Category Archives: Thoughts

If we read this article, we already know what are the ransom trojans: they locks your computer until you pay some money, the ransom, generally using a SMS service. But an “inventive” guy has thought at another ransom type: to complete an offer using a custom referral link — it is the “advertising trojan”. He created a malware program with all the features of a ransom trojan, it’s a trojan builder where somebody can set to disable the victim’s Task Manager, to hide the Task Bar or to run at startup.   After infecting a computer, a window covering all screen containing kind of web browser and a message is …

Continue reading →

FITSEC Ltd. released a removal tool for the most famous banking trojans: Zeus, Carberp, SpyEye, Gozi and Patcher. Attackers are able to infect millions of computers around the world because they master very effective methods to deceive the antivirus scanning engines: they use custom crypters and packers for trojans files, also other files code obfuscation techniques. In consequence virus file signatures are changed very often making the traditional  antivirus detection based on files signatures to be simply outdated. The custom executable crypters industry(and market) is at least as big as that of the banking trojans. On malware distribution websites, the attackers change the trojan file signature several times in a …

Continue reading →

A visitor brings to my attention a weird fact: searching in Google for “social bookmarking sites” or “social bookmarking sites 2011”, on the first results page appears www.socialbookmarkingsiteslist.com:   Clicking on this result, take us not to the desired website supposed to contains a list with the most important social bookmarking sites but to http://sokoloperkovuskeci.com/in.php?g=193. The visitor who told me about this issue suggested that it’s about another search results poisoning and a quick search in Google for similar problems revealed that exactly this is the case here: a Google search results poisoning using a vulnerability found in some WordPress themes. A lot of other computer users reported similar problems …

Continue reading →

These days we assist at a worldwide growing threat, the Ransom Trojan(named so by Kaspersky, and Winlock by Dr.web) which is a quite large family. The behaviour of this kind of computer trojan is different from variant to variant but as a general rule they blocks the files and folders access and demand money to restore the normal functionality. The victims are blocked out of the computer, the keyboard and the mouse are partially disabled and a message window appears announcing basically that the computer is blocked and the victim must send the payment to receive the unblock code via  SMS at certain phone numbers. That’s it, the computer is …

Continue reading →

Coming from the oldest computing times,the boot record viruses remain still one of the most preffered attack vectors. Like their predecessors, the Stoned computer virus(created 1987), Brain(created 1986 and the first PC virus !), Michelangel0(1991), Elk Cloner(1980), actual boot record viruses use the same method of infection: they replace boot record codes with infected code. For who does know what is a boot record Master Boot Record(MBR) or Volume Boot Record(VBR) the advantages of a such infection are obvious. For who does not know about MBR or VBR and their role, here are the details of an Windows PC boot sequence in a simplified form. When the computer is switched …

Continue reading →

A new scam website trying to impersonate the Skype official website appeared on the Internet. The site is http://skype-downloads.ru/ and the details who own the domain are private. The website has a layout and colors(white and blue) trying to imitate the Skype official website and even the Skype logo is present. It has a .ru TLD and is in russian language.     This scam website offers for downloading a fake Skype installer, named skype_setup.exe with 2.42 MB in size and MD5 hash: E4FA92CA336D545E7AF8E253F42F1EDB .This executable is protected with a packer to prevent it from being reverse engineered. If someone is fooled to download and install this rogue software,will be prompted …

Continue reading →

A free removal tool for the Popureb.E malware was released for public by Prevx security vendor, here is the download link. For who does not know, Popureb.E is a trojan that targets the Master Boot Record(MBR) on Windows XP machines. Until now Windows Vista and Windows 7 seems to be immune to this kind of infection. The malware add its code to Master Boot Record being in some fashion invisible to the operating system and antivirus software which are loaded later, after the trojan code. This malware made some waves a few days ago when a Microsoft engineer Chun Feng suffering for excessive zeal recommended an extreme solution to get …

Continue reading →