Your Federal Tax Payment Has Not Been Rejected

by

It’s been more than a week since we started seeing spam email, supposedly sent by the EFTPS (Electronic Federal Tax Payment System, a division of the US Department of the Treasury), informing recipients in dire, bolded text that Your Federal Tax Payment ID: 01037513 has been rejected. I had hoped it would be a faded memory by now, but apparently it just won’t die. Spam, ladies and gentlemen. It’s a lie, cooked up in a criminal’s troubled mind, with the goal of convincing signficant numbers of people to click a link in the message. It’s a pretty contrived message, which […]

Continue Reading »

Patchy Phisher Forces Firefox to Forego Forgetting Passwords

by

Every browser can, at the user’s discretion, be set up to remember passwords. In general, Webroot advises most users not to set the browser to store login credentials, because they’re so easily extracted by password-stealing Trojans like Zbot. In Firefox, for example, you can click Tools, Options, then open the Security tab, and uncheck a box that tells the browser to remember passwords entered into Web forms. (The box is checked by default.) But in the course of taking a more thorough look at a Trojan that came to our attention in July, we were surprised to see the Trojan […]

Continue Reading »

Five Reasons You Should Always “Stop. Think. Connect.”

by

Today’s the official kickoff for National Cyber Security Awareness Month, and the organizations supporting the event, including the National Cyber Security Alliance, the Anti-Phishing Working Group, and dozens of corporate citizens including Webroot, want you to protect your computer and your personal information. So they’ve come up with a three word campaign slogan they hope will become conventional wisdom for every Internet user: Stop. Think. Connect. Think of it as the 21st century equivalent of looking both ways before crossing the street. In my case, they’re preaching to the choir. For years, I’ve advocated that people treat everything they see […]

Continue Reading »

Newsflash: HTML Spammers are Not So Bright

by

It’s been more than a week that we at Webroot, and countless others, have been getting floods of bogus messages with HTML attachments. I thought I’d give the curious readers of this blog a quick glance at one of the drive-by sites that load in the browser if you try to open the file. As I’d mentioned previously, the HTML files themselves simply contain highly obfuscated Javascript (code that’s hard for humans to read but easy for machines to interpret). When you try to load those malicious scripts into a browser, the script instructs the browser to load a page […]

Continue Reading »

Civilization 5 Torrent Bonus: Uncivilized Malware

by

Bootlegged copies of Civilization 5, the highly anticipated, just-released real time strategy game, are already popping up in file sharing services. And, as we’ve come to expect, some of the pirated copies of the game come with that little something special — malicious components. One of our Threat Research Analysts, who also happens to be an avid gamer, started looking for pirated copies of the game Friday morning and, within five minutes of looking, found Trojans in some of the torrents in circulation. I’ve chosen to focus on one of these files, not only because it was the first we […]

Continue Reading »

Malicious HTML Mail Attachments Flood Inboxes

by

If you hadn’t already noticed, an ongoing spam campaign where someone is sending email messages with attached HTML files continues to be a problem. The current campaign appears to be a new wave of spam similar to the one I reported about in July. The messages, which began arriving a week ago, have subject lines pulled from news headlines (“Cops kill shooter at Johns Hopkins Hospital,” “America’s Got Talent Judges Were They Shocked,” “Daniel Covington”) and with a financial angle (“Apartment for rent,” “Invoice for Floor replacement,” “credit card,” and the ever-popular “Shipping Notification”). The messages themselves are brief, such […]

Continue Reading »

Epic Malware Dropper Makes No Attempt to Hide

by

In the world of first-person shooter games, getting the most headshots – hits on the opponent which instantly take the opponent’s avatar out of the game — is a prized goal. The headshot is the quickest way to dispatch a foe in virtually every shooter, which is why the file name of a malware sample, currently in circulation, stood out. The file, yogetheadshot.php.exe (VT), is a dropper, a glorified bucket designed to tip over and spill other malware all over a PC. But where other droppers might leave behind a handful of payloads, this one utterly decimated a testbed PC […]

Continue Reading »

New Rogue Is Actually Five Rogues in One

by

For years, the makers of those snake oil security programs we call Rogue Security Products have spent considerable effort making up new names, developing unique graphic design standards, and inventing backstories for their utterly useless, expensive scam products. Now a new rogue has taken this never ending shell game one step further, releasing a single program that calls itself one of five different names, depending on what button an unfortunate victim clicks in a highly deceptive dialog box. Let’s call it what it really is, though: A malicious play in five acts. The rogue’s delivery method, or Act 1 in […]

Continue Reading »

Workplace Social Networking: More Like Antisocial Not-working

by

By Ian Moyse, EMEA Channel Director Hardly a week goes by when the national press doesn’t carry a story about how social networks represent a threat to privacy or security, or both. These news stories aren’t wrong: Users of social networks face a raft of risks, ranging from malware attacks and identity theft, to cyberbullying, grooming from sexual predators or stalkers, viewing or posting inappropriate content, and the ever-present risk that you (or someone you work with) might end up with your foot (or is it your keyboard?) firmly in mouth. Using social networks to give out too much information […]

Continue Reading »

Cracked Trojan-Maker Infects Prospective Criminals

by

In what seems to be a trend in my September blog posts, the research team has run across a program meant for criminally-minded people which has a nasty surprise inside. The program in question is called the ZombieM Bot Builder, which is used by the kind of upstanding citizens who spread Trojans in order to build up botnets — a collective of infected computers that can act as one entity. The creators of this program, an Argentinian group called Arhack, sell it for 180 euros. But don’t pull out your stolen credit cards just yet, because Arhack doesn’t take Visa: […]

Continue Reading »