Posts Categorized: malware


Gamers: Fight the Phishers

by

Last week, I posted a blog item that explained how gamers face a growing security threat in phishing Trojans — software that can steal the passwords to online games, or the license keys for offline games, and pass them along to far-flung criminal groups. We know why organized Internet criminals engage in these kinds of activities, because the reason is always the same: There’s a great potential for financial rewards, with very little personal risk. So I thought I’d wrap up this discussion with some analysis of how the bad guys monetize their stolen stuff. After all, how do you […]

Continue Reading »

If You’ve Got Game, Phishers Want Your Stuff

by

Since the beginning of the year, my colleagues in the Threat Research group and I have been researching an absolutely astonishing volume of phishing Trojans designed solely to steal what videogame players value most: the license keys that one would use to install copies of legitimately purchased PC games, and/or the username and password players use to log into massively multiplayer online games, such as World of Warcraft. I can only imagine that it takes very little effort for the jerks behind this scheme to retrieve thousands of account details. (We began covering this issue briefly last week.) With such […]

Continue Reading »

May Threat Trend: Misleading Malware

by

The latest data from our customers indicate that, at least in the month of May, we were blocking and removing some of the nastiest threats on the Web. Among the spies we took out, we hit Fakealerts and Rogue Security Products hard. These spies simply try to fool you into making purchases you otherwise wouldn’t. After taking a hiatus of several months, the makers of these types of malware appear to be making a comeback. Simply put, a Fakealert is just a piece of adware. Unlike traditional ads, however, the ads a Fakealert pops up take on the appearance of […]

Continue Reading »

5 PC Gaming Threats and How To Beat Them

by

By Mike Kronenberg E3, the annual trade show for the computer and video games industry, kicked off in Los Angeles yesterday, not long after the unofficial start of summer on Memorial Day. These events got me thinking about what many students might do with their free time over the next three months. I imagine that for legions of young PC gamers, this could mean hour after blissful hour spent honing their skills as a blacksmith and earning gold in their favorite online fantasy universe. You can bet cybercriminals are imagining the same thing, too – and banking on it.  In […]

Continue Reading »

Adware client tags you as its pitchman

by

Over the past week, someone has been spamming the file sharing site ThePirateBay.org with comments advertising a new “product” called BittorrentBooster. According to the site’s administrators, the spammer used a large number of fraudulently registered accounts to post the messages as feedback, attached to hundreds, possibly thousands, of downloadable .torrent files, which file-sharers use to initiate a peer-to-peer download session. I decided to take a closer look, because the product’s claims — to be able to give file-sharers a massive speed boost during the “leeching” (or, downloading) phase of their torrent session — sounded pretty implausible. Impossible is more like […]

Continue Reading »

Facebook Miscreants Dealt a Temporary Smackdown

by

After more than a week of harassment by goofballs spamming links, Facebook users can breathe a sigh of relief that, for now, at least one source of trouble has been eradicated. Last week’s worm-like spread of links to the mygener.im domain, and this week’s use of the ponbon.im and hunro.im domains to phish Facebook users’ credentials, have been a puzzling diversion from my normal malware analysis tasks. The mygener.im link that was spammed into Facebook accounts redirected users to a page hosted elsewhere that contained nothing but perplexingly obfuscated Javascript (with variables — shown at left — that appear to […]

Continue Reading »

Old Chinese Hack Tool Used for New Tricks

by

This week’s installment of what’s-old-is-new-again in the world of malware comes from one of the many groups making and distributing phishing Trojans in China. Earlier this year, someone discovered a hacktool called ZXArps, and began distributing it in earnest as a payload from another malicious downloader. Unlike most malware we see these days, ZXArps (which dates back to 2006, and was discovered by the English-speaking security community the following year) isn’t designed to perform a single task. It’s more like a Swiss Army knife, giving its users a great deal of control over not only the computer on which it’s running, […]

Continue Reading »

April 2009 wrapup: Thumbdrives under threat

by

We’ve just tallied the top 10 threats Webroot’s consumer products detected during the month of April, and some interesting trends appear to be shaping up. Conficker aside, the first quarter of 2009 seemed to be dominated by worms that spread not only over a network, but to virtually anything you can plug into a USB port to store files. Thumbdrives and portable hard drives immediately come to mind, but so do  MP3 players, digital picture frames and memory cards — like the kind you’d use in cameras, cellphones, or videogame players. April proved to be no different. It’s very much a case of what’s old is […]

Continue Reading »

Phishing Trojan Targets Russian Finance Websites

by

For a long time, we’ve heard about phishing attacks originating in Russia or eastern Europe that target western banks. There’s nothing surprising there. Latter-day Willie Suttons typically target big US or European banks because, well, that’s where the money is. That’s why I was kind of surprised to stumble across a phishing Trojan that targets some of Russia’s largest online financial Web sites, including RBK Money (formerly known as RUPay), Yandex, Moneymail, and OSMP — one of Russia’s Paypal-alternatives. Aside from e-gold, I hadn’t seen this many Russia-specific websites listed as targets within a phishing trojan before. Is Russia suddenly “where […]

Continue Reading »

From Pixels to Phishers

by

Over the past year, we’ve seen a huge jump in the number of mass downloader spyware. These small executable files have just one job, and they do it very well: They pull down huge numbers of additional installers, which in turn place a large number of password stealing Trojans, ad-clickers, and still more downloaders on the unfortunate victim’s PC. The trend appears to be that most of the servers from which these phishing Trojans originate are registered within China’s .cn top-level domain, and the phishers themselves target (mostly) the login details for online multiplayer videogames played, primarily, in China, and […]

Continue Reading »