2011 June « Webroot Threat Blog

Monthly Archives: June 2011

Removing Popureb Doesn’t Require a Windows Reinstall

June 30, 2011 – 7:26 am

By Marco Giuliani Last Wednesday, Microsoft published a blog post detailing a significant update to a piece of malware named Popureb. The malware adds code to the Master Boot Record, or MBR, a region of the hard disk that’s read by the PC during bootup, long before the operating system has had a chance to [...]

By Marco Giuliani | Posted in Advanced Malware Removal, Backdoors, Destructive behavior, malware, Ransomware, Stupid malware tricks, Threat Research, Trojans | Tags: Chun Feng, IRP_MJ_INTERNAL_DEVICE_CONTROL, Master Boot Record, MBR, MBR infection, Mebroot, Microsoft, Popureb, Popureb.E, ransomware, ROL 0x73, ROR 0x73 FTW, SRB_FUNCTION_EXECUTE_SCSI, TDL3, TDL4, TDSS, Whistler, _allmul | Comments (10)

Five Summer Travel Security Tips

June 24, 2011 – 3:16 pm

By Andrew Brandt Ah, summer. Beaches, drinks with little umbrellas, 4th of July fireworks, baseball games, reading long cheesy novels in a lounge chair, teleconferencing with colleagues from your hotel room in Aruba. Wait, what? Yes, it’s true. It takes serious discipline to travel without schlepping along a laptop, smartphone, digital camera, MP3 player, portable [...]

By Lisa Bongiovanni | Posted in Firefox, Google Chrome, hijack search results, Internet Explorer, Mobile security, Threat Research, Trojans | Comments (2)

Phishers Cast Their Nets in the Social Media Pool

June 21, 2011 – 8:23 am

By Ian Moyse, EMEA Channel Director It can seem at times that the only people who like change are Internet attackers. And they don’t just like it—they need it. Technology’s rapid changes give cybercriminals new attack vectors to exploit, and new ways to turn a profit out of someone else’s misfortune. Take phishing, for example. [...]

By Lisa Bongiovanni | Posted in Botnet activity, hijack search results, Keyloggers, phishing, Search engines, social engineering, social networks, spam, Stupid malware tricks, Trojans, Website owners | Tags: ian moyse, phishing, smishing, sms-phishing, spam | Comments (2)

Windows Troubles Killer / Salvage System: Rogue of the Week

June 20, 2011 – 10:51 am

By Stephen Ham and Andrew Brandt This week’s rogue, once again, mimics a system utility and not merely an antivirus product. Either way, the scam is the same: Convince the victim that their computer is broken, then coerce them to pay for useless snake oil. These rogue system utilities go by the names Windows Troubles [...]

By Lisa Bongiovanni | Posted in Destructive behavior, Rogue Security Products, social engineering, Stupid malware tricks, Threat Research, Uncategorized | Tags: %appdata%\Microsoft, consentpromptbehavioradmin, consentpromptbehavioruser, disable System Restore, disable UAC, disable User Account Controls, disablesr, enablelua, IFEO, image file execution options, net stop msmpsvc, NirSoft CurrProcess, PrcView, Process Hacker, Safe Boot, TRxSH, User Account Controls, warnonhttpstohttpredirect, Windows Salvage System, Windows Troubles Killer | Comments (3)

Fake UPS Document Installs Fake Microsoft Patch Payload

June 17, 2011 – 8:12 am

By Andrew Brandt As if we didn’t have enough to deal with this week — after a Microsoft patch Tuesday that brought with it a boatload of security updates for Windows, Office, Silverlight, Visual Studio, and other programs — some enterprising malware distributor is emailing around bogus tracking number malware dressed up in the icon [...]

By Lisa Bongiovanni | Posted in Backdoors, Botnet activity, Downloaders, hijack search results, Keyloggers, Rogue Security Products, social engineering, spam, Stupid malware tricks, Threat Research | Tags: 153 James Street, 153 James Street Suite 100 Long Beach CA 90000, 90000, And it will arrive within 3 buisness days., clickcareful.org, findsmell.org, findstation.org, Hiloti, Long Beach CA, miliardov.com, Paymentsadd.com, pusk3.exe, Rogue Security Products, searchbreeze.org, SpyEye, Suite 100, svchost.exe, The parcel was sent to your home adress., Trojan-Downloader-Tukpat, trol.exe, trol2.exe, UPS_Document.exe, UPS_document.zip, variantov.com, Windows Recovery, Windows XP Restore | Comments (1)

Android ‘Angry Birds’ Malware Contains Bot-like Code

June 10, 2011 – 9:05 am

By Andrew Brandt Most of yesterday, Threat Research Analyst Armando Orozco and I took a closer look at a piece of malware discovered by a university security researcher, Xuxian Jiang of North Carolina State. The malicious code, which the malware creator named Plankton, is embedded into a number of apps that were briefly posted to [...]

By Lisa Bongiovanni | Posted in Android, Backdoors, Botnet activity, Downloaders, Mobile security, social engineering, Stupid malware tricks, Threat Research, Trojans | Tags: Android, Android Trojan, Android/Trojan.DroidKungFu, Android/Trojan.Plankton, Angry Birds, Angry Birds Cheater Trainer Helper V2.0, Angry Birds Multi User v1.00, Angry Birds Rio Unlocker v1.0, DroidKungFu, Plankton, Simply click on the button below to unlock ALL levels in Angry Birds Rio, Trojan.Plankton | Comments (16)

Malware Load Points Raise the Complexity Bar

June 9, 2011 – 9:09 am

By Andrew Brandt When malware ends up on an infected machine, one of the first things it will do is to ensure that it will start up again after the victim reboots their computer. For a criminal it makes sense. After all, what good is malware that stops working after a reboot? In Windows, there [...]

By Lisa Bongiovanni | Posted in Ad-clickers, Botnet activity, Firefox, hijack search results, Internet Explorer, Rogue Security Products, Search engines, Stupid malware tricks, Threat Research, Trojans | Tags: %appdata%, auto-start locations, Batserv, conima.exe, HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows, HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, HKEY_LOCAL_MACHINE\software\classes\exefile\shell\open\command, HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\open\command, HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\iexplore.exe\shell\open\command, HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run, load points, Local Account Authority Service, LocalAccountAuthority.bat, lssas.exe, manager.exe, rogue antivirus, Rogue Security Products, Run Key, start points, Trojan-Clicker-Batserv, Windows auto-start locations, windows load points, Windows start points, Wireshark Antivirus | Comments (4)

Why Put Security Into the Cloud?

June 7, 2011 – 7:51 am

This week, Webroot’s Thre@t Reply managed to steal some time with Ian Moyse, who knows a thing or two about the benefits of putting your computer and network security into the cloud, out where the threats are, rather than keeping your security inside your network or on individual computers. As always, feel free to submit [...]

By Lisa Bongiovanni | Posted in Enterprises, Internet security industry, phishing, social engineering, spam, Threat Research, Website owners | Tags: Cloud computing, cloud security, Cloud services, imoyse, security in the cloud | Comments (2)

INSIGHTS INTO THREATS AND TRENDS FROM OUR INTERNET SECURITY EXPERTS
Archives
Referral Program

Talk about a win win. Free security for your friends AND a donation to charity
Free tools

Haven’t tried Webroot SecureAnywhwere to remove an infection? Download a free trial

Webroot SecureAnywhere program/malware assistance?
Open a support ticket

Concerned about a specific URL or IP? Check the reputation of a URL or IP address
Connect with us!
Subscribe by email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 609 other followers
Send Us Feedback

blog@webroot.com
Blogroll

BizFeed
PConline Belgium
Security Alert
Security Cats
Krebs on Security
Security Watch
The Last Watchdog
Privacy

Privacy Statement
Navigation
topnav1
- Home
topnav2
- About the Bloggers
topnav3
- Webroot.com
topnav4
- RSS Feed
Site Meter
RSS
- RSS - Posts

Follow

Follow “Webroot Threat Blog”

Powered by WordPress.com