Posts Categorized: Threat Research


Fake UPS Document Installs Fake Microsoft Patch Payload

by

As if we didn’t have enough to deal with this week — after a Microsoft patch Tuesday that brought with it a boatload of security updates for Windows, Office, Silverlight, Visual Studio, and other programs — some enterprising malware distributor is emailing around bogus tracking number malware dressed up in the icon of a PDF document, and that malware is downloading payloads named after the updaters that Windows Update retrieves during an update. The malware arrived into one of our spam collection points with an attachment named UPS_document.zip. Way to be original there, criminals. Inside the Zip file was an […]

Continue Reading »

Android ‘Angry Birds’ Malware Contains Bot-like Code

by

Most of yesterday, Threat Research Analyst Armando Orozco and I took a closer look at a piece of malware discovered by a university security researcher, Xuxian Jiang of North Carolina State. The malicious code, which the malware creator named Plankton, is embedded into a number of apps that were briefly posted to Google’s Android Market earlier this week, then rapidly pulled down after the researchers informed Google of their initial findings. The Plankton code appears in a number of applications that were all focused on the popular game series Angry Birds. Some of the samples we looked at came as […]

Continue Reading »

Why Put Security Into the Cloud?

by

This week, Webroot’s Thre@t Reply managed to steal some time with Ian Moyse, who knows a thing or two about the benefits of putting your computer and network security into the cloud, out where the threats are, rather than keeping your security inside your network or on individual computers. [youtube=http://www.youtube.com/watch?v=JHAZxxWzBWk] As always, feel free to submit your security question to @webroot, or by email to blog (at) webroot (dot) com, or in the comments below and we’ll get one of our threat researchers to answer it on an upcoming Thre@t Reply video. To see any of our other video replies […]

Continue Reading »

MacProtector: Rogue of the Week

by

This week, we turn our attention temporarily away from the never-ending stream of rogue security products on the Windows platform and take a closer look at the Mac OS analogue, MacProtector (aka Mac Security, Mac Defender, MacGuard, and–if history serves–soon to be many, many other names). There’s been a lot of press coverage of these rogues — including a video blog post by us — in the past few weeks, so we thought it was high time we took a deeper dive. Even though Webroot doesn’t offer an automated removal solution for the Mac, there’s good news for most Mac users — […]

Continue Reading »

Thre@t Reply: What’s a Firewall?

by

This week’s Thre@t Reply video features Threat Research Analyst Armando Orozco answering one of the most frequently asked questions we receive: What is a firewall, and how does it work? Well, the actual question wasn’t put quite so politely, but that’s the gist of it. Armando is the primary researcher working on the Mobile Security for Android product, but he also researches malware on Windows and Mac malware, as well. [youtube=http://www.youtube.com/watch?v=p9cK7wkrZRo] As always, feel free to submit your security question to @webroot, or by email to blog (at) webroot (dot) com, or in the comments below and we’ll get one […]

Continue Reading »

Rogue of the Week: Windows Recovery

by

Word from the AMR group last week was that there weren’t many changes from the previous week; Many of the same rogue antivirus previously reported in this blog continue to plague the Internet. This week I decided to focus on a rogue that’s recently become a problem. It goes by the name Windows Recovery, though it’s also been called Ultra Defragger or HDD Rescue by other AV vendors. Bottom line, it’s still a fraudulent program which relies on deception and trickery to convince a victim to fork over some cash for a “fix.” It’s just not a rogue antivirus; Call […]

Continue Reading »

Chinese Android Trojan Texts Premium Numbers

by

By Andrew Brandt and Armando Orozco A Trojaned application that displays a cutesy image of a 2011 calendar on an Android device’s desktop comes with a nasty surprise: The app sends text messages to a premium service that charges the phone’s owner money. As first reported by the Taiwan-based AegisLab, a single developer, which went by the name zsone, published the apps to Google’s Android Market. All apps from that developer were pulled from the Market today by Google, though only some of them appeared to contain the undesirable code. We took a closer look at one of the apps, […]

Continue Reading »

Antivirus Center: Rogue of the Week

by

By Andrew Brandt and Brenden Vaughan Our Advanced Malware Removal group reported seeing several cases of a rogue called Antivirus Center this past week. The rogue isn’t new – we began seeing samples of it last year – but has re-emerged as a threat. This rogue is characterized by a close mimicry of some aspects of Microsoft’s free Windows Defender product, including the use of a program icon that looks like a castle, as well as some distinctive characteristics of its active file components. For example, the rogue’s application consistently uses a naming convention that looks like a long string […]

Continue Reading »

Thre@t Reply: “Online Shopping” | Part 2 of 2

by

In the second of a two-part series with Threat Research Analyst Grayson Milbourne, we answer a question about how to stay safe when shopping online. In the previous video, Grayson discussed how to identify a phishing page. In this episode, he continues his discussion by explaining how to tell whether the site you’re trying to purchase something from is operating safely and whether the site is able to protect your personal information when you click the “buy” button. [vimeo 23488027] As always, feel free to submit your security question to @webroot, or by email to blog (at) webroot (dot) com, or […]

Continue Reading »