Posts Categorized: Threat Research


Why Put Security Into the Cloud?

by

This week, Webroot’s Thre@t Reply managed to steal some time with Ian Moyse, who knows a thing or two about the benefits of putting your computer and network security into the cloud, out where the threats are, rather than keeping your security inside your network or on individual computers. [youtube=http://www.youtube.com/watch?v=JHAZxxWzBWk] As always, feel free to submit your security question to @webroot, or by email to blog (at) webroot (dot) com, or in the comments below and we’ll get one of our threat researchers to answer it on an upcoming Thre@t Reply video. To see any of our other video replies […]

Continue Reading »

MacProtector: Rogue of the Week

by

This week, we turn our attention temporarily away from the never-ending stream of rogue security products on the Windows platform and take a closer look at the Mac OS analogue, MacProtector (aka Mac Security, Mac Defender, MacGuard, and–if history serves–soon to be many, many other names). There’s been a lot of press coverage of these rogues — including a video blog post by us — in the past few weeks, so we thought it was high time we took a deeper dive. Even though Webroot doesn’t offer an automated removal solution for the Mac, there’s good news for most Mac users — […]

Continue Reading »

Thre@t Reply: What’s a Firewall?

by

This week’s Thre@t Reply video features Threat Research Analyst Armando Orozco answering one of the most frequently asked questions we receive: What is a firewall, and how does it work? Well, the actual question wasn’t put quite so politely, but that’s the gist of it. Armando is the primary researcher working on the Mobile Security for Android product, but he also researches malware on Windows and Mac malware, as well. [youtube=http://www.youtube.com/watch?v=p9cK7wkrZRo] As always, feel free to submit your security question to @webroot, or by email to blog (at) webroot (dot) com, or in the comments below and we’ll get one […]

Continue Reading »

Rogue of the Week: Windows Recovery

by

Word from the AMR group last week was that there weren’t many changes from the previous week; Many of the same rogue antivirus previously reported in this blog continue to plague the Internet. This week I decided to focus on a rogue that’s recently become a problem. It goes by the name Windows Recovery, though it’s also been called Ultra Defragger or HDD Rescue by other AV vendors. Bottom line, it’s still a fraudulent program which relies on deception and trickery to convince a victim to fork over some cash for a “fix.” It’s just not a rogue antivirus; Call […]

Continue Reading »

Chinese Android Trojan Texts Premium Numbers

by

By Andrew Brandt and Armando Orozco A Trojaned application that displays a cutesy image of a 2011 calendar on an Android device’s desktop comes with a nasty surprise: The app sends text messages to a premium service that charges the phone’s owner money. As first reported by the Taiwan-based AegisLab, a single developer, which went by the name zsone, published the apps to Google’s Android Market. All apps from that developer were pulled from the Market today by Google, though only some of them appeared to contain the undesirable code. We took a closer look at one of the apps, […]

Continue Reading »

Antivirus Center: Rogue of the Week

by

By Andrew Brandt and Brenden Vaughan Our Advanced Malware Removal group reported seeing several cases of a rogue called Antivirus Center this past week. The rogue isn’t new – we began seeing samples of it last year – but has re-emerged as a threat. This rogue is characterized by a close mimicry of some aspects of Microsoft’s free Windows Defender product, including the use of a program icon that looks like a castle, as well as some distinctive characteristics of its active file components. For example, the rogue’s application consistently uses a naming convention that looks like a long string […]

Continue Reading »

Thre@t Reply: “Online Shopping” | Part 2 of 2

by

In the second of a two-part series with Threat Research Analyst Grayson Milbourne, we answer a question about how to stay safe when shopping online. In the previous video, Grayson discussed how to identify a phishing page. In this episode, he continues his discussion by explaining how to tell whether the site you’re trying to purchase something from is operating safely and whether the site is able to protect your personal information when you click the “buy” button. [vimeo 23488027] As always, feel free to submit your security question to @webroot, or by email to blog (at) webroot (dot) com, or […]

Continue Reading »

Thre@t Reply: “Online Shopping” | Part 1 of 2

by

In the latest Thre@t Reply video, Threat Research Analyst Grayson Milbourne answers a reader’s question about how to avoid being phished. The first step is to be able to identify whether you’re on the legitimate Web site you think you are, and if you’re not, what are the telltale signs that indicate you may be looking at a fake site designed solely to steal your user account and password information. [youtube=http://www.youtube.com/watch?v=KklPP891bZ8] To see the second half of the video, or any of our other video replies to reader questions, check out this post or visit the Webroot channels on YouTube […]

Continue Reading »

ROTW: “Total Security” and Antivirus IS

by

By Brenden Vaughan and Andrew Brandt This week, our support and advanced malware removal (AMR) team did not have a lot of new data to report about rogue security products. The most commonly encountered infection continues to be one of the rogues we reported about last week. While we may refer to it as XP Total Security, it actually chooses one of a series of names at random, based on the operating system on the victim’s computer. Last week’s post contains a more comprehensive list of these names. As previously reported, you can remove the rogue by scanning (with our […]

Continue Reading »