Category Archives: Advanced Malware Removal

Black Hat Redux: Botnet Takedown Mistakes to Avoid

August 17, 2011 – 12:00 pm

By Andrew Brandt I’ve worked in the security industry for nearly five years, and it was apparent early on that the most successful people in this field bring to their work a passion and a commitment to protecting not only one’s customers, but to providing a certain level of information about security threats to the [...]

By mguthrie09 | Also posted in Stupid malware tricks, Threat Research, spam, Botnet activity, Deep Knowledge | Comments (3)

New Tool Released: Kiss (or Kick) ZeroAccess Goodbye

August 3, 2011 – 2:09 pm

By Andrew Brandt There are fewer types of malware infections more frustrating and annoying than a rootkit with backdoor capabilities. Over the past couple of years, we’ve seen the emergence of this new, tough-to-fight infectious code, and its transformation from nuisance to severe threat. With the hard work and perseverance of Threat Research Analyst and [...]

By mguthrie09 | Also posted in Stupid malware tricks, Threat Research, rootkit, Deep Knowledge | Comments (21)

Criminals Abuse Amazon Hosting with Rogues, Ransomware

July 20, 2011 – 11:21 am

By Andrew Brandt The criminals who push rogues at the world don’t really care about the reputations of the ISPs or Web hosting services they abuse. They leap from free service to free service until they’ve thoroughly worn out their welcome and, in some cases, destroyed the reputation of the service they abused. But they [...]

By mguthrie09 | Also posted in Botnet activity, Ransomware, Rogue Security Products, social engineering, Stupid malware tricks, Threat Research | Comments (2)

ZeroAccess Gets Another Update

July 19, 2011 – 10:13 pm

By Marco Giuliani Among the most infamous kernel mode rootkits in the wild, most of them have had a slowdown in their development cycle – TDL rootkit, MBR rootkit, Rustock are just some examples. The same doesn’t apply for the ZeroAccess rootkit. The team behind it is working quite hard, which we know for a [...]

By mguthrie09 | Also posted in Backdoors, Deep Knowledge, Destructive behavior, rootkit, Smart Malware Tricks, Stupid malware tricks, Threat Research | Comments (7)

Free Anti-Popureb Tool Released

July 8, 2011 – 4:00 pm

By Andrew Brandt Last week, threat researcher and malware reverse-engineer Marco Giuliani wrote up a fairly technical description of a bootkit — a rootkit that infects the master boot record of the hard drive, making it very difficult to remove — called Popureb. Marco’s report made it clear that the bootkit does not require Windows [...]

By mguthrie09 | Also posted in Stupid malware tricks, Threat Research | Comments (2)

Removing Popureb Doesn’t Require a Windows Reinstall

June 30, 2011 – 7:26 am

By Marco Giuliani Last Wednesday, Microsoft published a blog post detailing a significant update to a piece of malware named Popureb. The malware adds code to the Master Boot Record, or MBR, a region of the hard disk that’s read by the PC during bootup, long before the operating system has had a chance to [...]

By Marco Giuliani | Also posted in Backdoors, Destructive behavior, malware, Ransomware, Stupid malware tricks, Threat Research, Trojans | Comments (9)

MacProtector: Rogue of the Week

May 27, 2011 – 6:00 pm

By Andrew Brandt This week, we turn our attention temporarily away from the never-ending stream of rogue security products on the Windows platform and take a closer look at the Mac OS analogue, MacProtector (aka Mac Security, Mac Defender, MacGuard, and–if history serves–soon to be many, many other names). There’s been a lot of press [...]

By mguthrie09 | Also posted in Rogue Security Products, social engineering, Stupid malware tricks, Threat Research | Leave a Comment

Rogue of the Week: Windows Recovery

May 19, 2011 – 10:56 pm

By Andrew Brandt Word from the AMR group last week was that there weren’t many changes from the previous week; Many of the same rogue antivirus previously reported in this blog continue to plague the Internet. This week I decided to focus on a rogue that’s recently become a problem. It goes by the name [...]

By mguthrie09 | Also posted in Internet Explorer, Rogue Security Products, social engineering, Stupid malware tricks, Threat Research | Comments (7)

Antivirus Center: Rogue of the Week

May 10, 2011 – 2:59 pm

By Andrew Brandt and Brenden Vaughan Our Advanced Malware Removal group reported seeing several cases of a rogue called Antivirus Center this past week. The rogue isn’t new – we began seeing samples of it last year – but has re-emerged as a threat. This rogue is characterized by a close mimicry of some aspects [...]

By mguthrie09 | Also posted in Rogue Security Products, social engineering, Stupid malware tricks, Threat Research | Comments (5)

ROTW: “Total Security” and Antivirus IS

April 25, 2011 – 9:00 am

By Brenden Vaughan and Andrew Brandt This week, our support and advanced malware removal (AMR) team did not have a lot of new data to report about rogue security products. The most commonly encountered infection continues to be one of the rogues we reported about last week. While we may refer to it as XP [...]

By mguthrie09 | Also posted in hijack search results, Internet Explorer, mal-effects, Rogue Security Products, social engineering, Stupid malware tricks, Threat Research | Comments (2)
Follow

Get every new post delivered to your Inbox.

Join 546 other followers