Monthly Archives: July 2011

Brazilian “Winehouse” Trojan Sends Hotmail, Bank Passwords to China

July 29, 2011 – 11:18 am

By Andrew Brandt Late Monday, after news about the death of troubled pop singer Amy Winehouse had been circling the globe for a little more than 48 hours, we saw the first malware appear that used the singer’s name as a social engineering trick to entice victims to run the malicious file. Abusing celebrity names, [...]

By mguthrie09 | Posted in Stupid malware tricks, Threat Research, Phishing Trojans, social engineering, spam, phishing, Botnet activity | Tags: , , , , , , , , , , , , , , , , , , , , | Comments (3)

Criminals Abuse Amazon Hosting with Rogues, Ransomware

July 20, 2011 – 11:21 am

By Andrew Brandt The criminals who push rogues at the world don’t really care about the reputations of the ISPs or Web hosting services they abuse. They leap from free service to free service until they’ve thoroughly worn out their welcome and, in some cases, destroyed the reputation of the service they abused. But they [...]

By mguthrie09 | Posted in Advanced Malware Removal, Botnet activity, Ransomware, Rogue Security Products, social engineering, Stupid malware tricks, Threat Research | Tags: , , , , , , | Comments (2)

ZeroAccess Gets Another Update

July 19, 2011 – 10:13 pm

By Marco Giuliani Among the most infamous kernel mode rootkits in the wild, most of them have had a slowdown in their development cycle – TDL rootkit, MBR rootkit, Rustock are just some examples. The same doesn’t apply for the ZeroAccess rootkit. The team behind it is working quite hard, which we know for a [...]

By mguthrie09 | Posted in Advanced Malware Removal, Backdoors, Deep Knowledge, Destructive behavior, rootkit, Smart Malware Tricks, Stupid malware tricks, Threat Research | Tags: , , , , , , , | Comments (7)

Free Anti-Popureb Tool Released

July 8, 2011 – 4:00 pm

By Andrew Brandt Last week, threat researcher and malware reverse-engineer Marco Giuliani wrote up a fairly technical description of a bootkit — a rootkit that infects the master boot record of the hard drive, making it very difficult to remove — called Popureb. Marco’s report made it clear that the bootkit does not require Windows [...]

By mguthrie09 | Posted in Advanced Malware Removal, Stupid malware tricks, Threat Research | Tags: , , | Comments (2)

ZeroAccess Rootkit Guards Itself with a Tripwire

July 8, 2011 – 12:40 pm

By Marco Giuliani The latest generation of a rapidly evolving family of kernel-mode rootkits called, variously, ZeroAccess or Max++, seems to get more powerful and effective with each new variant. The rootkit infects a random system driver, overwriting its code with its own, infected driver, and hijacks the storage driver chain in order to hide [...]

By Marco Giuliani | Posted in Ad-clickers, Botnet activity, Destructive behavior, Downloaders, Stupid malware tricks, Threat Research, Trojans | Tags: , , , , , | Comments (4)

With IM Buddies Like These, Who Needs Frienemies?

July 6, 2011 – 11:15 am

By Andrew Brandt The other morning, I walked into the office to find a slew of instant messaging buddy requests from total strangers. This isn’t unexpected: I frequently get buddy requests on IM accounts I maintain for research purposes that contain malicious URLs and other useful research data. But this was one request I wasn’t [...]

By mguthrie09 | Posted in Botnet activity, Destructive behavior, spam, Stupid malware tricks, Threat Research | Tags: , , | Comments (1)
Follow

Get every new post delivered to your Inbox.

Join 515 other followers