We have received an email that states we have an unread message and someone has sent us a private message. But it does not state if the unread message is from a social network, it only says it comes from SecureMessage.System, as you can see from this image: The body of the email is this: [...]
Continue reading...

We just logged a new C&C bot named KBOT: Content of the /js/ folder: Content of the /images/ folder: Content of the /css/ folder: Malware activity (cb119a6b42da7bba1b6151f2e0bd6f1e): File Created - %SAMPLE% - %Temp%\epbUex.UxO - A7A21220689BD796F6B74E5D983D810E - 2560 bytes - attr: [] - PE Connection Established - C:\WINDOW...
Continue reading...

There is a new exploit kit in the wild, this time named Karn!v0r3x v1.0: Html code of the login page: <html> <head> <title>Karn!v0r3x v1.0 [Inicio]| Malandrines .n3t</title> <script language="JavaScript" src="files/fallt.js"></script> <style> body{background:black;col...
Continue reading...

Another FakeAV, this time called AntiVirus Studio 2010. Like all FakeAV’s it claims to have found alot of infections in your computer and the only way to clean it is to pay a hefty price for a “license key”. Here we have the main interface. As usual it starts the scan without any user interaction [...]
Continue reading...

GoldInstall Next we have a company called GoldInstall. This is how much they pay for 1000 installs per country. Country Price OTH 13$ US 150$ GB 110$ CA 110$ DE 30$ BE 20$ IT 65$ CH 20$ CZ 20$ DK 20$ ES 30$ AU 55$ FR 30$ NL 20$ NO 20$ PT 30$ LB 6$ [...]
Continue reading...

InstallConverter This is where things get interesting. This company distributes one executable, TDL3. TDL3 is a very advanced piece of stealth malware, with rootkit capabilities. Here you can see Symantec are well aware of this. Backdoor.Tidserv This is how much they per for 1000 installs per country. USA - $170 Canada - $120 Un...
Continue reading...

Defense Center is doing the rounds again, but this time seems to be a bit more aggresive! Lets start off with some screen shots. Like all rogue AV’s it bombards you with warnings about how your computer is “infected”. 30% off! You’d be a fool not to snap that offer up, wouldn’t you? Once installed, ...
Continue reading...

WorldPays – Euro-Pays – SummerCash Next on the list we have 3 companies, who are distributing the same executable, so its safe to assume either they are all resellers for a single company, or 2 of them are reselling for the other. From the above images we can extract some dangerous domains used for spreading [...]
Continue reading...

What is Pay-Per-Install(PPI)? Pay-Per-Install is a system where people get paid for installation of software, 9 times out of 10 without the knowledge of the end-user.  The amount the affiliate gets paid depends which country the victim is in, countries like USA normally get the highest rates, while other less-known countries ...
Continue reading...

In recent days we have registered a new wave of spam messages with subject as “Cartoline” that looked like to come from virgilio.it, and that contained a link that appeared to redirects the user to legitimate sites such as cards.virgilio.it. After analyzing the HTML in the message, we noticed that the link could redi...
Continue reading...