tag:blogger.com,1999:blog-66033037569609948542024-10-09T13:35:59.362+11:00Steve Espinohttp://www.blogger.com/profile/11714946188727181972noreply@blogger.comBlogger36125tag:blogger.com,1999:blog-6603303756960994854.post-74303183141004181962012-05-03T12:02:00.001+10:002012-05-03T12:02:24.870+10:00

On May 2nd 2012, Lookout reported the first known incident where compromised websites are being used to serve malicious apps to Android users. "NotCompatible is a new Android trojan that appears to serve as a simple TCP relay / proxy while posing as a system update. This threat does not currently appear to cause any direct harm to a target device, but could potentially be used to gain illicit

Steve Espinohttp://www.blogger.com/profile/11714946188727181972noreply@blogger.com1tag:blogger.com,1999:blog-6603303756960994854.post-20176030052875926542012-04-17T17:18:00.000+10:002012-04-17T17:18:12.872+10:00

Dougalek is a mobile malware that runs on Android devices. It downloads and plays movie clips from a predetermined remote website while stealing information in the background. The mobile malware requests the following permissions: INTERNET - Allows applications to open network sockets. READ_CONTACTS - Allows an application to read the user's contacts data. READ_PHONE_STATE - Allows read

Steve Espinohttp://www.blogger.com/profile/11714946188727181972noreply@blogger.com0tag:blogger.com,1999:blog-6603303756960994854.post-44245615778042816292012-04-06T09:05:00.000+10:002012-04-06T09:05:50.648+10:00

image courtesy of wired.com Google has recently unveiled Project Glass. The idea is that it's going to be a kind of an augmented-reality device that provides google services via a sort of slim eyewear. It sounds kind of cool to be able to take photos of what you are exactly looking at, and immediately share it to your friends, access maps, and all that kind of stuff.  But knowing that

Steve Espinohttp://www.blogger.com/profile/11714946188727181972noreply@blogger.com0tag:blogger.com,1999:blog-6603303756960994854.post-22490997777727587112012-03-27T15:44:00.001+11:002012-03-27T15:51:29.622+11:00

Fake IRS Income Tax Appeal Rejection Notice Your income tax appeal has been declined! Unsuspecting users who receive this fake notification via email telling them that their income tax appeal has been rejected are being lured into opening and executing malicious email attachments. The cyber criminals are using scare tactics together with legitimate-looking rejection email notifications: Sample

Steve Espinohttp://www.blogger.com/profile/11714946188727181972noreply@blogger.com0tag:blogger.com,1999:blog-6603303756960994854.post-87437037470248746242010-03-05T16:10:00.000+11:002012-03-27T11:37:35.913+11:00

SEO : Search Engine Optimization. No, it's not another buzz word. It's a technique used by malware authors to propagate their malware. They use one of the most respected search engines today (Google) to make their way into the user's machine. Piggybacking on a prestigious, and highly trusted search engine is an efficient and effective way to reach out to billions of users worldwide.Rogue AVs

Dihttp://www.blogger.com/profile/01162451377862044081noreply@blogger.com0tag:blogger.com,1999:blog-6603303756960994854.post-28581107834255931332010-03-05T15:34:00.000+11:002012-03-27T11:37:35.895+11:00

In this era of spywares, file infectors have little exposure left. But nevertheless, they are still a challenge to antimalware engineers. Years ago, the names Nimda and CIH were famous in both the malware and antimalware industry. These past few years, the spotlight is on Virut.Last year we saw an influx of Virus.Virut infected samples. Virus.Virut is, in my opinion, one of the best viruses

Dihttp://www.blogger.com/profile/01162451377862044081noreply@blogger.com0tag:blogger.com,1999:blog-6603303756960994854.post-48136684455060796162010-03-05T15:06:00.001+11:002012-03-27T14:09:10.284+11:00

The magnitude 6.4 earthquake does not only rattle Taiwan but even the internet users as well. It is another opportunity for Malware writers to poison returned results from searches about this disaster. It now became a constant attack every time there is major news, earthquake, tsunami or any other event that would call the attention of the people. It seems now it guarantees every news has

Steve Espinohttp://www.blogger.com/profile/11714946188727181972noreply@blogger.com0tag:blogger.com,1999:blog-6603303756960994854.post-13736308260351554512010-03-01T10:48:00.000+11:002012-03-27T13:25:27.813+11:00

Shortly after the Haiti earthquake incident, the world is rocked again with the news of the Chile earthquake. And with the wave of searches on google about the Chile earthquake, malware authors have once again taken this opportunity to proliferate rogue antipsyware. Searches returned from google are generally not suspect, especially if they bear URLs that seem normal. But one particular site (

Dihttp://www.blogger.com/profile/01162451377862044081noreply@blogger.com0tag:blogger.com,1999:blog-6603303756960994854.post-37749270619054683492010-02-24T11:11:00.001+11:002012-03-27T11:20:30.677+11:00

Security Essentials 2010 (SE2010.exe) is a new rogue application which is usually arrives as a file dropped by a Trojan or downloaded from the internet. It employs the same techniques as of Internet Security 2010…then again, said techniques have proven effective before, so why fix what is not broken? Without being asked, SE2010 scans the infected computer and displays the list of threats 

Mylene Enriquez Villacortehttp://www.blogger.com/profile/06591360260354017972noreply@blogger.com0tag:blogger.com,1999:blog-6603303756960994854.post-78944136933167987462010-02-23T22:35:00.002+11:002012-03-27T13:34:18.318+11:00

The Hockey games on the 2010 Winter Olympics are well under way and SEO poisoning attacks abound! Hockey enthusiasts turning to the Internet in search of game schedules are in for quite a surprise as cyber-criminals are quick to ensure that their malicious websites appear in the top Google search results. Redirection Unsuspecting users who click on the malicious search results are

Steve Espinohttp://www.blogger.com/profile/11714946188727181972noreply@blogger.com0tag:blogger.com,1999:blog-6603303756960994854.post-26680888939748778762010-02-22T14:21:00.053+11:002010-02-22T18:42:21.321+11:00

Another hot topic circulating around the internet is the Winter Olympics and the hits around the search engines come soaring when the news of the death of a 21 year old luger Nodar Kumaritashvili breaks out. Malware writers are quick on taking advantage of this news to infect computer users browsing every website wanting to be updated. They also use as well as the current medal count at the said

Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6603303756960994854.post-90941349020997295082010-02-19T15:51:00.014+11:002010-02-19T16:29:11.165+11:00

Porn clips are everywhere! But then again, rogue antivirus software are everywhere too.The fake video codec tactic targets unsuspecting users wanting to view the adult videos purportedly being hosted in the malicious website:hxxp://porntube2000.comClicking on one of the thumbnails presents a video player window with the error message "Video ActiveX Object Error". The message asks the user install

Steve Espinohttp://www.blogger.com/profile/11714946188727181972noreply@blogger.com0tag:blogger.com,1999:blog-6603303756960994854.post-26801955658760066402010-01-22T12:03:00.000+11:002012-03-27T13:23:07.767+11:00

I received an unlikely Yahoo! IM from a long time friend with whom I have not been in contact with for quite a long time. Af first I thought, wow this would be a good time to catch up. She buzzed me and asked me if I was busy, then gave me a URL to try out very quickly and tell her what the results tell me. Well, here's the screenshot: The link was: hxxp://freakyloverresults.com At this

Steve Espinohttp://www.blogger.com/profile/11714946188727181972noreply@blogger.com2tag:blogger.com,1999:blog-6603303756960994854.post-1102045031883817512009-12-07T17:52:00.002+11:002012-03-27T14:05:54.482+11:00

Here's another porn site distributing malware under the guise of video codecs: hxxp://adultsvideo.cn/ Unsuspecting users wanting to view the adult videos are tricked into downloading and installing the fake codec. The fake codec can be downloaded from this url: hxxp://freebigutilites.com/ActiveX-Video-Codec.45092.exe The server spits out files that have different MD5s each time.

Steve Espinohttp://www.blogger.com/profile/11714946188727181972noreply@blogger.com0tag:blogger.com,1999:blog-6603303756960994854.post-11212396110018285552009-11-03T18:14:00.002+11:002012-03-27T13:58:09.485+11:00

MaCatte Antivirus is a rogue av that attempts to impersonate McAfee scanners in order to scam users. This scareware has been seen to be using a bogus My Computer online scan similar to ones we've seen here, here and here. The online scan can be seen on this url: hxxp://proscan5.info/25/26-088wLzQzL1EzL== The downloader being served from this url is time-sensitive and will not work after a

Steve Espinohttp://www.blogger.com/profile/11714946188727181972noreply@blogger.com2tag:blogger.com,1999:blog-6603303756960994854.post-43974915057546531892009-10-21T09:02:00.000+11:002012-03-27T13:23:07.790+11:00

Sysinternals has recently released Disk2vhd that "simplifies the migration of physical systems into virtual machines (p2v)." Disk2vhd is a utility that creates VHD (Virtual Hard Disk - Microsoft’s Virtual Machine disk format) versions of physical disks for use in Microsoft Virtual PC or Microsoft Hyper-V virtual machines (VMs) More here.

Steve Espinohttp://www.blogger.com/profile/11714946188727181972noreply@blogger.com0tag:blogger.com,1999:blog-6603303756960994854.post-83591278739107160582009-10-15T13:21:00.000+11:002012-03-27T13:23:07.862+11:00

Here are some screenshots of the members of this scareware family: Beware of these rouge apps.

Steve Espinohttp://www.blogger.com/profile/11714946188727181972noreply@blogger.com0tag:blogger.com,1999:blog-6603303756960994854.post-81211985102733400562009-10-13T14:48:00.002+11:002012-03-27T14:00:46.830+11:00

Another scareware has been spotted in the wild and it calls itself TrustFighter. This is a recent addition to the Winifighter family of scareware. Same as other members of this family of scareware, as in a previous post, TrustFighter creates heaps of junk binary files in the %systemroot% and %system% directories. Sample junk files are the following: %systemroot%\51c0vzr24975.dll %systemroot%

Steve Espinohttp://www.blogger.com/profile/11714946188727181972noreply@blogger.com0tag:blogger.com,1999:blog-6603303756960994854.post-20925971759793211712009-09-25T14:10:00.000+10:002012-03-27T13:23:07.755+11:00

We have been receiving bogus emails claiming to be coming from Microsoft: ...public distribution of this Update through the official website »www.microsoft.com would have result in efficient creation of a malicious software, we made a decision to issue an experimental private version of an update for all users Microsoft Windows OS. as the computer set to receive notifications when new updates

Steve Espinohttp://www.blogger.com/profile/11714946188727181972noreply@blogger.com0tag:blogger.com,1999:blog-6603303756960994854.post-51561286710509627082009-09-22T15:03:00.000+10:002012-03-27T13:27:17.534+11:00

Users Googling "Atlanta flood pictures" receive a yet another SEO attack, using a possibly compromised legitimate Australian website hosting restaurants in the famous Bondi area. Here's a screenshot of a google search result: A Fiddler capture shows us the redirections: So we go from hxxp://idrb.com/pdf_files/atlanta-flood-pictures.html>hxxp://06d.ru/t.php>>hxxp://read-cnn2.com/?pid

Steve Espinohttp://www.blogger.com/profile/11714946188727181972noreply@blogger.com0tag:blogger.com,1999:blog-6603303756960994854.post-60283392328187340052009-09-18T21:14:00.003+10:002012-03-27T13:55:19.028+11:00

We have been seeing a lot of new movement on the koobface front Lately. As koobface-serving domains are being taken down as early as the good guys discover them, the bad guys are at it and they respond by registering new ones. At the moment, their, C&C server is hosted in China with IP Address 61.235.117.83. The bad guys are still using a fake facebook website, as well as posing as a fake

Steve Espinohttp://www.blogger.com/profile/11714946188727181972noreply@blogger.com0tag:blogger.com,1999:blog-6603303756960994854.post-71475985063158700752009-08-27T18:52:00.000+10:002012-03-27T13:23:07.825+11:00

Another website has recently been spotted to be serving up malware in the guise of fake video codecs. This one praises itself as "The Best Nude Celebrity Movie Site" hxxp://alyssafan.net/1.html But in order to watch the any video, we would need to download and install their "Certified ActiveX video codec (VAC codec) use to protect content Copyrights" The fake fake codec can be downloaded

Steve Espinohttp://www.blogger.com/profile/11714946188727181972noreply@blogger.com2tag:blogger.com,1999:blog-6603303756960994854.post-86177141076826979272009-08-21T18:56:00.000+10:002012-03-27T13:29:01.226+11:00

Scareware is BIG business. They use heaps of scare tactics in order to convince unsuspecting users into buying rogue applications. But here's one that does a bit more than just scaring. System Security terminates almost all running processes. This basically prevents us from using our computers. More importantly, this hinders execution of tools necessary to investigate the infection and aid in

Steve Espinohttp://www.blogger.com/profile/11714946188727181972noreply@blogger.com0tag:blogger.com,1999:blog-6603303756960994854.post-7408693986427209712009-08-20T18:37:00.000+10:002012-03-27T13:23:07.832+11:00

Another scareware has been spotted and it calls itself Windows Protection Suite. You can get Windows Protection Suite from one of these urls: hxxp://searchscanner.net/?p=WKmimHVlbXCHjsbIo22EfYCIt1POo22YXZmK0qR0qay9sYmbm5h2lpd9fXCHodjSbpRelWZsmGGZYWPMU9jSzKKsl3OWh9esb2VraWhpbWyWX5aMlJNqhxxp://linewebsearch.com/?p=

Steve Espinohttp://www.blogger.com/profile/11714946188727181972noreply@blogger.com0tag:blogger.com,1999:blog-6603303756960994854.post-44481984616508719632009-08-19T18:07:00.001+10:002012-03-27T13:27:03.924+11:00

A recently leaked threesome sex tape, involving Grey's Anatomy's "McSteamy" Eric Dane and wife Rebecca Gayheart, has been circulating around the internet. And we all know that controversial stuff like these are often taken advantage of and used to distribute malware using techniques such as social engineering and SEO (search-engine optimization). Users of one particular website have been

Steve Espinohttp://www.blogger.com/profile/11714946188727181972noreply@blogger.com0