NoVirusThanks EXE Radar Pro Videos

EXE Radar Pro vs Infected Website with Hidden Iframe Password Protect Task Manager Execution Protect your Web Browser Block Execution of New Processes Started by IEXPLORE.EXE Block Processes Using Regular Expressions Remote PHP Notification with EXE Radar Pro Service Integrate Custom Antivirus Scanners with EXE Radar Pro New EXE...
Continue reading...

Blackhole Exploit Kit Served With Google Images Links

While searching images on Google Images, we noted a suspicious redirect: hxxp://epnfmackey. info/index.php?tp=81350e0ebb536599 It looks like the Blackhole Exploit Kit URL format! Malicious code can be found by analyzing the page source: The main redirect was created by this malicious URL: hxxp://www.buy-itraconazole. info/noob-t...
Continue reading...

Blackhole Exploit Kit Activity

Infected website: hxxp://somerandomiframedomain. com Activity: Connection Established - %ProgramFiles%\Internet Explorer\iexplore.exe - TCP - 92.38.232.92 - 80 Web Request - %ProgramFiles%\Internet Explorer\iexplore.exe - GET - somerandomiframedomain.com - /forum.php?tp=9c7447caf251fe78 File Created - %ProgramFiles%\Internet Exp...
Continue reading...

NoVirusThanks Automated Malware Analyzer (Preview)

We are working on a free online automated malware analyzer, here there are few example reports generated by the sandbox using malware samples captured in the wild. We capture every URL that is requested by the malware and every new file that is dropped in the disk, we use Driver Radar Pro to block loading […]
Continue reading...

FakeAV: AntiVirus Studio 2010

Another FakeAV, this time called AntiVirus Studio 2010. Like all FakeAV’s it claims to have found alot of infections in your computer and the only way to clean it is to pay a hefty price for a “license key”. Here we have the main interface. As usual it starts the scan without any user interaction […]
Continue reading...

PayPal Phishing – HTML Attachment

Got a another phishing email today. The email came to an email I have registered to a PayPal account so it instantly caught my eye. I logged into my PayPal account using the correct URL, all is well. So this is obviously another phishing attempt, but not the typical kind. Typical message content, but they […]
Continue reading...

Pay-Per-Install Analysis – Part Four

GoldInstall Next we have a company called GoldInstall. This is how much they pay for 1000 installs per country. Country Price OTH 13$ US 150$ GB 110$ CA 110$ DE 30$ BE 20$ IT 65$ CH 20$ CZ 20$ DK 20$ ES 30$ AU 55$ FR 30$ NL 20$ NO 20$ PT 30$ LB 6$ […]
Continue reading...

Facebook Spam Used For Canadian Pharmacy…again

More Canadian Pharmacy spam, this time in the form of a fake Facebook invite. Looks like a legitmate invite, but of course, its not. All links on the email point to: hxxp://204.177.184.101/~lgg/complicity.html There you can see the code will redirect the user without any interaction if JavaScript is enabled, if it isn’t it...
Continue reading...

Pay-Per-Install Analysis – Part Three

InstallConverter This is where things get interesting. This company distributes one executable, TDL3. TDL3 is a very advanced piece of stealth malware, with rootkit capabilities. Here you can see Symantec are well aware of this. Backdoor.Tidserv This is how much they per for 1000 installs per country. USA - $170 Canada - $120 Un...
Continue reading...

FakeAV Analysis: Defense Center

Defense Center is doing the rounds again, but this time seems to be a bit more aggresive! Lets start off with some screen shots. Like all rogue AV’s it bombards you with warnings about how your computer is “infected”. 30% off! You’d be a fool not to snap that offer up, wouldn’t you? Once installed, ...
Continue reading...