Posts by admin

Blackhole Exploit Kit Served With Google Images Links

While searching images on Google Images, we noted a suspicious redirect: hxxp://epnfmackey. info/index.php?tp=81350e0ebb536599hxxp://epnfmackey. info/index.php?tp=81350e0ebb536599 It looks like the Blackhole Exploit Kit URL format! Malicious code can be found by analyzing the page source: The main redirect was created by this ma...
Continue reading...

Blackhole Exploit Kit Activity

Infected website: hxxp://somerandomiframedomain. comhxxp://somerandomiframedomain. com Activity: Connection Established - %ProgramFiles%\Internet Explorer\iexplore.exe - TCP - 92.38.232.92 - 80 Web Request - %ProgramFiles%\Internet Explorer\iexplore.exe - GET - somerandomiframedomain.com - /forum.php?tp=9c7447caf251fe78 File Cre...
Continue reading...

NoVirusThanks Automated Malware Analyzer (Preview)

We are working on a free online automated malware analyzer, here there are few example reports generated by the sandbox using malware samples captured in the wild. We capture every URL that is requested by the malware and every new file that is dropped in the disk, we use Driver Radar Pro to block loading […]
Continue reading...

FakeAV: AntiVirus Studio 2010

Another FakeAV, this time called AntiVirus Studio 2010. Like all FakeAV’s it claims to have found alot of infections in your computer and the only way to clean it is to pay a hefty price for a “license key”. Here we have the main interface. As usual it starts the scan without any user interaction […]
Continue reading...

Bredolab and FakeAV spread again with spam emails

We noticed in the past week a new wave of spam emails that contain a file attached in ZIP or RAR format that is used to spread the dangerous trojan Bredolab and the setup files of rogue security software (FakeAV). In some emails we have found a file attached with extension PDF that is used […]
Continue reading...

Massive number of blogs hacked for Blackhat SEO

We noticed a new high number of blogs (more than 60) hacked for massive blackhat SEO strategies used to redirect users to fake scanner pages that will prompt the users to download a rogue security software named Security Master AV. This is a small list of hacked websites we have found that host malicious scripts […]
Continue reading...

Spam emails Cartoline.exe spread Spy.Banker Trojan

In recent days we have registered a new wave of spam messages with subject as “Cartoline” that looked like to come from virgilio.it, and that contained a link that appeared to redirects the user to legitimate sites such as cards.virgilio.it. After analyzing the HTML in the message, we noticed that the link could redi...
Continue reading...

C’e’ una Cartolina per te! = Backdoor.IRC.Zapchast

We have noticed new waves of spam messages, this time in Italian language only, that promote the message “Happy Easter” and contain malicious links that redirect the users to download a file named BuonaPasqua.gif.exe, detected as Backdoor.IRC.Zapchast and it looks like to be an ircbot. Email headers: Sender: Cartolin...
Continue reading...

Mabezat worm and winmail.dat are back again

We have noticed in the past week a new wave of spam emails containing a file attached named, in all the cases, as winmail.dat. The attached file is, in real, a rar archive and it has extracted a file named Readme.doc .exe: Some of the subjects of the emails are: MBA new vision Web designer […]
Continue reading...