Category: Malware Analysis

Rogue security software XP Total Security spreads by email

We have received an email that states we have an unread message and someone has sent us a private message. But it does not state if the unread message is from a social network, it only says it comes from SecureMessage.System, as you can see from this image: The body of the email is this: […]
Continue reading...

KBOT C&C Malware

We just logged a new C&C bot named KBOT: Content of the /js/ folder: Content of the /images/ folder: Content of the /css/ folder: Malware activity (cb119a6b42da7bba1b6151f2e0bd6f1e): File Created - %SAMPLE% - %Temp%\epbUex.UxO - A7A21220689BD796F6B74E5D983D810E - 2560 bytes - attr: [] - PE Connection Established - C:\WINDOW...
Continue reading...

Karn!v0r3x v1.0 Exploit Kit

There is a new exploit kit in the wild, this time named Karn!v0r3x v1.0: Html code of the login page: <html> <head> <title>Karn!v0r3x v1.0 [Inicio]| Malandrines .n3t</title> <script language="JavaScript" src="files/fallt.js"></script> <style> body{background:black;col...
Continue reading...

FakeAV: AntiVirus Studio 2010

Another FakeAV, this time called AntiVirus Studio 2010. Like all FakeAV’s it claims to have found alot of infections in your computer and the only way to clean it is to pay a hefty price for a “license key”. Here we have the main interface. As usual it starts the scan without any user interaction […]
Continue reading...

Pay-Per-Install Analysis – Part Four

GoldInstall Next we have a company called GoldInstall. This is how much they pay for 1000 installs per country. Country Price OTH 13$ US 150$ GB 110$ CA 110$ DE 30$ BE 20$ IT 65$ CH 20$ CZ 20$ DK 20$ ES 30$ AU 55$ FR 30$ NL 20$ NO 20$ PT 30$ LB 6$ […]
Continue reading...

Pay-Per-Install Analysis – Part Three

InstallConverter This is where things get interesting. This company distributes one executable, TDL3. TDL3 is a very advanced piece of stealth malware, with rootkit capabilities. Here you can see Symantec are well aware of this. Backdoor.Tidserv This is how much they per for 1000 installs per country. USA - $170 Canada - $120 Un...
Continue reading...

FakeAV Analysis: Defense Center

Defense Center is doing the rounds again, but this time seems to be a bit more aggresive! Lets start off with some screen shots. Like all rogue AV’s it bombards you with warnings about how your computer is “infected”. 30% off! You’d be a fool not to snap that offer up, wouldn’t you? Once installed, ...
Continue reading...

Pay-Per-Install Analysis – Part Two

WorldPays – Euro-Pays – SummerCash Next on the list we have 3 companies, who are distributing the same executable, so its safe to assume either they are all resellers for a single company, or 2 of them are reselling for the other. From the above images we can extract some dangerous domains used for spreading [&hellip...
Continue reading...

Pay-Per-Install Analysis – Part One

What is Pay-Per-Install(PPI)? Pay-Per-Install is a system where people get paid for installation of software, 9 times out of 10 without the knowledge of the end-user.  The amount the affiliate gets paid depends which country the victim is in, countries like USA normally get the highest rates, while other less-known countries ...
Continue reading...

Spam emails Cartoline.exe spread Spy.Banker Trojan

In recent days we have registered a new wave of spam messages with subject as “Cartoline” that looked like to come from virgilio.it, and that contained a link that appeared to redirects the user to legitimate sites such as cards.virgilio.it. After analyzing the HTML in the message, we noticed that the link could redi...
Continue reading...