Posts Categorized: social engineering


Criminals Abuse Amazon Hosting with Rogues, Ransomware

by

The criminals who push rogues at the world don’t really care about the reputations of the ISPs or Web hosting services they abuse. They leap from free service to free service until they’ve thoroughly worn out their welcome and, in some cases, destroyed the reputation of the service they abused. But they have behaved in one predictable way over the years: They’re stingy, and won’t pay for anything unless it’s absolutely necessary, despite the fact that they’re raking in cash by the boatload. But that seemed to change this week when we saw a number of Web sites pop up […]

Continue Reading »

Phishers Cast Their Nets in the Social Media Pool

by

By Ian Moyse, EMEA Channel Director It can seem at times that the only people who like change are Internet attackers. And they don’t just like it—they need it. Technology’s rapid changes give cybercriminals new attack vectors to exploit, and new ways to turn a profit out of someone else’s misfortune. Take phishing, for example. The concept is simple: Send an email disguised as a message from a bank, PayPal, or UPS. Wait for the user to click a link in the message, and enter their private details into a phishing site, and presto! The attacker attains financial or personal […]

Continue Reading »

Fake UPS Document Installs Fake Microsoft Patch Payload

by

As if we didn’t have enough to deal with this week — after a Microsoft patch Tuesday that brought with it a boatload of security updates for Windows, Office, Silverlight, Visual Studio, and other programs — some enterprising malware distributor is emailing around bogus tracking number malware dressed up in the icon of a PDF document, and that malware is downloading payloads named after the updaters that Windows Update retrieves during an update. The malware arrived into one of our spam collection points with an attachment named UPS_document.zip. Way to be original there, criminals. Inside the Zip file was an […]

Continue Reading »

Android ‘Angry Birds’ Malware Contains Bot-like Code

by

Most of yesterday, Threat Research Analyst Armando Orozco and I took a closer look at a piece of malware discovered by a university security researcher, Xuxian Jiang of North Carolina State. The malicious code, which the malware creator named Plankton, is embedded into a number of apps that were briefly posted to Google’s Android Market earlier this week, then rapidly pulled down after the researchers informed Google of their initial findings. The Plankton code appears in a number of applications that were all focused on the popular game series Angry Birds. Some of the samples we looked at came as […]

Continue Reading »

Why Put Security Into the Cloud?

by

This week, Webroot’s Thre@t Reply managed to steal some time with Ian Moyse, who knows a thing or two about the benefits of putting your computer and network security into the cloud, out where the threats are, rather than keeping your security inside your network or on individual computers. [youtube=http://www.youtube.com/watch?v=JHAZxxWzBWk] As always, feel free to submit your security question to @webroot, or by email to blog (at) webroot (dot) com, or in the comments below and we’ll get one of our threat researchers to answer it on an upcoming Thre@t Reply video. To see any of our other video replies […]

Continue Reading »

MacProtector: Rogue of the Week

by

This week, we turn our attention temporarily away from the never-ending stream of rogue security products on the Windows platform and take a closer look at the Mac OS analogue, MacProtector (aka Mac Security, Mac Defender, MacGuard, and–if history serves–soon to be many, many other names). There’s been a lot of press coverage of these rogues — including a video blog post by us — in the past few weeks, so we thought it was high time we took a deeper dive. Even though Webroot doesn’t offer an automated removal solution for the Mac, there’s good news for most Mac users — […]

Continue Reading »

Rogue of the Week: Windows Recovery

by

Word from the AMR group last week was that there weren’t many changes from the previous week; Many of the same rogue antivirus previously reported in this blog continue to plague the Internet. This week I decided to focus on a rogue that’s recently become a problem. It goes by the name Windows Recovery, though it’s also been called Ultra Defragger or HDD Rescue by other AV vendors. Bottom line, it’s still a fraudulent program which relies on deception and trickery to convince a victim to fork over some cash for a “fix.” It’s just not a rogue antivirus; Call […]

Continue Reading »

Antivirus Center: Rogue of the Week

by

By Andrew Brandt and Brenden Vaughan Our Advanced Malware Removal group reported seeing several cases of a rogue called Antivirus Center this past week. The rogue isn’t new – we began seeing samples of it last year – but has re-emerged as a threat. This rogue is characterized by a close mimicry of some aspects of Microsoft’s free Windows Defender product, including the use of a program icon that looks like a castle, as well as some distinctive characteristics of its active file components. For example, the rogue’s application consistently uses a naming convention that looks like a long string […]

Continue Reading »

ROTW: “Total Security” and Antivirus IS

by

By Brenden Vaughan and Andrew Brandt This week, our support and advanced malware removal (AMR) team did not have a lot of new data to report about rogue security products. The most commonly encountered infection continues to be one of the rogues we reported about last week. While we may refer to it as XP Total Security, it actually chooses one of a series of names at random, based on the operating system on the victim’s computer. Last week’s post contains a more comprehensive list of these names. As previously reported, you can remove the rogue by scanning (with our […]

Continue Reading »