Author Archives: John Barrett

BIOS-MBR-Windows(BMW) or Mebromi, a new virus targeting the computer BIOS

A new virus targeting the computer BIOS was discovered by the chinese security company 360 Safety Center and it was reported that already several thousand of computers in the Chinese space were infected. The BMW virus attacks the computers running 32 bits systems and containing Award BIOS and it tries to infect users posing as a well-known game plug-in offered by malicious websites. The infection strategy is to trick the visitors to turn off first the antivirus software  to avoid a possible conflict with the plug-in installation and finally to install it. Award BIOS is not at first attack against itself, the first attempts were made in 2007 year with …

Continue reading

Posted in Thoughts.

About fake porn video websites and malware

Due to their alluring character, the porn websites have a magnetic effect upon people, these are the places where the people let the guard down easiest, clicking blindly on links and buttons, downloading, running, updating all what is requested or offered by these websites in an attempt to achieve more quickly their unique goal in that moment: to watch a porn video clip. It’s not a problem to view a porn video clip as far as the website visitor is +18 and the website is clean of malware, the problems starts to appear when the visitor is landing on a fake porn video website because on the other side of …

Continue reading

Posted in Thoughts.

Ice – IX, the Zeus banking trojan succesor ?

As expected, the leaked Zeus banking trojan source pushed its development further. For who does not know a banking trojan is a piece of malware specialized in stealing the online banking credentials, sniffing the traffic, hooking the main Windows dll functions imported by the browsers as wininet.dll or injecting fake forms in legit web pages. Ice IX is a banking trojan derived from Zeus with a major improvement added : the config file is now retrieved from the server via proxy.php file using the encryption key as a request parameter. The same encryption key is used to encrypt the data transferred between bot and Command and control server. Not using the …

Continue reading

Posted in Thoughts.

Another ransom trojan type is born

If we read this article, we already know what are the ransom trojans: they locks your computer until you pay some money, the ransom, generally using a SMS service. But an “inventive” guy has thought at another ransom type: to complete an offer using a custom referral link — it is the “advertising trojan”. He created a malware program with all the features of a ransom trojan, it’s a trojan builder where somebody can set to disable the victim’s Task Manager, to hide the Task Bar or to run at startup.   After infecting a computer, a window covering all screen containing kind of web browser and a message is …

Continue reading

Posted in Thoughts.

Banking trojans removal tool

FITSEC Ltd. released a removal tool for the most famous banking trojans: Zeus, Carberp, SpyEye, Gozi and Patcher. Attackers are able to infect millions of computers around the world because they master very effective methods to deceive the antivirus scanning engines: they use custom crypters and packers for trojans files, also other files code obfuscation techniques. In consequence virus file signatures are changed very often making the traditional  antivirus detection based on files signatures to be simply outdated. The custom executable crypters industry(and market) is at least as big as that of the banking trojans. On malware distribution websites, the attackers change the trojan file signature several times in a …

Continue reading

Posted in Thoughts.

Google search results poisoning or WordPress vulnerability ?

A visitor brings to my attention a weird fact: searching in Google for “social bookmarking sites” or “social bookmarking sites 2011″, on the first results page appears www.socialbookmarkingsiteslist.com:   Clicking on this result, take us not to the desired website supposed to contains a list with the most important social bookmarking sites but to http://sokoloperkovuskeci.com/in.php?g=193. The visitor who told me about this issue suggested that it’s about another search results poisoning and a quick search in Google for similar problems revealed that exactly this is the case here: a Google search results poisoning using a vulnerability found in some WordPress themes. A lot of other computer users reported similar problems …

Continue reading

Posted in Thoughts.

Trojan Ransom (WinLock), a growing threat

These days we assist at a worldwide growing threat, the Ransom Trojan(named so by Kaspersky, and Winlock by Dr.web) which is a quite large family. The behaviour of this kind of computer trojan is different from variant to variant but as a general rule they blocks the files and folders access and demand money to restore the normal functionality. The victims are blocked out of the computer, the keyboard and the mouse are partially disabled and a message window appears announcing basically that the computer is blocked and the victim must send the payment to receive the unblock code via  SMS at certain phone numbers. That’s it, the computer is …

Continue reading

Posted in Thoughts.