2011 March « Webroot Threat Blog

Monthly Archives: March 2011

Pinball Corp’s Appbundler Employs Malware-like Techniques

March 29, 2011 – 12:44 pm

By Andrew Brandt For a couple of weeks now, I’ve been noticing a curious (and increasingly prevalent) phenomenon: Some of the free Web hosts popular among those who engage in phishing are popping new types of multimedia ads over the tops of the pages they host. Not only does the victim, in this case, risk [...]

By Lisa Bongiovanni | Posted in adware, Downloaders, Passwords, phishing, social engineering, social networks, Stupid malware tricks, Threat Research | Tags: 180Solutions, appbundler, appbundler.com, appbundler.net, clickpotato, clickpotato.tv, Download Now, Download the XviD Codec, facebookonlinegiriss.tr.gg, fake codec, fake Facebook, fake video, fake xvid, fake YouTube, HORRIBLE! a young girl did SUICIDE in front of cam - Watched this video!, icr01.appbundler.net, megaplayerhd.com, Onvertise, Pinball Corp., Play Now, TouTube, xvid Premium Setup Wizard, XviD Video, XvidSetup.exe, Zango | Comments (2)

Shipping Confirmations Back on the Radar

March 21, 2011 – 2:11 am

By Andrew Brandt After a prolonged absence, waves of Trojans distributed as Zipped email attachments have been showing up in our spam traps for a few weeks. The spam messages employ the same hackneyed shipping confirmation pretext as many previous iterations of this scam. This technique’s emergence as a common malware distribution method correlates with [...]

By Lisa Bongiovanni | Posted in Backdoors, Botnet activity, Downloaders, Keyloggers, Rogue Security Products, social engineering, spam, Stupid malware tricks, Threat Research | Tags: 548.exe, 62.122.73.203, AdobeUtil .exe, cnnus.ru, DHL, DHL Tracking.exe, DHL_tracking, DHL_tracking.zip, FedEx, HKCU\Software\MSOLoad, HKLM\software\classes\idid, krnl_servers_list, kusika911.ru, mialepromo.ru, MSHTA, Opera Internet Browser, Our_Agent, Post Express, Post_Express_Label, Post_Express_Label.zip, tracking.zip, Trojan-Downloader-Karagany, Trojan-Downloader-Tacticlol, Trojan-Relayer-Highport, UPS, User-Agent: Our_Agent, USPS | Comments (3)

Spammed YouTube Comments Promote Adware – Successfully

March 8, 2011 – 3:43 pm

(Update, July 11, 2011: On May 25, 2011, we were contacted by representatives of Future Ads, LLC, the parent company of both Playsushi and Gamevance. Future Ads informed us that they, too, had been victims of a scam perpetrated by rogue affiliates who seemed to be involved with the malicious campaigns we described in this [...]

By Lisa Bongiovanni | Posted in adware, Blackhat SEO, hijack search results, Search engines, social engineering, social networks, spam, Stupid malware tricks, Threat Research | Tags: bit.ly, bittorrent, Contactprivacy.com, fake video, isohunt, LeechTV, leechtv.com, the complête leekêd-film, the social network, this entîre leekêd-movìe, Tucows.com, YouTube | Comments (5)

Shorty Worm Spams Links, Hijacks Browsers

March 4, 2011 – 9:51 am

By Andrew Brandt & Grayson Milbourne A novel worm we’re calling Worm-IM-Shorty appears to be winding its way through Facebook and some instant messaging services, with its come-on disguised as a link to a photograph hosted elsewhere. But when recipients click the link, they receive an executable Trojan instead, dressed up with the name and [...]

By Lisa Bongiovanni | Posted in adware, Backdoors, Botnet activity, Downloaders, Firefox, hijack search results, Internet Explorer, Search engines, social engineering, spam, Stupid malware tricks, Threat Research | Tags: 1.exe, articleslot.info, diggarticle.com, digitword.com, domredi.com, easynetseek.com, facebook, fotosdelinkz.net, gardenpics.com, golynta.com, PIC976242742133-JPG-www.facebook.com.exe, qoolsearch.info, shortplacez.net, TRxGM, Worm-IM-Shorty | Comments (1)

INSIGHTS INTO THREATS AND TRENDS FROM OUR INTERNET SECURITY EXPERTS
Archives
Referral Program

Talk about a win win. Free security for your friends AND a donation to charity
Free tools

Haven’t tried Webroot SecureAnywhwere to remove an infection? Download a free trial

Webroot SecureAnywhere program/malware assistance?
Open a support ticket

Concerned about a specific URL or IP? Check the reputation of a URL or IP address
Connect with us!
Subscribe by email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 609 other followers
Send Us Feedback

blog@webroot.com
Blogroll

BizFeed
PConline Belgium
Security Alert
Security Cats
Krebs on Security
Security Watch
The Last Watchdog
Privacy

Privacy Statement
Navigation
topnav1
- Home
topnav2
- About the Bloggers
topnav3
- Webroot.com
topnav4
- RSS Feed
Site Meter
RSS
- RSS - Posts

Follow

Follow “Webroot Threat Blog”

Powered by WordPress.com