Category Archives: Stupid malware tricks

Most malware in circulation are Trojans, and resort to some form of trickery in order to get themselves executed. Sometimes these tricks are, well, dumb, don’t work, or otherwise find themselves worthy of derision and mockery. These are their stories. (DUM DUM!)

ZeroAccess Rootkit Guards Itself with a Tripwire

July 8, 2011 – 12:40 pm

By Marco Giuliani The latest generation of a rapidly evolving family of kernel-mode rootkits called, variously, ZeroAccess or Max++, seems to get more powerful and effective with each new variant. The rootkit infects a random system driver, overwriting its code with its own, infected driver, and hijacks the storage driver chain in order to hide [...]

By Marco Giuliani | Also posted in Threat Research, Destructive behavior, Downloaders, Trojans, Botnet activity, Ad-clickers | Comments (4)

With IM Buddies Like These, Who Needs Frienemies?

July 6, 2011 – 11:15 am

By Andrew Brandt The other morning, I walked into the office to find a slew of instant messaging buddy requests from total strangers. This isn’t unexpected: I frequently get buddy requests on IM accounts I maintain for research purposes that contain malicious URLs and other useful research data. But this was one request I wasn’t [...]

By mguthrie09 | Also posted in Botnet activity, Destructive behavior, spam, Threat Research | Comments (1)

Removing Popureb Doesn’t Require a Windows Reinstall

June 30, 2011 – 7:26 am

By Marco Giuliani Last Wednesday, Microsoft published a blog post detailing a significant update to a piece of malware named Popureb. The malware adds code to the Master Boot Record, or MBR, a region of the hard disk that’s read by the PC during bootup, long before the operating system has had a chance to [...]

By Marco Giuliani | Also posted in Advanced Malware Removal, Backdoors, Destructive behavior, malware, Ransomware, Threat Research, Trojans | Comments (9)

Phishers Cast Their Nets in the Social Media Pool

June 21, 2011 – 8:23 am

By Ian Moyse, EMEA Channel Director It can seem at times that the only people who like change are Internet attackers. And they don’t just like it—they need it. Technology’s rapid changes give cybercriminals new attack vectors to exploit, and new ways to turn a profit out of someone else’s misfortune. Take phishing, for example. [...]

By imoyse | Also posted in Botnet activity, hijack search results, Keyloggers, phishing, Search engines, social engineering, social networks, spam, Trojans, Website owners | Comments (2)

Fake UPS Document Installs Fake Microsoft Patch Payload

June 17, 2011 – 8:12 am

By Andrew Brandt As if we didn’t have enough to deal with this week — after a Microsoft patch Tuesday that brought with it a boatload of security updates for Windows, Office, Silverlight, Visual Studio, and other programs — some enterprising malware distributor is emailing around bogus tracking number malware dressed up in the icon [...]

By mguthrie09 | Also posted in Backdoors, Botnet activity, Downloaders, hijack search results, Keyloggers, Rogue Security Products, social engineering, spam, Threat Research | Comments (1)

Android ‘Angry Birds’ Malware Contains Bot-like Code

June 10, 2011 – 9:05 am

By Andrew Brandt Most of yesterday, Threat Research Analyst Armando Orozco and I took a closer look at a piece of malware discovered by a university security researcher, Xuxian Jiang of North Carolina State. The malicious code, which the malware creator named Plankton, is embedded into a number of apps that were briefly posted to [...]

By mguthrie09 | Also posted in Android, Backdoors, Botnet activity, Downloaders, Mobile security, social engineering, Threat Research, Trojans | Comments (15)

MacProtector: Rogue of the Week

May 27, 2011 – 6:00 pm

By Andrew Brandt This week, we turn our attention temporarily away from the never-ending stream of rogue security products on the Windows platform and take a closer look at the Mac OS analogue, MacProtector (aka Mac Security, Mac Defender, MacGuard, and–if history serves–soon to be many, many other names). There’s been a lot of press [...]

By mguthrie09 | Also posted in Advanced Malware Removal, Rogue Security Products, social engineering, Threat Research | Leave a Comment

Thre@t Reply: What’s a Firewall?

May 24, 2011 – 2:43 pm

This week’s Thre@t Reply video features Threat Research Analyst Armando Orozco answering one of the most frequently asked questions we receive: What is a firewall, and how does it work? Well, the actual question wasn’t put quite so politely, but that’s the gist of it. Armando is the primary researcher working on the Mobile Security [...]

By mguthrie09 | Also posted in Botnet activity, Destructive behavior, Threat Research | Comments (5)
Follow

Get every new post delivered to your Inbox.

Join 526 other followers