TRxGM « Webroot Threat Blog

Shorty Worm Spams Links, Hijacks Browsers

March 4, 2011 – 9:51 am

By Andrew Brandt & Grayson Milbourne A novel worm we’re calling Worm-IM-Shorty appears to be winding its way through Facebook and some instant messaging services, with its come-on disguised as a link to a photograph hosted elsewhere. But when recipients click the link, they receive an executable Trojan instead, dressed up with the name and [...]

By mguthrie09 | Posted in adware, Backdoors, Botnet activity, Downloaders, Firefox, hijack search results, Internet Explorer, Search engines, social engineering, spam, Stupid malware tricks, Threat Research | Tags: 1.exe, articleslot.info, diggarticle.com, digitword.com, domredi.com, easynetseek.com, facebook, fotosdelinkz.net, gardenpics.com, golynta.com, PIC976242742133-JPG-www.facebook.com.exe, qoolsearch.info, shortplacez.net, TRxGM, Worm-IM-Shorty | Comments (1)

New Bank Phisher Brings Added Functionality, Problems

February 23, 2011 – 4:23 pm

By Andrew Brandt I didn’t want to let too much time pass before I wrote about a new Zbot-like bank phishing Trojan variant that came across my desk last week. The keylogger started arriving the first week of February as an attachment to a spam email designed to look like it came from United Parcel [...]

By mguthrie09 | Posted in Botnet activity, Downloaders, Keyloggers, phishing, Phishing Trojans, social engineering, spam, Stupid malware tricks, Threat Research | Tags: Bank of America, Capital One, Chase, cheburash.com, Cutwail, eveningquest.com, HKEY_CURRENT_USER\Software\Microsoft setiasworld, nightphantom.com, Rapport, romanspamer.com, The Adventures of Cheburashka and Crocodile Gena, Trojan-Backdoor-Downfall, Trojan-Backdoor-Poebot, Trojan-Pushu, Trusteer, TRxGM, United Parcel Service notification, USPS_Document.zip | Comments (2)

Search Hijacker Adds Files to Firefox Profile

November 5, 2010 – 11:49 am

By Andrew Brandt In September, I posted an item about a dropper which we call Trojan-Dropper-Headshot. This malware delivers everything including the kitchen sink when it infects your system. It has an absolute ton of payloads, any of which on their own constitute a serious problem. All together, they’re a nightmare. Among the payloads, we’ve [...]

By mguthrie09 | Posted in Firefox, hijack search results, malware, Threat Research, Trojans | Tags: Antivir Solution Pro, Bubnix, Firefox, Gleishug, good-search.net, google_search.xml, I Hug Legs, LDpinch, search-click.com, search-go.net, search-star.net, search-tab.com, seupd.exe, Sky-banners, Street-Ads, Trojan-Agent-TDSS, Trojan-Clicker-Vesloruki, Trojan-Downloader-Ncahp, Trojan-Dropper-Headshot, Trojan-Gleishug, TRxGM, user.js, virtumonde, wish-search.com, Zbot | Comments (2)

Civilization 5 Torrent Bonus: Uncivilized Malware

September 25, 2010 – 12:56 pm

By Andrew Brandt Bootlegged copies of Civilization 5, the highly anticipated, just-released real time strategy game, are already popping up in file sharing services. And, as we’ve come to expect, some of the pirated copies of the game come with that little something special — malicious components. One of our Threat Research Analysts, who also [...]

By mguthrie09 | Posted in Backdoors, Botnet activity, Downloaders, Keyloggers, social engineering, Stupid malware tricks, Threat Research, Trojans | Tags: 2f7ff2ecef4b5cf1c9679f79d9b72518, 6cf871199432f0dd9a669427f58155db, Albert1, Albert2, application data\microsoft, bittorrent, Civ 5, civ 5 torrent, Civilization 5, civilization 5 torrent, 문명5 readme before, my-slide-show-picture.exe, read me before burn.exe, torrent, TRxGM, window update | Comments (8)

Blackhat SEO of Google Images Links to Rogue AV

August 3, 2010 – 1:35 pm

By Andrew Brandt Yesterday, a few of the Threat Research folks and I had a little fun playing with a hack that had, for one day at least, pretty much decimated Google’s Image Search feature. One researcher, who stumbled into the attack purely by chance, found that a Google Images link to a map of [...]

By mguthrie09 | Posted in Blackhat SEO, Firefox, Google Chrome, Internet Explorer, Rogue Security Products, Safari, Search engines, social engineering, Stupid malware tricks, Threat Research, Trojans | Tags: "USA Map", Black SEO Empire, говнюк клуба, ff-update.exe, fffest.co.cc, Flash ActiveX Object Error, Googleum, Googleum is watching for you!, inst.exe, install new version of Adobe Flash Player 11 to take advantage of web 2.0, Killing Hazard(R) for Microsoft Windows XP immediately started to work, mookhost.com, On your computer detected the malicious code., Possible loss of important documents!, security tool, Should immediately make sure that your system is safe!, TRxGM, update-ff.co.cc, Wait a minute! This is important – we check your device, You must install new version of flash player, You need to install media components | Comments (11)

Starcraft 2 Launch Day Piracy Infects Eager Gamers

July 29, 2010 – 2:46 pm

By Andrew Brandt While some members of our Threat Research group are attending talks at the Black Hat Briefings, the rest of the team is back at our offices, hard at work watching for novel threats. That’s good news for gamers, and bad news for malware distributors who might try to take advantage of a [...]

By mguthrie09 | Posted in Downloaders, Gaming threats, malware, PC gaming, phishing, social engineering, Threat Research | Tags: bittorrent, SC2, SC2 torrents, Starcraft, Starcraft 2, Starcraft II, TRxGM, Wings of Liberty | Comments (8)

Spammed Trojan Won’t Run Under Windows XP

June 14, 2010 – 2:07 pm

By Andrew Brandt While it is far from the first Trojan ever to simply fail to execute under Windows XP, it definitely caught our eye that a variant of Trojan-Downloader-Tacticlol distributed last week in a spam campaign only fully executed under Windows Vista or newer operating systems. It may have been just a fluke, but [...]

By mguthrie09 | Posted in social engineering, spam, Stupid malware tricks, Threat Research | Tags: Hide File Extensions for Known File Types, HKLM\software\classes\idid, Pushu, Statement_of_Fees_2009-2010.DOC.exe, Statement_of_Fees_2009-2010.zip, Sysinternals Antivirus, Tacticlol, TDSS, Trojan-Agent-TDSS, Trojan-Backdoor-TDSS, Trojan-Downloader-Tacticlol, Trojan-Pushu, TRxGM, Zbot | Comments (3)

Follow

Follow “Webroot Threat Blog”

Powered by WordPress.com