Posted by
admin on Monday, July 25th, 2011 |
6,278 views
EXE Radar Pro vs Infected Website with Hidden Iframe Password Protect Task Manager Execution Protect your Web Browser Block Execution of New Processes Started by IEXPLORE.EXE Block Processes Using Regular Expressions Remote PHP Notification with EXE Radar Pro Service Integrate Custom Antivirus Scanners with EXE Radar Pro New EXE...
Continue reading...
Posted by
admin on Saturday, June 25th, 2011 |
28,810 views
While searching images on Google Images, we noted a suspicious redirect: hxxp://epnfmackey. info/index.php?tp=81350e0ebb536599 It looks like the Blackhole Exploit Kit URL format! Malicious code can be found by analyzing the page source: The main redirect was created by this malicious URL: hxxp://www.buy-itraconazole. info/noob-t...
Continue reading...
Posted by
admin on Thursday, June 16th, 2011 |
14,217 views
Infected website: hxxp://somerandomiframedomain. com Activity: Connection Established - %ProgramFiles%\Internet Explorer\iexplore.exe - TCP - 92.38.232.92 - 80 Web Request - %ProgramFiles%\Internet Explorer\iexplore.exe - GET - somerandomiframedomain.com - /forum.php?tp=9c7447caf251fe78 File Created - %ProgramFiles%\Internet Exp...
Continue reading...
Posted by
admin on Tuesday, June 14th, 2011 |
10,388 views
We are working on a free online automated malware analyzer, here there are few example reports generated by the sandbox using malware samples captured in the wild. We capture every URL that is requested by the malware and every new file that is dropped in the disk, we use Driver Radar Pro to block loading […]
Continue reading...
Posted by
admin on Monday, October 4th, 2010 |
23,774 views
Another FakeAV, this time called AntiVirus Studio 2010. Like all FakeAV’s it claims to have found alot of infections in your computer and the only way to clean it is to pay a hefty price for a “license key”. Here we have the main interface. As usual it starts the scan without any user interaction […]
Continue reading...
Posted by on Tuesday, August 10th, 2010 | 7,733 views
Got a another phishing email today. The email came to an email I have registered to a PayPal account so it instantly caught my eye. I logged into my PayPal account using the correct URL, all is well. So this is obviously another phishing attempt, but not the typical kind. Typical message content, but they […]
Continue reading...
Posted by on Monday, July 26th, 2010 | 9,767 views
GoldInstall Next we have a company called GoldInstall. This is how much they pay for 1000 installs per country. Country Price OTH 13$ US 150$ GB 110$ CA 110$ DE 30$ BE 20$ IT 65$ CH 20$ CZ 20$ DK 20$ ES 30$ AU 55$ FR 30$ NL 20$ NO 20$ PT 30$ LB 6$ […]
Continue reading...
Posted by on Saturday, July 17th, 2010 | 9,120 views
More Canadian Pharmacy spam, this time in the form of a fake Facebook invite. Looks like a legitmate invite, but of course, its not. All links on the email point to: hxxp://204.177.184.101/~lgg/complicity.html There you can see the code will redirect the user without any interaction if JavaScript is enabled, if it isn’t it...
Continue reading...
Posted by on Thursday, July 15th, 2010 | 30,160 views
InstallConverter This is where things get interesting. This company distributes one executable, TDL3. TDL3 is a very advanced piece of stealth malware, with rootkit capabilities. Here you can see Symantec are well aware of this. Backdoor.Tidserv This is how much they per for 1000 installs per country. USA - $170 Canada - $120 Un...
Continue reading...
Posted by on Wednesday, July 7th, 2010 | 13,929 views
Defense Center is doing the rounds again, but this time seems to be a bit more aggresive! Lets start off with some screen shots. Like all rogue AV’s it bombards you with warnings about how your computer is “infected”. 30% off! You’d be a fool not to snap that offer up, wouldn’t you? Once installed, ...
Continue reading...
