Category Archives: The Law

While Adobe Reader users were urged to upgrade their software in one of our previous posts, Foxit Reader, another free pdf viewer, needs to be actively upgraded as well. Users should be aware that the same distributors of Adobe Reader … Continue reading

Posted in The Law | Leave a comment

ThreatFire users in Brazil are being attacked with yet another Bancos dropper/downloader. The source of the file, “jk982732-2309.zip”, which extracts simply to an aspack’ed “jk982732-2309.exe”, is not entirely clear at this point. If any of our users have seen this … Continue reading

Posted in The Law | Leave a comment

Fill in the blank, depending on where you are. This new Waledac scheme attempts to play on fear, but the U.S. Homeland Security Advisory probably is not going to be rasied above orange because of it. This newest malware distribution … Continue reading

Posted in The Law | Leave a comment

The distributors of rogueware bundle Antivirus 2010, replacing last year’s scam AntiVirus 2009, brazenly are re-using another HOSTS file modification, adding another twist to their scheme. ThreatFire currently is preventing an installer in fairly high prevalence in the community.As documented … Continue reading

Posted in The Law | Leave a comment

Always be on the lookout for phony warnings and messages from banks and other financial institutions. Even if it is someone claiming to be a banking employee and they know some of your information, do not give out personal information … Continue reading

Posted in The Law | Leave a comment

“Get thee to heaven, Beatrice, get thee to heaven. Hell’s no place for maids.” Beatrice wasn’t a spammer. After the de-peering of internet provider McColo took its badness offline last year, several researchers examined the impacted spamming botnets and concluded … Continue reading

Posted in The Law | Leave a comment

Submission to ThreatExpert.com from SK, Sri Lanka: Hey you!!!You can’t stop me. I’m the author of “angel.exe”.I am going to upload my 100 Viruses to the internet from my web site.Will Soon.You and any anti viruses can’t stop my growing!!!!! … Continue reading

Posted in The Law | Leave a comment

Pdf readers are commonly used, and so far this year, they have been a highly abused third party plugin. Tens of thousands of malcrafted pdf exploits have been prevented from running by ThreatFire on our community systems so far this … Continue reading

Posted in The Law | 1 Comment

Spam operations are progressing indeed. Dancho Danchev recently posted insightful images into an active managed spam service. So, it may be interesting to catch up on estimating some recent numbers for the ongoing Waledac spam operation. This afternoon’s Waledac spam … Continue reading

Posted in The Law | Leave a comment

As 2009 moves through a worldwide financial crisis, the underground markets continue to thrive. A recent perusal through prices offered various services shows that a user can obtain a private spambot kit for just under $5000, an exploit kit for … Continue reading

Posted in The Law | Leave a comment

Another repacked variant of Zbot, the banking password stealer component of the all-too-common exploit/trojan kit Zeus, is being distributed over Yahoo! Messenger, in email, and being downloaded via web browser. There is no regional concentration, we’ve seen triggers in Argentina, … Continue reading

Posted in The Law | Leave a comment

Do I need ThreatFire? That’s a fairly common question on security forum boards. Yes, systems need a protective behavioral layer like ThreatFire next to an AV scanner, current built-in OS security functionality, and a firewall.Not only do AV scanners have … Continue reading

Posted in The Law | Leave a comment

Following the previous variant of Ackantta mass-mailing worm, a new modification (B) is making the rounds now. This, time, it distributes Vundo trojan in its payload. Automated analysis is available here.

Posted in The Law | Leave a comment

It’s always disappointing to see traditional antivirus scanners miss malware detections, especially those in the formal WildList (the WildList is not dead! Well, not completely). It does and will happen, even with the best performing scanners. And witnessing the detection … Continue reading

Posted in The Law | 2 Comments

The Waledac themes are moving away from love and towards a more economizing theme. Below is a screenshot of their newest coupon clipping themes. Click on the “Waledac” label below for posts describing previous themes for the malware family.

Posted in The Law | Leave a comment

The ThreatFire community is preventing an unusual hosts file modification in higher prevalence than usual that seems to be related to “Spyware Protect 2009″. On unprotected systems, the end result can be that your browser appears to be visiting “browser-security.microsoft.com” … Continue reading

Posted in The Law | 4 Comments

In a recently reported security incident, one political organization was involved into a targeted attack. The Word document they received had either of the following names: “Urgent Appeal to Secretary Hillary Clinton.doc” or “Days with ITSN Tibet in My Eyes.doc”. … Continue reading

Posted in The Law | Leave a comment

The IE7 vulnerability recently patched by Microsoft’s MS09-002 is being exploited in the wild. The ThreatFire community is not seeing much of the attack, but ThreatFire prevents attacks against the memory corruption (referenced in CVE-2009-0075) in Internet Explorer 7′s loaded … Continue reading

Posted in The Law | Leave a comment

The Zeustracker site provides up to date information on the overall Zbot threat. It’s very well put together and a great source of information. The spyware is especially concerning, not because of sophisticated delivery techniques (the kit includes commodity exploits), … Continue reading

Posted in The Law | Leave a comment

With Valentine’s day approaching, the group continues to spam out links to a new set of sites with some new themes and filenames to watch for, like “reader.exe” and “run.exe”. The pages do not yet seem to carry redirects to … Continue reading

Posted in The Law | Leave a comment

In one of their more complicated themes, the Waledac team is following up on a previous blast, spamming out links to a few new malicious websites, each one using a strange “Valentine Devkit” theme. Clicking on an image on one … Continue reading

Posted in The Law | Leave a comment

A few months old trojan Brisv that infects multimedia files has struck again with no apparent reason, as reported by our customers. The trojan enumerates local and mapped network drives looking for the files with the extensions ASF, WMV, WMA, … Continue reading

Posted in The Law | Leave a comment

The worm Conficker/Downadup does not need a special introduction as it was pretty well described in various write-ups in great detail. Nevertheless, considering it employs a set of unique techniques, a deeper analysis is needed. One of such techniques is … Continue reading

Posted in The Law | Leave a comment

Believe it or not, there is not a munificent, all-giving internet presence bestowing upon you and your tired, bloodshot eyes all the “Fresh Free Hardcore Movies” that you can download. If you are on your parents’ or a library computer, … Continue reading

Posted in Online Fraud, The Law | Leave a comment

Heartland Payment Systems disclosed little information in a press release regarding a security breach that they discovered last week. The company provides “credit/debit/prepaid card processing, payroll, check management and payments solutions to more than 250,000 business locations nationwide”.The lack of … Continue reading

Posted in Online Fraud, The Law | Leave a comment

This blog post is not for the technical guru! While it’s not for mums and dads either, its main purpose is to explain to an average user how to manually remove persistent malware that cannot be easily deleted otherwise. A … Continue reading

Posted in Online Fraud, The Law | Leave a comment

The “Gozi” Trojan is a well known piece of crimeware that has been around for a couple of years now. It is surprising to see that this one continues to be actively hosted and distributed. For example, malicious pdf currently … Continue reading

Posted in Online Fraud, The Law | Leave a comment

Oh brother, you hate to write about it. A worm is spreading fairly high in prevalence this week and last. Sometimes, it is not because of foolish curiousity — the worm is spreading over removable drives like Usb sticks, otherwise … Continue reading

Posted in Online Fraud, The Law | 2 Comments

The Sans Institute released not only a top 25 list of dangerous programming errors for developers, but resources for developers to understand and eliminate their coding errors as well. It looks like a prioritization and expansion on the exhaustive list … Continue reading

Posted in Online Fraud, The Law | Leave a comment

We’ve been anxiously awaiting that first patch of the year, and here we have it:“Vulnerabilities in SMB Could Allow Remote Code Execution“. The excitement for this one could be either downplayed or up-played. The MS09-001 patch replaces the patchwork not-completely … Continue reading

Posted in Online Fraud, The Law | Leave a comment