Earlier on this morning I happened to notice a redirect page used in a meds spam campaign that just happened to also be compromised with a malicious script. You can see the META tag redirect that will instruct the browser to immediately load the page on the target site. And immediately below, it, the obfuscated…
It’s not a huge surprise that we are seeing some malware spam runs where the malicious attachment attempts to portray itself as a Christmas Greeting of some sort. Here’s an example from today (md5: C670165AE6DFA8318F0EA795B1D3AD55). This one is actually a Zapchast (IRC bot variant). The “Christmas Card” requires it’s own “special version” of Flash to…
I blogged about the three generations of the WiniGuard family of rogue security products that began in October of 2008. Friday, the 50th rogue in that line appeared. Analyst Patrick Jordan noted that there appeared to be a newly named clone added to the “genealogy” about every 48 hours. He’s been right. Monday they found…
New rogue borrows massively from AV company sites Our friend M.N. Bharath drew our attention to this web site associated with the new System Adware Scanner 2010 rogue security product. Although the group claims 10 million users world-wide, oddly enough their site was only registered Nov. 25. It seems they also have recruited the entire…
Case in point: findproper[dot]org These are the types of sites that are used to download from third party affiliate sites. If the setup.exe had run, it would have installed the AntiMalware rogue. For more information Click Here.
Following on from the latest Captcha techniques used by the W32/Koobface worm, it seems that the malware authors have turned to Santa for help to deliver it’s nasty surprise which awaits Facebook users. The infection drops other trojans such as FakeAlert and leaves the user renderless. It all begins with a post on a user’s…
Despite talk of Tiger Woods’ sponsors “limiting his role” in their advertising campaigns, he is still very much hot stuff when it comes to search engine queries which means he’s still a viable target for the malware writers. We can see that Tiger Woods related searches are still being poisoned with malicious results using Search…
Internet Security 2010, It’s a rebranded clone of Advanced Virus Remover, a rogue security product. It’s one of your run-of-the mill rogues, using run-of-the mill scare tactics, except its payment screen contains a static graphic that imitates the McAfee Secure certification. A real “McAfee Secure” certification is a DAILY certification, it contains the date and…
Lately, a Google work at home scam has been plastering its way throughout the Internet. The scam site is designed to look like a convincing news paper article and is currently circulating heavily through social networks (hacked and spam accounts) and ad networks. Example of the scam wall post on Facebook from a hacked account:…
Basically, the rogue antispy was directing the victim to a genuine Microsoft address, but was modifying the html on the fly as it came back from the real Microsoft page. It made it read that Microsoft was recommending that the victim should buy the rogue. That’s a pretty good trick that will catch a lot…