Posts Categorized: Threat Research


More Malware Trades on Tawdry Searches

by

By now, you’ve most likely heard about how an ESPN reporter was victimized, and that a surreptitiously recorded video was distributed online. You may also have read that malware distributors were taking advantage of¬†the high level of interest in this video to rapidly disseminate malware by convincing people to click links to malicious Web sites, including a fake CNN lookalike site, to watch said tawdry video. Well, that first wave of malware was almost identical to the distribution we saw when Farrah Fawcett died a few weeks ago. Web surfers were urged to click a link to download a picture […]

Continue Reading »

AutoCAD Adware Trojans Target Techies

by

Every once in a while, you hear whispers or rumors about specially-crafted, targeted malware designed to steal a specific piece of data from a particular victim. The data thieves, in these limited cases, tend to be clever, thoughtful, and methodical in both the creation and deployment of their creations. Rarely do malware researchers encounter these files. But it does happen occasionally, and I thought I had stumbled upon one of these kinds of spies a few weeks ago. It’s a peculiar Trojan horse which has been written not as a standard Windows application, but as an ObjectARX application — an […]

Continue Reading »

Jackson/Fawcett Malware is Extortion-ware

by

As I reported yesterday, searches for information about the deaths of Michael Jackson or Farrah Fawcett were turning up links to malware. This came as no surprise to anyone, though the speed with which the links spread was astonishing: Within minutes of the first confirmation that Jackson had succumbed to a heart attack, the first malicious blog posts began popping up in search results. We’re continuing to monitor hundreds of malicious sites touting news of Jackson’s demise — and new malicious blogs are coming up as fast as the blog services can shut them off. The first site we encountered […]

Continue Reading »

Our Cup Runneth Over with Farrah Fawcett Files and Michael Jackson Malware

by

With the sad news circulating the globe that 70s sex symbol, TV pitchwoman, and former Charlie’s Angel Farrah Fawcett passed away this morning, it didn’t take long for the malware vultures to execute their attack. Beginning in the afternoon, our Proactive Research team began finding tons of pages that purportedly offered a Farrah Fawcett poster or photo for download. What you got, when you clicked the link that looks suspiciously like a video player (not a static image), was — you guessed it. A load of junk. Interestingly, hovering the mouse over the video link causes the browser to display […]

Continue Reading »

Drive-by Downloads Still Pack a Punch – If You Click

by

In the course of surfing around, looking for ways to get infected, I stumbled upon a site that offers visitors downloads of key generators, cracks, and other ways to circumvent the process used by most legitimate software companies to prevent people who didn’t pay for the software from registering or using it. And of course, I stumbled into a morass of malware. Well, “stumbled” isn’t entirely accurate. The site is well-known to us as a host of drive-by downloads — it’s a site that uses browser exploits to infect your computer. But I went there anyway just to see what […]

Continue Reading »

If You’ve Got Game, Phishers Want Your Stuff

by

Since the beginning of the year, my colleagues in the Threat Research group and I have been researching an absolutely astonishing volume of phishing Trojans designed solely to steal what videogame players value most: the license keys that one would use to install copies of legitimately purchased PC games, and/or the username and password players use to log into massively multiplayer online games, such as World of Warcraft. I can only imagine that it takes very little effort for the jerks behind this scheme to retrieve thousands of account details. (We began covering this issue briefly last week.) With such […]

Continue Reading »

May Threat Trend: Misleading Malware

by

The latest data from our customers indicate that, at least in the month of May, we were blocking and removing some of the nastiest threats on the Web. Among the spies we took out, we hit Fakealerts and Rogue Security Products hard. These spies simply try to fool you into making purchases you otherwise wouldn’t. After taking a hiatus of several months, the makers of these types of malware appear to be making a comeback. Simply put, a Fakealert is just a piece of adware. Unlike traditional ads, however, the ads a Fakealert pops up take on the appearance of […]

Continue Reading »

Adware client tags you as its pitchman

by

Over the past week, someone has been spamming the file sharing site ThePirateBay.org with comments advertising a new “product” called BittorrentBooster. According to the site’s administrators, the spammer used a large number of fraudulently registered accounts to post the messages as feedback, attached to hundreds, possibly thousands, of downloadable .torrent files, which file-sharers use to initiate a peer-to-peer download session. I decided to take a closer look, because the product’s claims — to be able to give file-sharers a massive speed boost during the “leeching” (or, downloading) phase of their torrent session — sounded pretty implausible. Impossible is more like […]

Continue Reading »

Facebook Miscreants Dealt a Temporary Smackdown

by

After more than a week of harassment by goofballs spamming links, Facebook users can breathe a sigh of relief that, for now, at least one source of trouble has been eradicated. Last week’s worm-like spread of links to the mygener.im domain, and this week’s use of the ponbon.im and hunro.im domains to phish Facebook users’ credentials, have been a puzzling diversion from my normal malware analysis tasks. The mygener.im link that was spammed into Facebook accounts redirected users to a page hosted elsewhere that contained nothing but perplexingly obfuscated Javascript (with variables — shown at left — that appear to […]

Continue Reading »

Old Chinese Hack Tool Used for New Tricks

by

This week’s installment of what’s-old-is-new-again in the world of malware¬†comes from one of the many groups making and distributing phishing Trojans in China. Earlier this year, someone discovered a hacktool called ZXArps, and began distributing it in earnest as a payload from another malicious downloader. Unlike most malware we see these days, ZXArps (which dates back to 2006, and was discovered by the English-speaking security community the following year) isn’t designed to perform a single task. It’s more like a Swiss Army knife, giving its users a great deal of control over not only the computer on which it’s running, […]

Continue Reading »