Computer Security Articles

The days leading up to major religious holidays are when you should be more careful with the contents of your inbox.One malicious spam run recently spotted by McAfee consists of a cute image of bunnies, chicks and colored eggs, complete with the offer to download the animated greeting by clicking on the offered link:The subject [...]

Read the full story

A “Worm.Ckbface.adj” is spreading via Yahoo Instant Messenger ,that tricks people into downloading what they think is a pictures from a friend but is instead malware that installs a backdoor on Windows systems and spreads to a victim’s IM contacts. The worm arrives via a message from a contact with the word “picture” or “pictures” [...]

Read the full story

The LizaMoon mass-injection campaign is still ongoing and more than 500,000 URLs have a script link to lizamoon.com according to Google Search results. We have also been able to identify several other URLs that are injected in the exact same way, so the attack is even bigger than we originally thought. All in all, a [...]

Read the full story

Today it was reported that Spotify, the popular streaming music service, displayed malicious ads to users of their Free version. The ads lead to websites that used the Blackhole Exploit Kit to infect users with the Windows Recovery fake AV application. Our Advanced Classification Engine has full coverage for the Blackhole kit and protected users [...]

Read the full story

RIP Rustock botnet!  Today marks exactly one week since Rustock, one of the largest spam generator botnets, was taken down by the Microsoft digital crime unit and US federal law enforcement agents.   Rustock had more than 250,000 bots approximately, and until last Wednesday was one of the biggest known bot networks.  The bot's author was implementing certain [...]

Read the full story

Online gaming password stealers form a large malware category. Moreover, it is growing: there is strong demand in the virtual experience, there is supply, there are online auction sites where such experience is sold to those who are ready to pay for it. That is, there are mechanisms for converting the virtual experience into the [...]

Read the full story

In this blog i talk about the history of  XSS worms, how they evolved to spread through multiple webmail providers and the client-server model involved in a XSS botnet. More here: http://www.avertlabs.com/research/blog/index.php/2007/07/19/the-nduja-job-into-the-world-of-xss-worms/ View full post on News from the Lab

Read the full story

Just came back from Pune after Presenting at ClubHack 2007. It was such a great initiative to promote security awareness in India. I talked about the recent trend in the emergence of kits like MPack and how attackers are exploiting them to install various Malware. You can find my slides below: View full post on [...]

Read the full story

I have received several email questions and explanation requests regarding my blog post  “Are PDFs Worm-Able” and the proof of concept video within the post.  Instead of repeating a post I wrote over on my company’s blog I figured I would just link to it from here: Implications of Recent PDF /Launch Hacks.  In the [...]

Read the full story

Internet Security Suite is a rogue security product that pretends to find malicious code on a victim’s machine in order to frighten him or her into purchasing this useless application. It’s the latest rogue of the FakeVimes family. Both the downloader and module are detected as FraudTool.Win32.FakeVimes!VB (v). This replaces SmartEngine.FakeVimes as the latest member [...]

Read the full story

It has been a few months since I posted anything here but tonight as I was fiddling around with the Launch action within a PDF file I discovered another oddity that I thought would make an interesting blog posting.  As we are all probably aware of the Launch action within the PDF specification allows for [...]

Read the full story

Hi Guys, i want to announce that our new malware feeds alliance was lunched. http://c300g.net. we are open for feeds exchange for the solely purpose of research. we already have 8 different vendors which we all ready exchanging data with, we also work with 6 different sensors deployed around several different geographical hosting services. we [...]

Read the full story

Emsisoft Labs are always on the lookout for something out of the ordinary happening, and we recently came across a circulation of spam portraying as fake FedEx Emails. Emsisoft Anti-Malware will detect and remove the same as Trojan-Dropper.Win32.Oficla (alias Sasfis). The email comes with subjects like “ID N4815147” or “FedEx Item Status N5561690” and does [...]

Read the full story

The malwares in wild are exploiting this vulnerability. This vulnerabilty allows remote code to be executed while a debugger loads a specially crafted executable using Microsoft’s Dbghelp.dll(ver 5.x). When I was trying to load the malware that uses this trick it made olly debugger to exit. The below link has some interesting stuff about this [...]

Read the full story

SecurityEssentials2011 is a rogue security product that pretends to find malicious code on a victim’s machine in order to frighten him or her into purchasing this useless application. VIPRE detects it as Trojan.Win32.Generic!SB.0 Security Essentials 2011 splash screen  (Click on graphic to enlarge) Security Essentials 2011 graphic interface (Click on graphic to enlarge) Security Essentials [...]

Read the full story

System Tool 2011 is a rogue security product that pretends to find malicious code on a victim’s machine in order to frighten him or her into purchasing a useless application. It’s a clone of the 2008 Security Tool rogue. System Tool 2011 warning screen.   (Click on graphic to enlarge) System Tool 2011 graphic interface [...]

Read the full story

Antivirus8 is a rogue security product in the Antivirus XP 2010 family that pretends to find malicious code on a victim’s machine in order to frighten him or her into purchasing this useless application. VIPRE detects it as Antivirus8.FakeXPA. The Antivirus8 graphic interface: (Click on graphic to enlarge) Antivirus8 fake scan: (Click on graphic to [...]

Read the full story

Antivirus Solution 2010 is the latest rogue security product the UnVirex family. It pretends to find malicious code on a victim’s machine in order to frighten him or her into purchasing this useless application.  Threat name: AntivirusSolution2010 The primary downloader and all dropped files are detected by VIPRE as LooksLike.Win32.Malware!D (v). Antivirus Solution 2010 install [...]

Read the full story

SmartEngine is a rogue security product that pretends to find malicious code on a victim’s machine in order to frighten him or her into purchasing this useless application. This is the replacement for the SmartSecurity.FakeVimes. The SmartEngine bogus warning screen: (Click on graphic to enlarge) The warning screen claims that there is a “hidden connection.” [...]

Read the full story

PC World – Microsoft Security Essentials is fake. Well, it is and it isn’t. Microsoft Security Essentials is a free antimalware protection program from Microsoft, but a new malware threat identified by security software vendor F-Secure is also masquerading as Microsoft Security Essentials. You want to avoid that one. View full post on Yahoo! News: [...]

Read the full story

Facebook Thursday announced that it will start encrypting User IDs before they are transmitted to third-party Web sites. View full post on Computerworld Security News

Read the full story

Microsoft Security Essentials is fake. Well, it is and it isn’t. Microsoft Security Essentials is a free antimalware protection program from Microsoft, but a new malware threat identified by security software vendor F-Secure is also masquerading as Microsoft Security Essentials. You want to avoid that one. View full post on Network World on Security

Read the full story

Google on Friday said that it collected entire e-mails, URLs, and passwords when its Street View cars accidentally sniffed unencrypted Wi-Fi networks. View full post on PCMag.com Security Coverage

Read the full story

We need to comply with .. is a phrase that will send quivers of fear, loathing, despair, or joy through many a security person’s body. Fear, because you have been through it before and know what is around the corner. Despair and loathing, because you are told to to the basic minimum to comply rather [...]

Read the full story