Monthly Archives: August 2011
About fake porn video websites and malware
Due to their alluring character, the porn websites have a magnetic effect upon people, these are the places where the people let the guard down easiest, clicking blindly on links and buttons, downloading, running, updating all what is requested or offered by these websites in an attempt to achieve more quickly their unique goal in that moment: to watch a porn video clip. It’s not a problem to view a porn video clip as far as the website visitor is +18 and the website is clean of malware, the problems starts to appear when the visitor is landing on a fake porn video website because on the other side of …
Ice – IX, the Zeus banking trojan succesor ?
As expected, the leaked Zeus banking trojan source pushed its development further. For who does not know a banking trojan is a piece of malware specialized in stealing the online banking credentials, sniffing the traffic, hooking the main Windows dll functions imported by the browsers as wininet.dll or injecting fake forms in legit web pages. Ice IX is a banking trojan derived from Zeus with a major improvement added : the config file is now retrieved from the server via proxy.php file using the encryption key as a request parameter. The same encryption key is used to encrypt the data transferred between bot and Command and control server. Not using the …
Another ransom trojan type is born
If we read this article, we already know what are the ransom trojans: they locks your computer until you pay some money, the ransom, generally using a SMS service. But an “inventive” guy has thought at another ransom type: to complete an offer using a custom referral link — it is the “advertising trojan”. He created a malware program with all the features of a ransom trojan, it’s a trojan builder where somebody can set to disable the victim’s Task Manager, to hide the Task Bar or to run at startup. After infecting a computer, a window covering all screen containing kind of web browser and a message is …
Banking trojans removal tool
FITSEC Ltd. released a removal tool for the most famous banking trojans: Zeus, Carberp, SpyEye, Gozi and Patcher. Attackers are able to infect millions of computers around the world because they master very effective methods to deceive the antivirus scanning engines: they use custom crypters and packers for trojans files, also other files code obfuscation techniques. In consequence virus file signatures are changed very often making the traditional antivirus detection based on files signatures to be simply outdated. The custom executable crypters industry(and market) is at least as big as that of the banking trojans. On malware distribution websites, the attackers change the trojan file signature several times in a …
Google search results poisoning or WordPress vulnerability ?
A visitor brings to my attention a weird fact: searching in Google for “social bookmarking sites” or “social bookmarking sites 2011”, on the first results page appears www.socialbookmarkingsiteslist.com: Clicking on this result, take us not to the desired website supposed to contains a list with the most important social bookmarking sites but to http://sokoloperkovuskeci.com/in.php?g=193. The visitor who told me about this issue suggested that it’s about another search results poisoning and a quick search in Google for similar problems revealed that exactly this is the case here: a Google search results poisoning using a vulnerability found in some WordPress themes. A lot of other computer users reported similar problems …
Trojan Ransom (WinLock), a growing threat
These days we assist at a worldwide growing threat, the Ransom Trojan(named so by Kaspersky, and Winlock by Dr.web) which is a quite large family. The behaviour of this kind of computer trojan is different from variant to variant but as a general rule they blocks the files and folders access and demand money to restore the normal functionality. The victims are blocked out of the computer, the keyboard and the mouse are partially disabled and a message window appears announcing basically that the computer is blocked and the victim must send the payment to receive the unblock code via SMS at certain phone numbers. That’s it, the computer is …