Another popular and widespread software receives an update to eliminate security vulnerabilities today: The media player VLC has been released in version 1.1.9. In older versions cyber crooks could smuggle in malware like Trojans by making possible victims play specially crafted S3M (modtracker) music files or manipulated MP4 files. As VLC also comes with a [...]
13 April 2011
The Emsisoft malware research team has discovered a new outbreak of the Windows Restore adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsRestore. Windows Restore is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or [...]
13 April 2011
Head of Content Analysis and Research Darya Gudkova joins Ryan Naraine on this episode of Lab Matters to talk about the use of spam e-mails to launch malware attacks.
13 April 2011
WindowsFixDisk is a fake computer analysis and optimization program that displays fake information in order to scare you into believing that there is an issue with your computer. WindowsFixDisk is installed via Trojans that display false error messages and security warnings on the infected computer. These messages will state that there is something wrong with [...]
13 April 2011
CA ISBU came across an active spam email campaign containing a malware as file attachment, as seen on [Figure 1]. The spam mail informs the recipient that their “Reqest” has been rejected. It requires recipients to check the attachment containing the PDF document for more information. [Figure 1 - Fake Rejected Request [...]
13 April 2011
Once again, this day of every month is the scheduled release of updates from Microsoft. April 2011 Patch Tuesday from Microsoft contains 17 security bulletins (covering 64 vulnerabilities) 9 of the issues rated “Critical” in terms of the Maximum Severity Rating and Vulnerability Impact. Below is the list of the Critical security bulletins:MS11-018 – Cumulative [...]
13 April 2011
Last month, Adobe had released a security advisory and a product update about a critical flaw affecting Flash Player versions and a vulnerable component, authplay.dll, of Adobe Reader and Acrobat that was exploited in the wild, APSA11-01. The vulnerability that was exploited in the wild in targeted attacks via Flash (.swf) file embedded in a [...]
13 April 2011
A currently spamvertised scareware-serving campaign is enticing end users into downloading and executing a malicious binary, which drops a scareware variant.Sample subject: Reqest rejectedSample message: “Dear Sirs, Thank you for your letter! Unfortunately we can not confirm your request! More information attached in document below. Thank you Best regards.“Sample attachments: EX-38463.pdf.zip; EX-38463.pdf.exeDetection rate:EX-38463.pdf.exe – TrojanDownloader:Win32/Chepvil.J [...]
13 April 2011
Researcher Patrick Jordan put together some statistics on the various Rogues he sees on a daily basis, and I thought it made for some interesting reading. How are the rogue AV products shaping up in terms of monthly / yearly numbers? Let’s take a look at what Patrick has pulled out of a fiery lake [...]
12 April 2011
Right now there's a scam making its way across Facebook linking to a video titled "The Hottest & Funniest Golf Course Video – LOL" (example screen shot below). Websense customers are protected with by ACE, Advanced Classification Engine. During the 15 minutes it took to write this post over 7,000 new users liked the page [...]
12 April 2011
The malware authors every now and then send us virus researchers some messages. For example in the compiled binary itself, or as debug output. Now we found a Zbot Trojan variant which tries to evade detection by carrying a digital certificate and therewith looking more legitimate. And this certificate is registered to “DetectMe! ”, also [...]
12 April 2011
A “Worm.Ckbface.adj” is spreading via Yahoo Instant Messenger ,that tricks people into downloading what they think is a pictures from a friend but is instead malware that installs a backdoor on Windows systems and spreads to a victim’s IM contacts. The worm arrives via a message from a contact with the word “picture” or “pictures” [...]
12 April 2011
MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Facebook Support. Your password has been changed! ID09687″. Note that the number may change with each email. The email is send from the spoofed addresses: account@facebook.com manager@facebook.com The message has the following body: Dear user of FaceBook. Your password [...]
12 April 2011
We’re monitoring an on-going Facebook scam campaign that seems to be spreading faster than any campaign we’ve come across before. What did this girl do on her webcam? The scam starts with a user being tagged in a photo such as the one above. The photograph is posted in an album called “BBC News” to [...]
12 April 2011
We recently came across a ransom trojan that prompts the following: “Windows license locked!“ The trojan claims that “you should complete activation” and provides several phones numbers. The numbers: • 002392216368 • 002392216469 • 004525970180 • 00261221000181 • 00261221000183 • 00881935211841 The trojan claims that the call is “free of charge” but it isn’t, and the trojan author will earn money from the call via a [...]
12 April 2011
There has been a lot of talk in the security industry surrounding the recent data breach experienced by database marketing vendor Epsilon. As detailed in the reports, the company’s email system was broken into, enabling the attacker to obtain information such as names and email addresses associated with Epsilon’s customers. Trend Micro Researcher Rik Ferguson [...]
12 April 2011
Spam mails claiming to be from Twitter that send you to pharmacy sites are a popular wheeze for spammers, and here we go again. Click to Enlarge It seems I have “two PR messages from Twitter”. If that wasn’t enough to get me clicking (it isn’t), I can also join in on sports conversations, argue [...]
12 April 2011
In the last couple years there have been three major players who dominated the scene in the field of the kernel mode rootkit development. They are Rustock rootkit – with its latest build discovered in the wild in 2008 – MBR rootkit – firstly discovered in January 2007 – and TDL rootkit, which can be [...]
12 April 2011
Today Adobe announced a new 0-day vulnerability (CVE-2011-0611) in Adobe Flash Player and Adobe Acrobat that, similar to the previous 0-day from less than a month ago, was found embedded in a Microsoft Office file. The vulnerability allows an attacker to execute malicious code on a computer and has been spotted in limited targeted attacks. [...]
12 April 2011
Adobe released a security advisory in which it warns from a zero-day vulnerability within current version of Adobe Flash Player, Reader and Acrobat. Affected are Flash Player 10.2.153.1 and earlier versions for Windows, Mac, Linux and Solaris, the current version integrated in the Chrome web browser, and 10.2.156.12 and earlier versions for Android. The authplay.dll [...]
12 April 2011
Another list of fake job domains, almost identical to this one. Avoid. 1best-position.com 1consulting-online.com allweb-consulting.com besteuro-hire.com consult-wugposition.com first-newoffer.com world-hire.com wug-hire.com wug-myoffer.com
11 April 2011
Yet another installment in this endless series of fake job offers, the domain wug-hire.com is being used as a reply-to address for this particular scam. The “wug” name has been used before in this spam run. Subject: We have vacancies to be filled by Europe residents only Good afternoon! I am writing to you in [...]
11 April 2011
It appears that a new Twitter scam is making its way in lots of innocent users twitter account. We call this a Profile Spy worm app. Its basically a rogue Twitter application known as Profile Spy which tricks Twitter users into believing that it can tell them who has been viewing their online profile. If [...]
10 April 2011
Virus:W32/Ramnit is no stranger to many malware analysts/researchers, as it was in the wild back in 2010. Other malware researchers have blogged about the technical details of this interesting virus (here and here, for example); however there are still some noteworthy techniques — and an “easter egg” — waiting to be discovered. One of the [...]
10 April 2011
