industrial organizations in Africa, South America, Asia, Europe, Russia and the Middle East.

APT ToddyCat

ToddyCat is a relatively new APT actor responsible for multiple sets of attacks against high-profile entities in Europe and Asia. Its main distinctive signs are two formerly unknown tools that we call ‘Samurai backdoor’ and ‘Ninja Trojan’.

WinDealer dealing on the side

We have discovered that malware dubbed WinDealer, spread by Chinese-speaking APT actor LuoYu, has an ability to perform intrusions through a man-on-the-side attack.

APT trends report Q1 2022

This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q1 2022.

Subscribe to our weekly e-mails

The hottest research right in your inbox