Computer Security Articles

ThinkPoint is a new addition to the long list of rogue antivirus programs. ThinkPoint uses fake codec download tricks for its distribution. Once installed, it shows a fake “Microsoft Security Essentials Alert” popup box showing a non-existent threat. ThinkPoint adds a Winlogon Shell registry entry, so that ThinkPoint starts up instead of Windows Explorer during [...]

Read the full story

ODbgScript is a plugin for OllyDbg, which is, in our opinion, the best application-mode debugger out there. One of the best features of this debugger is the plugin architecture which allows users to extend its functionality. ODbgScript is a plugin meant to let you automate OllyDbg by writing scripts in an assembly-like language. Many tasks [...]

Read the full story

“Memory-scrapping malware is malicious software designed to examine memory of sensitive processes and extract data that would otherwise be unavailable in persistent storage.” – Slightly paraphrasing Anand Sastry’s definition from his article on credit card data compromises via memory-scraping malware. View full post on Lenny Zeltser on Information Security

Read the full story

Cydia Store is similar to Apple’s App Store, except it’s for jailbroken iPhones. There’s a wide variety of free apps on Cydia and dozens of commercial applications on Cydia Store. By browsing the available applications in Cydia, you’ll find gems like these: OwnSpy? Remote iPhone Spy? Let’s take a closer look. The website of the [...]

Read the full story

“Warpigs” from group “m00p” pleaded guilty today at the Southwark Crown Court in London. We here at F-Secure are happy to get some closure on this long case, with which we’ve been working for a number of years. This malware group produced several different malware families over several years. They were created for financial gain. [...]

Read the full story

Last year, I wrote briefly about the Dr. Kent case. I made the point that this statement was absolutely false: Under questioning by Kent’s attorney, D. James O’Neil, Investigator Barry Friedman said he had found evidence of some viruses, so-called “trojans” and other unwanted software on Kent’s computer when he analyzed its hard drive at [...]

Read the full story

Microsoft fixed a record number of vulnerabilities in its October Patch Tuesday. The company issued 16 bulletins to patch 49 separate vulnerabilities. All versions of Windows from Windows XP up to the latest versions, Windows 7 and Server 2008 R2, are affected. In addition, various security flaws in Microsoft Office were also fixed, as versions [...]

Read the full story

This is the last segment in the series. To begin with, I have a question for you… What do you call a device that has a 1 gigahertz microprocessor, 512 megabytes of RAM, several gigabytes of solid state storage, runs programs, can be programmed, and can access the internet? Sound a bit like a Netbook, [...]

Read the full story

Learn how to remove any virus, spyware or malware manually using the Botts Technique. No software to buy and takes only a few minutes. Need expert help? Visit exids.com for manual virus removal help. The Botts Technique is a ground breaking virus and spyware removal method that every technician should know about. It requires only [...]

Read the full story

Anybody know how I can test out a version of SpySheriff? I am interested in this specific rogue antivirus product. E-mail me – Alinync@gmail.com View full post on Offensive Computing blogs

Read the full story

This post describes a technique that allows building a domain name generator for Murofet. The pseudo-random domain generators are not new – these were previously used by Sober, Kraken, or Conficker worms. The important thing about reproducing a particular domain generator is an ability to predict what domains the worm will query in the future. [...]

Read the full story

Maybe you are one of persons who belived for this moment that maximal length of path in Windows is equal to MAX_PATH ( 260 signs). Nothing further from the truth !!!. In document which you can download below I have described inter alia: – what is the maximum path length and from which it follows [...]

Read the full story

SystemDefragmenter is a rogue security product that blocks executable files (.exe) from running and presents fake alerts warning that the victim’s hard drive is corrupt. The scam is intended to frighten him or her into purchasing this useless application. SystemDefragmenter pop up: SystemDefragmenter graphic interface:   (Click on graphic to enlarge) Files added: %USERPROFILE%\Local Settings\Temp\maindll.dll [...]

Read the full story

AntivirusStudio2010 is the latest rogue security product in the UnVirex family. It pretends to find malicious code on a victim’s machine in order to frighten him or her into purchasing a useless application. AntivirusStudio2010 warning screen:  (Click on graphic to enlarge) AntivirusStudio2010 graphic interface:  (Click on graphic to enlarge)AntivirusStudio2010 phony warnings:  (Click on graphic to [...]

Read the full story

SmartEngine.FakeVimes is a rogue security product that pretends to find malicious code on a victim’s machine in order to frighten him or her into purchasing this useless application. This is the replacement for the SmartSecurity.FakeVimes. The SmartEngine bogus warning screen: (Click on graphic to enlarge) The warning screen claims that there is a “hidden connection.” [...]

Read the full story

Today we found a Russian-language version of the PC Defender Antivirus rogue security product. It isn’t really new since it’s been in VIPRE detections. What is new in this version is that it is targeting Russian-speaking victims. In the past we’ve seen a conscious effort on the part of rogue authors NOT to target Russians. [...]

Read the full story

Anybody who knows how to connect to Botnet Command and Control servers let me know it please….. My email address is kkhan68@paran.com. View full post on Offensive Computing blogs

Read the full story

Messing a little bit recently with a gmer’s code I discovered logical bug which can cause abnormal behavior of an random applications. [+]Localization of a problem If some file can’t be deleted in the usual way, gmer will try to close all opened handlers related with this file and after it delete file. In my [...]

Read the full story

Antivirus8.FakeXPA is a rogue security product in the Antivirus XP 2010 family that pretends to find malicious code on a victim’s machine in order to frighten him or her into purchasing this useless application. VIPRE detects it as Antivirus8.FakeXPA. The Antivirus8 graphic interface: (Click on graphic to enlarge) Antivirus8 fake scan: (Click on graphic to [...]

Read the full story

Nava Shield is a rogue security product that runs a fake “scan” and pretends to find malicious code on a victim’s machine in order to frighten him or her into purchasing fraudulent non-functioning software. A fake Nava Shield scan: (click on graphic to enlarge)Fake detection and “fix.” (click on graphic to enlarge) After a scan, [...]

Read the full story

AnVi.FakeCog is a rogue security product that pretends to find malicious code on a victim’s machine in order to frighten him or her into purchasing this useless application. This rogue is downloaded after the TDss Rootkit has infected a computer. After installation it attempts to remove MalwareBytes anti-malware protection. The main method for distribution of [...]

Read the full story

SafetyGuard is a rogue security product that pretends to find malicious code on a victim’s machine in order to frighten him or her into purchasing this useless application. It’s the most recent variant in the FakeSmoke Family. VIPRE identified SafetyGuard and its downloader as VirTool.Win32.Obfuscator.da!a (v) as a result of earlier detections. We’ve added a [...]

Read the full story

Malware Destructor 2011 is a rogue security product that presents itself as a Microsoft-related “System Security Pack Upgrade.” (Click on graphic to enlarge) It pretends to find malicious code on a victim’s machine in order to frighten him or her into purchasing useless software. (Click on graphic to enlarge) (Click on graphic to enlarge) Malware [...]

Read the full story

AV Defender 2011 is a rogue security product that pretends to find malicious code on a victim’s machine in order to frighten him or her into purchasing this useless application. It presents an alarming graphic user interface: (Click on graphic to enlarge) It fakes a “scan” of the potential victim’s machine in order to frighten [...]

Read the full story