Category Archives: Destructive behavior

Some malware can damage the operating system, such that it crashes and/or will not reboot. Webroot characterizes any behavior that results in loss of data or of the use of the infected computer destructive.

This blackhole exploit kit gives you Windows Media Player and a whole lot more

November 11, 2011 – 10:11 am

By Mike Johnson As a follow-up to the Blackhole Exploit posting, I thought I would share one aspect of my job that I truely enjoy: Discovery. While investigating some active urls being served up via a blackhole kit, I noticed something quite odd, as I would end up on sites that had malicious code injected into their webpages. Once [...]

By Lisa Bongiovanni | Also posted in Exploits, Internet Explorer, malware, Threat Research, Uncategorized | Comments (4)

Trojans Employ Misdirection Instead of Obfuscation

August 25, 2011 – 3:49 pm

By Andrew Brandt An unusual family of Trojans, apparently of Chinese origin, engages in rootkit-like behavior which seems designed not to hide the presence of the malware on an infected system, but to misdirect or confuse a technical person who might be using system analysis tools on an infected computer. The Trojans all originated from [...]

By mguthrie09 | Also posted in Backdoors, Botnet activity, Stupid malware tricks, Threat Research, Website owners | Leave a Comment

TDL3 and ZeroAccess: More of the Same?

August 8, 2011 – 4:54 pm

By Marco Giuliani In our previous technical analysis of the ZeroAccess rootkit, we highlighted how it acts as a framework by infecting the machine — setting up its own private space in the disk, first through a dedicated file system on the disk, and more recently by using a hidden and locked directory. This is [...]

By Marco Giuliani | Also posted in Botnet activity, Deep Knowledge, rootkit, Smart Malware Tricks, Threat Research, Uncategorized | Comments (3)

ZeroAccess Gets Another Update

July 19, 2011 – 10:13 pm

By Marco Giuliani Among the most infamous kernel mode rootkits in the wild, most of them have had a slowdown in their development cycle – TDL rootkit, MBR rootkit, Rustock are just some examples. The same doesn’t apply for the ZeroAccess rootkit. The team behind it is working quite hard, which we know for a [...]

By mguthrie09 | Also posted in Advanced Malware Removal, Backdoors, Deep Knowledge, rootkit, Smart Malware Tricks, Stupid malware tricks, Threat Research | Comments (7)

ZeroAccess Rootkit Guards Itself with a Tripwire

July 8, 2011 – 12:40 pm

By Marco Giuliani The latest generation of a rapidly evolving family of kernel-mode rootkits called, variously, ZeroAccess or Max++, seems to get more powerful and effective with each new variant. The rootkit infects a random system driver, overwriting its code with its own, infected driver, and hijacks the storage driver chain in order to hide [...]

By Marco Giuliani | Also posted in Stupid malware tricks, Threat Research, Downloaders, Trojans, Botnet activity, Ad-clickers | Comments (4)

With IM Buddies Like These, Who Needs Frienemies?

July 6, 2011 – 11:15 am

By Andrew Brandt The other morning, I walked into the office to find a slew of instant messaging buddy requests from total strangers. This isn’t unexpected: I frequently get buddy requests on IM accounts I maintain for research purposes that contain malicious URLs and other useful research data. But this was one request I wasn’t [...]

By mguthrie09 | Also posted in Botnet activity, spam, Stupid malware tricks, Threat Research | Comments (1)

Removing Popureb Doesn’t Require a Windows Reinstall

June 30, 2011 – 7:26 am

By Marco Giuliani Last Wednesday, Microsoft published a blog post detailing a significant update to a piece of malware named Popureb. The malware adds code to the Master Boot Record, or MBR, a region of the hard disk that’s read by the PC during bootup, long before the operating system has had a chance to [...]

By Marco Giuliani | Also posted in Advanced Malware Removal, Backdoors, malware, Ransomware, Stupid malware tricks, Threat Research, Trojans | Comments (9)

Thre@t Reply: What’s a Firewall?

May 24, 2011 – 2:43 pm

This week’s Thre@t Reply video features Threat Research Analyst Armando Orozco answering one of the most frequently asked questions we receive: What is a firewall, and how does it work? Well, the actual question wasn’t put quite so politely, but that’s the gist of it. Armando is the primary researcher working on the Mobile Security [...]

By mguthrie09 | Also posted in Botnet activity, Stupid malware tricks, Threat Research | Comments (5)

Rogues of the Week: XP Total Security & MS Removal Tool

April 18, 2011 – 9:00 am

By Andrew Brandt It’s been said that sunlight sanitizes almost everything it shines on. Beginning this week, and every week from now on, we’ll focus a concentrated beam on the rogue antivirus programs our support staff and Threat Research team have been working to remediate. Rogues have a tendency to switch up their names, user [...]

By mguthrie09 | Also posted in Blackhat SEO, Rogue Security Products, social engineering, spam, Stupid malware tricks, Threat Research, Trojans | Comments (9)
Follow

Get every new post delivered to your Inbox.

Join 526 other followers