Category Archives: Online Fraud

We are researching a couple of highly prevalent pieces of malware, and may be drawing some links between the two. Thousands of websites have been compromised and are spreading phony “get_flash_update.exe” files via a “showvideo.html” page titled “Watch Free Movie”. … Continue reading

Posted in Online Fraud | Leave a comment

Our colleagues at Hispasec Sistemas have integrated ThreatExpert report URLs into VirusTotal – a free multi-AV online scanner. Thanks Julio! ¡Gracias Alejandro! Now, if submit a sample to VirusTotal and that sample has already been processed by ThreatExpert, the VirusTotal … Continue reading

Posted in Online Fraud | Leave a comment

A google search for poison still returns a top result for one of the tackiest 80s pouty lipped glam bands around. They are still on tour, and they probably haven’t even heard of Dns. Dns cache poisoning (there is a … Continue reading

Posted in Online Fraud | Leave a comment

Talented and well connected cyberthreat analyst Dancho Danchev posted an interview with researcher Thierry Zoller of n.runs AG, the group that recently published a paper on 800 AV product vulnerabilities. He gave Thierry a chance to discuss thoughts on McAfee’s … Continue reading

Posted in Online Fraud | 3 Comments

As reported by Larry Seltzer from PC Magazine, one rogue anti-spyware product claims to have won a number of awards, including the PC Magazine Editors’ Choice and Best of 2005. Of course, it did not win any such awards. Factually, … Continue reading

Posted in Online Fraud | Leave a comment

c|Net writer Robert Vamosi posted some pretty fascinating insights into the future of the AV industry on his “Defense in Depth” column. He begins with some alarming-sounding criticism of the products: “I’ve been hearing some well-regarded security people tell me … Continue reading

Posted in Online Fraud | 2 Comments

As reported by Reuters, NATO Secretary-General Jaap de Hoop Scheffer expressed his concern with the “Russia’s statement that its military aircraft deliberately overflew Georgian territory in violation of its territorial integrity.” Russian officials have admitted that they ordered the air … Continue reading

Posted in Online Fraud | Leave a comment

The “Rogue” computer engineer from San Francisco that granted himself exclusive administrative access, at the very least locking out admin access from other users, to a city network housing confidential city records still is in jail on $5 million bail. … Continue reading

Posted in Online Fraud | Leave a comment

The IRS warned users of fraudulent emails that request users visit a web site and disclose personal information. Here is a screenshot of a version of the scam we just received: Notice that the “Click here” link provides a non-IRS … Continue reading

Posted in Online Fraud | Leave a comment

Another Fakealert variant resorts to displaying a set of deceptive messages that can be found within the executable, while disguising the file as a Microsoft deliverable. These deceptions are best described as “cheap”. Don’t fall for it. Here is a … Continue reading

Posted in Online Fraud | Leave a comment

Usually, port 53 is used for DNS queries and transactions over both tcp and udp, while http GET request traffic is handled over tcp 80 or 8080 (or ssl encrypted over 443). Instead, currently we have an unusual set of … Continue reading

Posted in Online Fraud | 1 Comment

Kill the messenger? In this case, yes. A round of “hallmark.exe” files are being downloaded and run by some of our community. Some pop images of pleasant scenes like strangely named “xmas.jpg”, which doesn’t look much like xmas anywhere to … Continue reading

Posted in Online Fraud | Leave a comment

PC Tools is proud to be a participating member of The Anti-Malware Testing Standards Organization (AMTSO). The group recently met to discuss (argue) over details of proposed standards in Washington on the Microsoft Campus, and we look forward to eventual … Continue reading

Posted in Online Fraud | Leave a comment

Return is a powerful concept in many ways. In literature, return can touch on the limits of faith, love, loyalty, friendship, fidelity and mortality. Homer’s Ulysses wanders for years, returning to his home and his family in disarray. Initially, the … Continue reading

Posted in Online Fraud | Leave a comment

Our users in the Czech Republic are the first to see email spam, and download and run the newest executable from the Storm campaigns. If you arrive at a web site with “Who is loving you? Do you want to … Continue reading

Posted in Online Fraud | Leave a comment

It is the distant year 2000. There is no more unhappiness. There is only one kind of dance. You no longer say yes, except in colloquial situations. Computer security seems to have failed the humans. Never trust a robot.

Posted in Online Fraud | Leave a comment

We’re seeing a new version of the worms that we previously posted info about. Some slight changes in the newest version: circulating with the name “newphoto011.jpeg-www.myspace.com”, which I’m sure will change soon enough. This time, it hides a new process … Continue reading

Posted in Online Fraud | Leave a comment

Mary Landesman nailed it with a couple of posts on her about.com “Antivirus Software Blog”, when she commented on the numbers games that AV vendors play when attempting to inflate their credibility in the eyes of consumers and corporate decision-makers. … Continue reading

Posted in Online Fraud | 1 Comment

Another Fakealert variant is effecting our user base. Passing itself off as the usual “mediatubecodec_ver1.1277.0.exe” (do not run this file — it really does not deliver useful codec components for playing videos), this downloader connects back to hxxp://xpantivirussecurity.com, and drops … Continue reading

Posted in Online Fraud | Leave a comment

A little detected “tool” is downloading and executing bots. A version of “driveguard.exe”, with promises of cleaning up your system from infections and keeping it clean, is worming its way onto machines and downloading strains of Poison Ivy as “WinSecSys.exe”, … Continue reading

Posted in Online Fraud | 3 Comments

Last Thursday’s post commented on malware commonly bundled with crackz. A large number of users are running files that appear to be distributed from a number of crack sites. We will not publish those domains on this post. The filename … Continue reading

Posted in Online Fraud | Leave a comment

Another round of Storm spam is now unscrupulously offering video footage of “details of this terrible disaster”, with a link to “beijing.exe”. We are seeing a low percentage of users receiving this payload so far, mostly in Dubai, falling for … Continue reading

Posted in Online Fraud | Leave a comment

We continue to receive emails telling us that we’re not smart enough or don’t look good enough. It’s not totally unusual, because that message frequently is communicated by the “beauty” and “diet” industries in magazines, tv ads, etc. How dreary. … Continue reading

Posted in Online Fraud | Leave a comment

Currently, we are seeing user systems from all over the world being attacked by a series of rogueware and spyware components. The software is related to a web server at http://74.50.107.165, whose ip address you can find among other Coolwebsearch/Gromozon/RBN … Continue reading

Posted in Online Fraud | 1 Comment

It seems that quite a bit of malware is being classified as Vundo (Virtumonde) these days. With the volume of malware currently being distributed in dynamic link library form, it is not always easy to differentiate one from another. Frequently … Continue reading

Posted in Online Fraud | Leave a comment

Ransomware is a known type of malware that is a clear demonstration of how pathetic the scriptkids become sometimes in an attempt to make a few bucks (for an ice cream?). On the other hand, a fresh sample of ransomware … Continue reading

Posted in Online Fraud | Leave a comment

Sometimes, it can be surprisingly difficult to get malicious code removed from servers. It can be due to a lack of server support by the owners and their support staff, a lack of responsiveness from the ISP, or an intended … Continue reading

Posted in Online Fraud | 3 Comments

Sure, you want to get it for free. Who doesn’t want free schwag? In our previous post on peculiar Vundo capabilities, we detailed Vundo’s inclusion of Microsoft Research Detours source code in their malicious binaries. After googling Vundo and reading … Continue reading

Posted in Online Fraud | 1 Comment

Maybe botnet activity hasn’t gone the way of Ruben Studdard like we thought it would, “yet another name now lost to the ages, silently fading into shadows numberless, suckled by the night sky“, but this botnet herder has. Only with … Continue reading

Posted in Online Fraud | Leave a comment

For the past several years, the Vundo family (also known as Virtumonde) of malware appeared high on AV vendors’ prevalence lists — this stuff is everywhere. To get there, the malware employs an aggressive set of tactics over the course … Continue reading

Posted in Online Fraud | Leave a comment