Category Archives: Online Fraud

We researched some of the early stage activity of this new round of Storm. It’s an unusual release for the group — they are being chided on forums and blog comments for repetition of the one liner emails that are … Continue reading

Posted in Online Fraud | Leave a comment

Storm (aka Peacomm/Nuwar/Zhelatin/Tibs) is known to be repacked every few minutes. Even if its sample is modified, recompiled and then re-packed with a different packer, it can still be recognized as Storm by looking at its memory contents. Such “recognition” … Continue reading

Posted in Online Fraud | Leave a comment

The new Storm (the “April Fool’s” one), also known as a CME-711/Peacomm/Nuwar/Zhelatin/Tibs, uses a cheap trick of dropping and loading a DLL named testdll_f.dll, where now all Storm’s functionality resides. Interestingly enough, ThreatExpert Memory Scanner detected and reported the new … Continue reading

Posted in Online Fraud | Leave a comment

A few other sources of information have stated that there isn’t much that has changed with these binaries. That may not be completely true. The packer itself has changed. So much, in fact, that AV detection for these binaries is … Continue reading

Posted in Online Fraud | Leave a comment

Another holiday, another round of Storm. This time, the gang is sending around email attachments associated with an April Fool’s Day theme.If you click on a link in an email with an “All Fool’s Day” message, you may arrive at … Continue reading

Posted in Online Fraud | Leave a comment

You just need to find the right point. Breakpoint, that is. We’ve had a couple of recent posts that record the use of an injection technique quite commonly used by ITW malware. It has been used for years to evade … Continue reading

Posted in Online Fraud | Leave a comment

Sometimes, nothing that you can look at. We are analyzing what appears to be a spike in PornClicker activity. The keenly named updater, up.exe, for this software downloads a jpg from smart-browser.com, a “sex browser” software distributor. Jpeg files normally … Continue reading

Posted in Online Fraud | 1 Comment

But happy Pi day — 3.14 Pi. It’s transcendental, irrational, or even savory or sweet.It’s also the number that you magically arrive at when you divide a circle’s circumference by its diameter. My favorite piku example so far is by … Continue reading

Posted in Online Fraud, The Law | Leave a comment

A painfully high number of incidents have been occuring over the past couple of days in India, Thailand and Greece involving a bot/mailer that is installed by a “aow4.tmp”, “aowc.tmp”, “aow28.tmp”…you get the idea. The bot is downloaded from 66. … Continue reading

Posted in Online Fraud | Leave a comment

According the latest Interfax news article, someone has initiated a large PR campaign against a well-known Russian Publishing House “Kommersant”. It started from a free distribution of the toilet paper rolls near the subway station of “Arbatskaya” in Moscow. The … Continue reading

Posted in Online Fraud | Leave a comment

This post clearly needs to start from a story about Bender. Ostap Bender was a fictitious literature antihero of the novels written 80 years ago by two ingenious Russian (Soviet) writers Ilya Ilf and Evgeny Petrov. Ostap was a criminal, … Continue reading

Posted in Online Fraud | Leave a comment

Some things about windbg are just great. But often, they come with a little bit of work.For one, dll load analysis can be performed with ease, even on unusually crafted files. Like the kinds of files you would see from … Continue reading

Posted in Online Fraud | Leave a comment

Today, we are seeing a surge in the level of ridiculous and badly written delphi malware. It’s not a part of the zlob family that we wrote about last week, but there certainly is a fakealert somewhere in there. Can … Continue reading

Posted in Online Fraud | 1 Comment

And here I was trying to make an effort to make our research readable and entertaining for just about anyone interested in computer security… I’ll add more pictures.

Posted in Online Fraud, The Law | Leave a comment

Proper security can only go so far when you use public computers. Keeping your own system up to date is important and exercising caution when using public systems is important as well. From the L.A. Fbi branch: “Tandiwidjojo admitted that … Continue reading

Posted in Online Fraud | Leave a comment

Sometimes people with bad intentions do really dumb things. Is it something to laugh at? Is it something that provokes empathy for the subject? Well, as we research further into the so-called MonaRonaDona virus, Registry Cleaner 2008, and Unigray Antivirus, … Continue reading

Posted in Online Fraud | 1 Comment

Brain Krebs at the Washington Post blogged today about a pretty common, unusually mysterious, and very badly named extortion scam, “MonaRonaDona”:“Nobody seems to know how the thing wiggles into infected PCs in the first place, but the one thing that’s … Continue reading

Posted in Online Fraud | Leave a comment

One of the most prolific and well known groups from the vx scene has closed up shop this February: Can’t say that we’ll miss the virus writing from 29A. This Spanish-based group released their first “zine” back in the mid-90′s … Continue reading

Posted in Online Fraud | Leave a comment

We continue to get copies of IM Spam in our Skype accounts. “ATTENTION! Security Center has detected malware on your computer!”, all from “Mr. AntiVirus Notice”. Chances are, you are too. Last year, variants of malicious worms were using skype … Continue reading

Posted in Online Fraud | Leave a comment

I wonder if they didn’t see the bright red jackets galloping towards their hard drives? Another botnet ring got busted in Canada. This story is bigger than I thought…”Police in Quebec arrested 17 people on computer-hacking-related charges in the largest … Continue reading

Posted in Online Fraud | Leave a comment

The Cult of the Dead Cow is a group that has been around for over a decade, presented by its members as an underground hacker/do-it-yourself media group. Every now and then, they release another “tool” as a result of their … Continue reading

Posted in Online Fraud | Leave a comment

Digging inside the internals of one little piece of malware introduced one interesting discovery. It’s been a few months since the first Pushdo threat analysis reports appeared in the blogs of other researchers. It started from a Sophos blog entry, … Continue reading

Posted in Online Fraud | Leave a comment

If you happen to have a lock on your door that can easy be picked by the burglars, does it grant police any right to pick your lock and enter your private property without any authorization? Does it give your … Continue reading

Posted in Online Fraud | Leave a comment

We all know the old practice of presenting “Hot Ten” or “Hot Twenty” malware families for a given month or a year. But if you look closer, in the old times we were all dealing with just a few common … Continue reading

Posted in Online Fraud | Leave a comment

Sometimes family names from various AV products don’t really fit the behavior of samples that we are seeing. The naming conundrum has been an ongoing challenge for the AV industry. One serious attempt at a naming standard put forth by … Continue reading

Posted in Online Fraud | Leave a comment

Sometimes, surprising events in the financial news draw users to the message boards. On Yahoo!, individual stock message boards are usually a safe haven for posting and browsing.Right now, one stock at the Yahoo finance site appeared to have an … Continue reading

Posted in Online Fraud | Leave a comment

Dear Reader, ThreatExpert is a software program that runs on multiple servers and performs an automated analysis of threat samples coming from various sources. If you want to explore ThreatExpert, read its reports, or submit your own samples for analysis, … Continue reading

Posted in Online Fraud, The Law | Leave a comment

The work of the AntiMalware Testing Standards Organization, or AMTSO, is moving forward. This morning, the group’s website went up, thanks to the efforts of volunteers. It presents the group’s charter, pro-tem committees, membership, and a brief list of resources … Continue reading

Posted in Online Fraud | Leave a comment

For an almost daily fix of forehead slapping disbelief, head on over to the Breach Blog. We believe that this blog will be a busy one throughout 2008: “Unfortunately, this past year was a record year for data breaches, according … Continue reading

Posted in Online Fraud | Leave a comment

Broadband users around the world often don’t think much about uninterrupted access to online resources, relying on the massive web of cables across the globe. But today, Egyptian, Indian and other users of the internet suffered major interruptions to their … Continue reading

Posted in Online Fraud, The Law | Leave a comment