antivirus 2010 « Webroot Threat Blog

Karagany Isn’t a Doctor, but Plays One on Your PC

November 22, 2010 – 4:29 pm

By Andrew Brandt A Trojan that pulls a sly performance of now-you-see-me-now-you-don’t disguises itself on an infected system as the Adobe Updater, a real program that’s installed alongside such mainstay applications as the Adobe Reader. This method of hiding in plain sight means the downloader, Trojan-Downloader-Karagany, may remain active on an infected system for an [...]

By mguthrie09 | Posted in Botnet activity, Downloaders, Rogue Security Products, Stupid malware tricks, Threat Research | Tags: AdobeUpdate .exe, AdobeUpdater.exe, antivirus 2010, err.log, InstallAntivirus2010.exe, Karagany, loadplugin:localftp2, localftp2.dll, myusermanager.in, security tool, Trojan-Downloader-Karagany, usermanager.in, webtopantivirus.com, \Application Data\Adobe\plugs | Comments (6)

Fakealerts: Building a Better Mousetrap

November 25, 2009 – 10:48 am

By Andrew Brandt In general, the use of fakealerts – those bogus warnings that look like your PC has started some sort of antivirus scan on its own, then predict imminent doom if you don’t buy some snake oil product right this minute — is on the rise. Fakealerts constitute a particularly effective social engineering [...]

By mguthrie09 | Posted in adware, Blackhat SEO, Rogue Security Products, social engineering, Stupid malware tricks, Threat Research | Tags: Adware-Sabotch, antivirus 2010, fakealert, rogue antivirus, rogue security product, sabotch, Trojan-Downloader-Dermo, Windows Web Security | Comments (7)

Trojan Uses Commercial Firewall to Block AV Updates

October 16, 2009 – 12:01 am

By Andrew Brandt Purveyors of rogue security products continue to bulk up their arsenal of stupid tricks, all of which are designed to induce either fear or frustration in victims. Increasingly, certain distributions of rogue antivirus include a payload that blocks the infected computer from receiving antivirus updates. That part isn’t new; Many Trojan installers [...]

By mguthrie09 | Posted in Rogue Security Products, Stupid malware tricks, Threat Research | Tags: antivirus 2010, firewall, Interrupdate, Liften, Trojan-Netfilter, Trojan.Interrupdate, Win32.Liften | Comments (1)

No Search is Sacred: Fakealerts Flood the Net

October 7, 2009 – 11:52 am

By Andrew Brandt Search engines appear to be no longer in control of the search results they display at any given moment. That’s bad news not only for the search giants, but for anyone who relies on their results. How can that be? After all, it’s the search engines’ own servers that are supposed to [...]

By mguthrie09 | Posted in Blackhat SEO, Rogue Security Products, social engineering, Stupid malware tricks, Threat Research | Tags: antivirus 2010, google manipulation, rogue antivirus, rogue security product, rogue seo | Comments (10)

Follow

Follow “Webroot Threat Blog”

Powered by WordPress.com