Tacticlol « Webroot Threat Blog

10 Threats from 2010 We’d Prefer Remain History

January 1, 2011 – 3:32 pm

By Andrew Brandt With 2010 finally behind us, and an unknown number of cyberattacks likely to come in the new year, I thought I’d run down a brief list of the malicious campaigns criminals pulled off last year that I’d really dread to see anyone repeat. Now that they’re in the past, they should stay [...]

By mguthrie09 | Posted in Enterprises, Stupid malware tricks, Threat Research, Firefox, Phishing Trojans, Keyloggers, Rogue Security Products, Gaming threats, social networks, social engineering, Passwords, Online shopping threats, spam, phishing, Blackhat SEO, Destructive behavior, Trojans, Website owners, Internet Explorer, Backdoors, Botnet activity | Tags: .cc, .in, Adobe updater, Aurora, BHSEO, black hat SEO, ccTLD, China, Cocos (Keeling) Islands, Exploit-PDF, Fake PDF, Firefox, Firefox update, Flash update, India, Koobface, Oficla, Operation Aurora, rogue antivirus, Rogue Security Products, Sasfis, SEO, Stuxnet, Tacticlol, Trojan-Downloader-Tacticlol, Windows Update | Comments (1)

Hey Malware Guy: Just What the Heck Am I Supposed to Do With This?

October 19, 2010 – 11:43 am

By Andrew Brandt The Tacticlol downloader, responsible for a lot of infections over the past year, propagates in two ways: via drive-by downloads, and as a .zip archive attached to messages. Maybe the spam filtering companies finally caught on to the trick, or maybe the Tacticlol distributors are just trying to mix it up, but [...]

By mguthrie09 | Posted in Botnet activity, Downloaders, social engineering, spam, Stupid malware tricks, Threat Research | Tags: глупо номер один, holbrook.jpg, Label_UPS_Nr###.exe, Label_UPS_Nr343.exe, Tacticlol, Trojan-Downloader-Tacticlol, UPS | Leave a Comment

Spammed Trojan Won’t Run Under Windows XP

June 14, 2010 – 2:07 pm

By Andrew Brandt While it is far from the first Trojan ever to simply fail to execute under Windows XP, it definitely caught our eye that a variant of Trojan-Downloader-Tacticlol distributed last week in a spam campaign only fully executed under Windows Vista or newer operating systems. It may have been just a fluke, but [...]

By mguthrie09 | Posted in social engineering, spam, Stupid malware tricks, Threat Research | Tags: Hide File Extensions for Known File Types, HKLM\software\classes\idid, Pushu, Statement_of_Fees_2009-2010.DOC.exe, Statement_of_Fees_2009-2010.zip, Sysinternals Antivirus, Tacticlol, TDSS, Trojan-Agent-TDSS, Trojan-Backdoor-TDSS, Trojan-Downloader-Tacticlol, Trojan-Pushu, TRxGM, Zbot | Comments (3)

Fake Amazon.com Order Emails Bring a Trojany “Friend”

May 17, 2010 – 4:37 pm

By Andrew Brandt An ongoing campaign where malware distributors use email spam to deliver dangerous programs to unwitting victims has begun to change its tune, switching the scam to incorporate different brands. In the latest scam, the message appears to be an order confirmation from Amazon.com for the purchase of an expensive consumer electronics item, [...]

By mguthrie09 | Posted in Destructive behavior, Downloaders, social engineering, spam, Stupid malware tricks, Threat Research | Tags: Amazon.com, itunes, Oficla, Pushdo, Pushu, Sasfis, shipping confirmation, Sony Bravia S8056, Tacticlol, Trojan-Backdoor-Zbot, Trojan-Downloader-Tacticlol, Trojan-Pushu, Zbot | Comments (7)

Trojan Masquerades as iTunes Gift or Résumé

May 12, 2010 – 10:06 am

By Andrew Brandt If you received one or more email messages over the past week that claim to contain an attached gift certificate for the Apple iTunes store or an unsolicited résumé, you probably received the latest scam involving the Tacticlol downloader. The iTunes-themed spam messages use the forged return address of gifts.certificate@itunes.com and read, [...]

By mguthrie09 | Posted in Stupid malware tricks, Threat Research, Phishing Trojans, social engineering, spam | Tags: Cutwail, Pushdo, Trojan-Pushu, Tacticlol, Oficla, Sasfis, You have received an iTunes Gift Certificate in the amount of $50.00. You can find your certificate code in the attachment below, Please review my CV, Thank you!, iTunes Gift Certificate, UPS_invoice_####.exe, DHL_label_nr###.exe, Resume_document_###.exe, iTunes_certificate_###.exe, c99 madShell v. 3.0 Blog edition, c99madShell, gifts.certificate@itunes.com | Comments (2)

Getting a “Conract” Doesn’t Make You a Rock Star

April 30, 2010 – 2:01 pm

By Andrew Brandt If you’re a rock-and-roll star, anticipating the imminent arrival of a new recording contract from your lawyer, you can stop reading this post. If you’re not, I’m sorry to be the one to tell you, it was not your hours of practice playing Rock Band, or singing in the shower, that attracted [...]

By mguthrie09 | Posted in Stupid malware tricks, Threat Research, social engineering, Destructive behavior | Tags: Pushu, Pushdo, Trojan-Pushu, Tacticlol, Our lawyers made alterations on the last page, we are ready to make the payment on Friday for the first consignment, We are enclosing the file with the prepared contract, Trojan-Downloader-Tacticlol, Oficla, Sasfis, Fregee, Losabel | Comments (4)

Modified Websites Pushing Trojans On the Rise

April 21, 2010 – 10:46 am

By Andrew Brandt For the past couple of weeks, owners of Web sites have been hit with a wave of attacks that surreptitiously infect unsuspecting visitors with a wide variety of malware types. The first wave inflicted rogue antivirus on unlucky victims, but late last week victims who visited infectious sites were redirected into a [...]

By mguthrie09 | Posted in adware, Blackhat SEO, Destructive behavior, Rogue Security Products, Stupid malware tricks, Threat Research | Tags: Adobe Acrobat, corpadsinc.com, Eleonor exploit kit, Hilary Kneber, hnarmettis.com, iframe, iprototo.com, itotolo.com, Kneber, mainnetsoll.com, mnuyetsgrr.com, networkads.net, nuvolokijj.com, obfuscated Javascript, Tacticlol, totoship.com, Trojan-Backdoor-failst0rm, Trojan-Backdoor-Zbot, Trojan-Clicker-Dawg, Win32.Decay, Wordpress, yahoo-statistic.com | Comments (1)

Follow

Follow “Webroot Threat Blog”

Powered by WordPress.com