Category Archives: The Law

Around the 17th of this month, the relentless malware distribution gang serving up malicious downloaders in a variety of scams and “headline malware” schemes moved their wares from 95.211.8.20, as described in a previous post, to their newest location at … Continue reading

Posted in The Law | Leave a comment

Over the past three days, ThreatFire users were being targeted by a higher number of Bredolab downloaders. Bredolab is a nasty, morphing little downloader being spammed out in droves mostly to users in the U.S. and Europe. While it seemed … Continue reading

Posted in The Law | Leave a comment

Rogueware of the week: Personal Anti-Virus The distributors of this scareware, FakeAv, Rogueware, Fakealert (whatever you want to refer to it) software recently have chased headline events as we posted here. As the distributors repack the binaries for their ongoing … Continue reading

Posted in The Law | Leave a comment

Koobface continues to tweet its assault on the twittersphere and social networking sites. Here is an abbreviated list of the more high volume Koobface urls that the ThreatFire community has been protected from over the past 48 hours. See a … Continue reading

Posted in The Law | Leave a comment

Cutwail (also known as Pandex) malware is not a new family name on the bot scene. However, the Cutwail/Pandex botnet is described as one of the largest and most active botnets currently known. This resilient botnet managed to bounce back … Continue reading

Posted in The Law | Leave a comment

koob-Face or ter-Twit? The ongoing abuse of twitter feeds by malware distributors continues to net more social networking victims. As always, be wary of any executable you are prompted to download and execute. Currently, evil tweets for “My home video … Continue reading

Posted in The Law | 1 Comment

When it’s a FakeAv/Rogueware downloader, of course. An interesting note about the malware served from the ongoing malware operation recently moved to 95.211.8.20 and is covered in many previous posts…since August 1st, the group now serves up executables labelled as … Continue reading

Posted in The Law | Leave a comment

We examined a variant of this Clampi family of password stealers (also known as Ilomo) that was second most prevalent within the ThreatFire community. As described in previous posts, malware often injects malicious code into other processes (or hijacks other … Continue reading

Posted in The Law | Leave a comment

Just a quick update on the ongoing tubeviewer/porntubeviewer/streamviewer downloader activity whose prevention has been showing up as prevented in high volumes in the ThreatFire community…the downloaders have moved from the previous address at some time around July 21/22nd, and two … Continue reading

Posted in The Law | Leave a comment

A number of users are being duped into downloading and running a file currently given names similar to foto049.com, which is being served off of a system hosted in Moscow:vfoto.fromru.su /foto049. comThe link appears to be spread over email in … Continue reading

Posted in The Law | Leave a comment

We received a malicious PDF file last week, on analysis, we found that the malicious PDF file is different from recently analysed PDF exploits. This Adobe Flash zero-day exploit appears to be exploited in the wild. This exploit affects Adobe … Continue reading

Posted in The Law | 1 Comment

The banking password and information stealer Clampi recently was described as infecting anywhere from 100,000 and 1 million windows PC’s. Let’s take a closer look at this menace, and what interesting Clampi behaviors ThreatFire has been preventing in our community. … Continue reading

Posted in The Law | Leave a comment

In another “duh!” moment, it was discussed that government workers and contractors probably should not be sharing their drive contents using P2P software. In a recent hearing, U.S. lawmakers discussed sensitive content like “FBI files, medical records, Social Security numbers … Continue reading

Posted in The Law | Leave a comment

As out-of-band patches are released today, we are not yet seeing memory corruption attacks targeting these newly patched vulnerabilities that effect Internet Explorer 6,7, and 8. Nonetheless, be sure to visit the Microsoft updates site and patch your system soon. … Continue reading

Posted in The Law | Leave a comment

As people look for information or video online, it’s important that they understand that cyber-criminals may be using this opportunity to find more victims. This is just another example of how cybercriminals capitalize on global events or major news stories … Continue reading

Posted in The Law | Leave a comment

Google Trends seems to be a nice reference tool for the attackers to know which hot topics currently generate the maximum of public interest – a compass that leads them to the victims. Here is another example of how a … Continue reading

Posted in The Law | Leave a comment

John Bambenek over at the Handler’s diary posted on this morning’s shameless SEO attempts to redirect news seekers to exploit pages. The end result on a successfully compromised system is a download of FakeAv (or “scareware”). Currently, its name is … Continue reading

Posted in The Law | Leave a comment

The gang distributing FakeAv downloaders and more have moved their goods and scheme to yet another server and adult theme. In addition to downloader filenames like streamviewer.45043.exe, tubeviewer.ver.6.21586.exe, onlinemovies.45023.exe, the group is finding success in their new addition, freepornmovies.40067.exe. The … Continue reading

Posted in The Law | Leave a comment

Users continue to get slammed by a Rogue Antivirus distributor. We’ve posted before about the prevalent Virut family redirecting compromised hosts to download FakeAv or scareware product. You can see a screenshot of the previous scareware scam “Secure Antivirus Pro” … Continue reading

Posted in The Law | Leave a comment

We have been monitoring and examining the second of the fairly prevalent ActiveX 0day in the past couple of weeks, this one targeting Microsoft Office Web components for Internet Explorer. The exploits have been distributed mostly on servers in China. … Continue reading

Posted in The Law | Leave a comment

Koobface joined the Twittersphere, and the Twittersphere is fighting back. It’s good to see response from the social networking infrastructure. Koobface has been distributed in prevalence for around a year now, with the ThreatFire community confident all along that their … Continue reading

Posted in The Law | Leave a comment

Your browser could be redirected to antivir-systempro.com, and you could be fooled into buying something from a spoofed website, following a driveby attack on your system. Or, a piece of malware could edit your hosts file and open a window … Continue reading

Posted in The Law | Leave a comment

The gang serving up malicious downloaders from a couple of servers just spiced things up, changing streamviewer and softwarefortubeview to “onlinemovies.40008.exe” to the list of obnoxious files served from 64.20.38.172. Av detection is very low. It seems that the isp’s … Continue reading

Posted in The Law | Leave a comment

The botnet driven distributed denial of service attack that started over the weekend has been attacking American agency web sites like the White House web site, the FTC site, NYSE site, FAA, NSA, Dept of Homeland Security, the Treasury, and … Continue reading

Posted in The Law | Leave a comment

The recent Michael Jackson Zbot variant implements a variety of IAT hooks to perform its data stealing and stealth on victims’ compromised systems. Its user-mode hook techniques have been described as “implemented properly” for malicious user-mode hooks. The Zbot releases … Continue reading

Posted in The Law | Leave a comment

The MsVidCtl 0day has been passed around and fully distributed since at least the 6th. We have been monitoring multiple groups abusing Internet Explorer’s capability to render streaming video. Some of the fairly recent and interesting activity has been the … Continue reading

Posted in The Law | Leave a comment

The results and the PoC are in, congratulations to Mark Dowd and Ben Hawkes for uncovering 12 vulnerabilities in the open source Google Native Client: “Native Client is an open-source research technology for running x86 native code in web applications, … Continue reading

Posted in The Law | Leave a comment

Over the past couple of months, the Waledac spam/botnet effort seemed to be dwindling. A large software company attempted to take credit for cleaning up the “ecosystem” of Waledac with their cleanup tool release. In the meantime, Waledac’s presence on … Continue reading

Posted in The Law | Leave a comment

The Ftc recently settled against a FakeAv purveyor. While this settlement won’t remove all of the variants out there, it is welcome news nonetheless with ongoing progress and the caselist here. The fewer distributors of XP Antivirus the better: “The … Continue reading

Posted in The Law | Leave a comment

The Green Dam project to filter or censor web access on PC’s sold in China is blossoming into a controversy. From the Wolchok, Yao, Halderman analysis of the software that added to the buildup:“According to press reports, China will soon … Continue reading

Posted in The Law | Leave a comment