When it is not actually a picture but an obfuscated malicious VB script! That’s the story with W32/VBSAuto-F — yet another autorun worm that sets a number of self-starting registry entries, spreads via USB drives, and downloads further malware. The worm embeds code in a JPEG comment field of an ambiguously named file “image.jpg” or…
Didier Stevens, security professional and blogger, has found a “feature” in the PDF file format that makes it possible to package an executable in a PDF file which will run in Foxit PDF reader or run in Adobe Reader with a bit of social engineering. “With Adobe Reader, the only thing preventing execution is a…
Today, our friends at Trend Micro blogged about a new attack vector using Microsoft Word documents. We saw this as well last week, and have written a detection for the dropped trojan. It’s not just a “lawsuit” that’s being spammed, we also picked up another form of this attack in our honeypots over the weekend:…
We’ve been seeing Fake AV programs getting more convincing for a while now. Some of the tricks employed by the guys behind these rogue programs include Windows-7-style fake scanners, in-browser “scanners”, and program features that ape other aspects of the operating system. Yesterday, though, we came across a misleading application called AntiVirusDemoFraud that is—how to…
Who wouldn’t want some tax benefits in the current economic times? Don’t phishers and scammers know that all too well! In a new phishing scheme, We found that Child Tax Credit is being used as bait to lure parents to disclose their financial data. This attack specifically tries to convince users to make claims for…
Not so long ago, examples of fake Firefox websites / downloads were in the news with the sites involved serving Hotbar installs. It seems the tactic of offering up Firefox (but giving you something else entirely) is going to be around for a little while. Below is a site promoting a Firefox .xpi called “The…
We found this interesting and malicious little mechanism. The hosts file on a machine under investigation was modified to redirect the victim’s browser to a well known legitimate site (in this case google.com) whenever he attempted to contact a list of nearly 400 sites. The list was a “Who’s Who” of the anti-malware world –…
Yesterday there was a volcanic eruption in Iceland, near the Eyjafjallajoekull glacier, that has led the Icelandic authorities to declare a state of emergency in southern Iceland. People living nearby have been evacuated in case of glacial melt water flooding and the airspace near the now active volcano is effectively closed off. As you have…
We’re investigating a series of SMS Worms, found in the wild in China. Known as Trojan:SymbOS/MerogoSMS, these worms try to spread on Symbian Series 60 3rd Edition devices. Symbian continues to be by far the most common smartphone operating system in the world. These worms spread by sending text messages to other phones. These text…
Do you know what the latest version of Adobe’s Flash Player is? If you don’t, you may very well fall for this: Flash Player 11? There are more than 3 million pages linking to this alleged version 11: Most pages are from unsanitized forums, but there is even a Google Ad for it! Ooooops…. The…