What is a malicious software(malware) and how to detect it

Let’s take a look at the next scenario: in a morning when you check your emails, you find one with the subject “Top Ten jokes about wives” or … “Eva Mendes naked in the pool” but the sender is unknown to you. The email has a PDF file as attachment or maybe contains a link, what are you gonna do? Perhaps you think: if the attachment is not an executable then it can not be a virus and it’s safe to open it or if it’s about a website, it’s safe to visit it as long as I don’t download anything. Then you open and view the attachment which indeed …

Continue reading

Posted in Thoughts.

ZeroAccess malware served via Google Alerts

  Now, this story is crazy. Because I am a subscriber for Google Alerts service (among the keywords there are trojan and virus) this evening I have received an email from Google Alerts looking like this :   You can see under Web section this URL address : http://www.google.com/url?sa=X&q=http://wcbi.com/photos/img/free-download-anti-virus-trojan.php&ct=ga&cad=CAcQAhgAIAEoBDACOABArYfZ8wRIAVgAYgVlbi1VUw&cd=lbdH6A8 Qsxo&usg=AFQjCNG25qrHqtnmCKmhjW5UVTmn4X-xIw which is intended to redirect to : http://wcbi.com/photos/img/free-download-anti-virus-trojan.php But instead the expected redirection, a malicious one take the place and users are redirected to a fake Megaupload website with this URL address: http://download-upload2.com/index.php?key=anti%20virus%20trojan   Here an executable file is offered for downloading with the name 2_setup.exe,  MD5: 26FF3373E2CB859DBE18E393797EB9B4 and size 231KB. It’s enough to submit this file to virustotal.com to understand what …

Continue reading

Posted in Thoughts.

BIOS-MBR-Windows(BMW) or Mebromi, a new virus targeting the computer BIOS

A new virus targeting the computer BIOS was discovered by the chinese security company 360 Safety Center and it was reported that already several thousand of computers in the Chinese space were infected. The BMW virus attacks the computers running 32 bits systems and containing Award BIOS and it tries to infect users posing as a well-known game plug-in offered by malicious websites. The infection strategy is to trick the visitors to turn off first the antivirus software  to avoid a possible conflict with the plug-in installation and finally to install it. Award BIOS is not at first attack against itself, the first attempts were made in 2007 year with …

Continue reading

Posted in Thoughts.

About fake porn video websites and malware

Due to their alluring character, the porn websites have a magnetic effect upon people, these are the places where the people let the guard down easiest, clicking blindly on links and buttons, downloading, running, updating all what is requested or offered by these websites in an attempt to achieve more quickly their unique goal in that moment: to watch a porn video clip. It’s not a problem to view a porn video clip as far as the website visitor is +18 and the website is clean of malware, the problems starts to appear when the visitor is landing on a fake porn video website because on the other side of …

Continue reading

Posted in Thoughts.

Ice – IX, the Zeus banking trojan succesor ?

As expected, the leaked Zeus banking trojan source pushed its development further. For who does not know a banking trojan is a piece of malware specialized in stealing the online banking credentials, sniffing the traffic, hooking the main Windows dll functions imported by the browsers as wininet.dll or injecting fake forms in legit web pages. Ice IX is a banking trojan derived from Zeus with a major improvement added : the config file is now retrieved from the server via proxy.php file using the encryption key as a request parameter. The same encryption key is used to encrypt the data transferred between bot and Command and control server. Not using the …

Continue reading

Posted in Thoughts.

Another ransom trojan type is born

If we read this article, we already know what are the ransom trojans: they locks your computer until you pay some money, the ransom, generally using a SMS service. But an “inventive” guy has thought at another ransom type: to complete an offer using a custom referral link — it is the “advertising trojan”. He created a malware program with all the features of a ransom trojan, it’s a trojan builder where somebody can set to disable the victim’s Task Manager, to hide the Task Bar or to run at startup.   After infecting a computer, a window covering all screen containing kind of web browser and a message is …

Continue reading

Posted in Thoughts.

Banking trojans removal tool

FITSEC Ltd. released a removal tool for the most famous banking trojans: Zeus, Carberp, SpyEye, Gozi and Patcher. Attackers are able to infect millions of computers around the world because they master very effective methods to deceive the antivirus scanning engines: they use custom crypters and packers for trojans files, also other files code obfuscation techniques. In consequence virus file signatures are changed very often making the traditional  antivirus detection based on files signatures to be simply outdated. The custom executable crypters industry(and market) is at least as big as that of the banking trojans. On malware distribution websites, the attackers change the trojan file signature several times in a …

Continue reading

Posted in Thoughts.