We have received another fake UPS email containing an infected ZIP archive: Dear customer.   The parcel was sent your home address. And it will arrive within 3 business day.   More information and the tracking number are attached in document below.   Thank you.   Copyright © 1994-2011 United Parcel Service of America, Inc. [...]

EXE Radar Pro vs Infected Website with Hidden Iframe Password Protect Task Manager Execution Protect your Web Browser Block Execution of New Processes Started by IEXPLORE.EXE Block Processes Using Regular Expressions Remote PHP Notification with EXE Radar Pro Service Integrate Custom Antivirus Scanners with EXE Radar Pro New EXE Radar Pro Rules How to Configure [...]

In this video we want to demonstrate that Behavioral Analysis feature in NoVirusThanks EXE Radar Pro can successfully block recent versions of Blackhole Exploit Kit. We have enabled the option “Block Process + Quarantine File” in Behavioral TAB. When we visit the infected website, we can see that the payload of blackhole exploit kit is [...]

While searching images on Google Images, we noted a suspicious redirect: hxxp://epnfmackey. info/index.php?tp=81350e0ebb536599 It looks like the Blackhole Exploit Kit URL format! Malicious code can be found by analyzing the page source: The main redirect was created by this malicious URL: hxxp://www.buy-itraconazole. info/noob-tube&page=6 Analysis from NoVirusThanks Sandbox: Connection Established – %ProgramFiles%\Internet Explorer\iexplore.exe – TCP – [...]

Infected website: hxxp://somerandomiframedomain. com Activity: Connection Established – %ProgramFiles%\Internet Explorer\iexplore.exe – TCP – 92.38.232.92 – 80 Web Request – %ProgramFiles%\Internet Explorer\iexplore.exe – GET – somerandomiframedomain.com – /forum.php?tp=9c7447caf251fe78 File Created – %ProgramFiles%\Internet Explorer\iexplore.exe – %UserProfile%\Impostazioni locali\Temporary Internet Files\Content.IE5\OJZMJR51\forum[1].htm – 05BF0A782B09E63E962AF592C04CF640 – 16304 bytes – attr: [] – - Connection Established – %ProgramFiles%\Internet Explorer\iexplore.exe – TCP – [...]

We are working on a free online automated malware analyzer, here there are few example reports generated by the sandbox using malware samples captured in the wild. We capture every URL that is requested by the malware and every new file that is dropped in the disk, we use Driver Radar Pro to block loading [...]

Another FakeAV, this time called AntiVirus Studio 2010. Like all FakeAV’s it claims to have found alot of infections in your computer and the only way to clean it is to pay a hefty price for a “license key”. Here we have the main interface. As usual it starts the scan without any user interaction [...]

Got a another phishing email today. The email came to an email I have registered to a PayPal account so it instantly caught my eye. I logged into my PayPal account using the correct URL, all is well. So this is obviously another phishing attempt, but not the typical kind.     Typical message content, [...]

GoldInstall   Next we have a company called GoldInstall.     This is how much they pay for 1000 installs per country.   Country Price OTH 13$ US 150$ GB 110$ CA 110$ DE 30$ BE 20$ IT 65$ CH 20$ CZ 20$ DK 20$ ES 30$ AU 55$ FR 30$ NL 20$ NO 20$ [...]

More Canadian Pharmacy spam, this time in the form of a fake Facebook invite.     Looks like a legitmate invite, but of course, its not. All links on the email point to:   hxxp://204.177.184.101/~lgg/complicity.html     There you can see the code will redirect the user without any interaction if JavaScript is enabled, if [...]