2010 September « Webroot Threat Blog

Monthly Archives: September 2010

Newsflash: HTML Spammers are Not So Bright

September 27, 2010 – 10:12 am

By Andrew Brandt It’s been more than a week that we at Webroot, and countless others, have been getting floods of bogus messages with HTML attachments. I thought I’d give the curious readers of this blog a quick glance at one of the drive-by sites that load in the browser if you try to open [...]

By mguthrie09 | Posted in adware, Downloaders, Rogue Security Products, social engineering, spam, Stupid malware tricks, Threat Research | Tags: Backdoor.Perl.AEI.20, Email-Worm.Win32.Eyeveg.b, Email-Worm.Win32.Myd, Email-Worm.Win32.Net, Hard Disc Drivers, Javascript, Javascript fakealert, Lemena.3544, Macro.PPoint.Attach, obfuscated Javascript, Return to Microsoft Security Assessment Tool and download it to guard your PC., Spyware is software which is loaded onto your computer without your knowledge, There is a big chance that your computer is infected!, They can cause data loss and file damages and need to be fixed as soon as possible., To help protect your computer, Trj-Dwnldr.Win, Trojan-Clicker.Win32.Bitdefener, Trojan-PSW.Win32.Aletc, Trojan-Spy.Win32.WMPatch, Virus.BAT.Vr.a, Windows Defender has detected spyware and ready to remove them, Windows Security Alert, Your Computer is Infected! | Comments (4)

Civilization 5 Torrent Bonus: Uncivilized Malware

September 25, 2010 – 12:56 pm

By Andrew Brandt Bootlegged copies of Civilization 5, the highly anticipated, just-released real time strategy game, are already popping up in file sharing services. And, as we’ve come to expect, some of the pirated copies of the game come with that little something special — malicious components. One of our Threat Research Analysts, who also [...]

By mguthrie09 | Posted in Backdoors, Botnet activity, Downloaders, Keyloggers, social engineering, Stupid malware tricks, Threat Research, Trojans | Tags: 2f7ff2ecef4b5cf1c9679f79d9b72518, 6cf871199432f0dd9a669427f58155db, Albert1, Albert2, application data\microsoft, bittorrent, Civ 5, civ 5 torrent, Civilization 5, civilization 5 torrent, 문명5 readme before, my-slide-show-picture.exe, read me before burn.exe, torrent, TRxGM, window update | Comments (8)

Malicious HTML Mail Attachments Flood Inboxes

September 22, 2010 – 4:20 pm

By Andrew Brandt If you hadn’t already noticed, an ongoing spam campaign where someone is sending email messages with attached HTML files continues to be a problem. The current campaign appears to be a new wave of spam similar to the one I reported about in July. The messages, which began arriving a week ago, [...]

By mguthrie09 | Posted in social engineering, spam, Stupid malware tricks, Threat Research, Trojans, Website owners | Tags: America's Got Talent, Apartment for rent, Cops kill shooter at Johns Hopkins Hospital, credit card, Daniel Covington, Invoice for Floor replacement, Shipping Notification, vacation, x.html | Comments (2)

Epic Malware Dropper Makes No Attempt to Hide

September 21, 2010 – 3:09 pm

By Andrew Brandt In the world of first-person shooter games, getting the most headshots – hits on the opponent which instantly take the opponent’s avatar out of the game — is a prized goal. The headshot is the quickest way to dispatch a foe in virtually every shooter, which is why the file name of [...]

By mguthrie09 | Posted in Ad-clickers, adware, Backdoors, Blackhat SEO, Destructive behavior, Downloaders, Keyloggers, social engineering, spam, Stupid malware tricks, Threat Research, Trojans | Tags: acronis toolbar helper, Adware-DiskClean, amnesiac, autouploaders.net, avto.exe, bestviewbars.com, daporch.com, Desktop Cleanup Wizard, dskclnwiz.dll, fFollower.exe, glures.com, igpayinfos.com, klikiRandomizer, miragge.exe, promotds.com, q1.exe, solaruploaderz.com, Trojan-Agent-Dump, Trojan-Agent-TDSS, Trojan-Backdoor-Zbot, Trojan-Clicker-Vesloruki, Trojan-Downloader-Ncahp, Trojan-Dropper-Headshot, Worm-Koobface, yogetheadshot.php, yogetheadshot.php.exe | Leave a Comment

New Rogue Is Actually Five Rogues in One

September 16, 2010 – 1:32 pm

By Andrew Brandt For years, the makers of those snake oil security programs we call Rogue Security Products have spent considerable effort making up new names, developing unique graphic design standards, and inventing backstories for their utterly useless, expensive scam products. Now a new rogue has taken this never ending shell game one step further, [...]

By mguthrie09 | Posted in Blackhat SEO, Internet security industry, Ransomware, Rogue Security Products, Search engines, social engineering, Stupid malware tricks, Threat Research | Tags: $99.90, AntiSpy Safeguard, Continue unprotected, firewall, Install heuristic module, Major Defense Kit, Microsoft Security Essentials, Peak Protection, Peak Protection 2010, Pest Detector, Red Cross Antivirus, Required heuristics module, Rogue Security Products | Comments (4)

Workplace Social Networking: More Like Antisocial Not-working

September 14, 2010 – 2:03 pm

By Ian Moyse, EMEA Channel Director Hardly a week goes by when the national press doesn’t carry a story about how social networks represent a threat to privacy or security, or both. These news stories aren’t wrong: Users of social networks face a raft of risks, ranging from malware attacks and identity theft, to cyberbullying, [...]

By imoyse | Posted in Destructive behavior, Enterprises, social engineering, social networks | Tags: facebook, social networking, social networks, the social network, twitter, workplace computer use | Leave a Comment

Cracked Trojan-Maker Infects Prospective Criminals

September 10, 2010 – 9:39 am

By Andrew Brandt In what seems to be a trend in my September blog posts, the research team has run across a program meant for criminally-minded people which has a nasty surprise inside. The program in question is called the ZombieM Bot Builder, which is used by the kind of upstanding citizens who spread Trojans [...]

By mguthrie09 | Posted in Backdoors, Botnet activity, Destructive behavior, malware, Stupid malware tricks, Threat Research, Trojans, Uncategorized | Tags: Arhack, m41k00l.no-ip.biz, Trojan-Backdoor-PoisonIvy, troyanosyvirus.com, ZombieM Bot, ZombieM Bot Builder, ZombieMBot | Leave a Comment

Fake Flash Update Needs Flash to Work

September 7, 2010 – 1:23 pm

By Andrew Brandt If you live in the US, you may have played sports, barbequed, or enjoyed the last long weekend of the summer outside doing something fun outdoors. Unfortunately, that wasn’t an option here in Boulder, where a large wildfire generated a thick plume of smoke and ash. So, what’s a malware analyst to [...]

By mguthrie09 | Posted in Downloaders, phishing, Phishing Trojans, Rogue Security Products, social engineering, social networks, spam, Stupid malware tricks, Threat Research, Trojans | Tags: ah17 (10 hours ago), babachat (4 hours ago), csmith1199 (6 hours ago), ff2ie.exe, Flash Player 10.37, Funniest thing EVER!!, Koobface, m24.in, m24.in.exe, Nice vid :), sinmike1 (7 hours ago), that.... was .......GREAT !!!, Video posted by ... Hidden Camera ..., WooHoo!! Love this vid!!! Congrats on the front page!!!! :-), Worm-Koobface | Comments (1)

PHP Backdoor Has Another Backdoor Inside

September 6, 2010 – 12:01 am

By Andrew Brandt Is there no honor among thieves anymore? The other day I was looking at a remote access Trojan written in the PHP scripting language. The bot loads into memory on a victim’s computer when an unsuspecting user, for example, stumbles upon an iframe pointing to the PHP script embedded in a Web [...]

By mguthrie09 | Posted in Stupid malware tricks, Threat Research, Trojans | Tags: getemgirlfriday.com, PHP, PHP backdoor, server-side malware | Comments (2)

Pro-Israel Website Receives Passwords Stolen by Koobface

September 2, 2010 – 1:04 pm

By Andrew Brandt Is the team behind the Koobface worm taking a stance on the Israeli-Palestinian peace talks, or is this notorious worm’s most recent, bizarre twist just a coincidence? We’ve seen Koobface hijack legitimate Web sites for more than a year, using them not only to host malicious payload files, but also to work [...]

By mguthrie09 | Posted in Keyloggers, phishing, Phishing Trojans, Rogue Security Products, social engineering, social networks, Stupid malware tricks, Threat Research, Trojans | Tags: Israel, Israeli, Koobface, middle east peace, migdal, migdal.org, migdal.org.il, migdal.org.il.exe, Palestine, Palestinian, Worm-Koobface | Comments (2)

Follow

Follow “Webroot Threat Blog”

Powered by WordPress.com