Last days I was installing a SMF Forum in a website, but there was a problem. When an user was uploading a file as attachment it returned this error: An Error Has Occured! Cannot access attachments upload path. To fix this problem, go to Admin Panel -> Attachments and Avatars and be sure to write […]
Continue reading...

A user submitted a suspicious link that was present in his website as a hidden iframe. Malicious hidden iframes are mainly inserted into HTML pages of legitimate websites, by hackers that want to spread their malware with the objective of infecting all the users that visit the compromised website and in most of the cases, […]
Continue reading...

This second part of our part 1 analysis, will show you what the files we collected did once live. From the main loader we can extract the following useful strings: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 msxslt3.exe MsXSLT SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ntdll.dll wininet.dll Content-Type: application/x-www-form-urlencoded POST tmpf […]
Continue reading...

Whistler Bootkit is a new interesting Windows bootkit which attacks all Windows versions from 2000 up to the recent Server 2008 and 7. Whistler Bootkit can be used to start an executable with NT-AUTHORITY\SYSTEM rights on every startup of the OS and secure it from anything and anyone, making “impossible”
Continue reading...

A new fresh and sophisticated web-based bot named SpyEye is around in the markets and looks like to be the possible successor of the famous Zeus Trojan due to its very interesting features, with the main objective to steal bank accounts, credit cards, ftp accounts and other sensitive data from the victim’s computer. SpyEye was […]
Continue reading...

Today, when I was browsing the beedly.us website, I saw a suspicious ADS link where there was a link to the malicious website proantispyware2009(dot)com, so I started to analyze the link and, below, there is the result: So after clicking on the ADS I was redirected to a new sub-domain: and if we view the […]
Continue reading...

We have noticed a new case of blackhat SEO used by cybercriminals to distribute their backdoors and to gain as many victims as possible, by driving specific users traffic (by hijacking keywords in search engines) to malicious websites that contains hidden iframes, evil javascript codes, and other sorts of malicious code, that redirect the users […]
Continue reading...

Steve sent me a new interesting malware sample classified as I-Worm/Nuwar.W. When I executed the file, it injected code into a system process named svchost.exe, and I started to receive a lot of traffic from a specified domain that has a random name (aaqarkznvb.com), and during the established connections with the domain, a lot of […]
Continue reading...

InstallConverter This is where things get interesting. This company distributes one executable, TDL3. TDL3 is a very advanced piece of stealth malware, with rootkit capabilities. Here you can see Symantec are well aware of this. Backdoor.Tidserv This is how much they per for 1000 installs per country. USA - $170 Canada - $120 United Kingdom […]
Continue reading...

While searching images on Google Images, we noted a suspicious redirect: hxxp://epnfmackey. info/index.php?tp=81350e0ebb536599hxxp://epnfmackey. info/index.php?tp=81350e0ebb536599 It looks like the Blackhole Exploit Kit URL format! Malicious code can be found by analyzing the page source: The main redirect was created by this malicious URL: hxxp://www.buy-itraconazole. info/noob-tube&page=6hxxp://www.buy-itraconazole. info/noob-tube&page=6 Analysis from NoVirusThanks Sandbox: Connection Established - %ProgramFiles%\Internet Explorer\iexplore.exe - […]
Continue reading...

We have noted recently various messages posted by Facebook users that promote few methods to find out who visits your Facebook profile. At the end of the message there is a link to a Bit.ly shortened URL, as you can see from this image: The shortened URL redirects the users to a malicious URL: HTTP/1.1 […]
Continue reading...

We started to receive emails that state our Facebook account has been blocked due to suspicious activity and to activate it we should click on a URL. Clearly this is a scam, the email seems to be sent by an email account from China, see the image below: This is an image of the body […]
Continue reading...

Another FakeAV, this time called AntiVirus Studio 2010. Like all FakeAV’s it claims to have found alot of infections in your computer and the only way to clean it is to pay a hefty price for a “license key”. Here we have the main interface. As usual it starts the scan without any user interaction […]
Continue reading...

List of Firewall Software (Free) for Linux Systems: IPCop Firewall 1.4.21 IPCop Firewall is a Linux firewall distribution geared towards home and SOHO (Small Office/Home Office) users. The IPCop interface is very user-friendly and task-based. IPCop offers the critical functionality of an expensive network appliance using stock, or even obsolete, hardware and OpenSource Software. Homepage […]
Continue reading...

PlayMP3Z.biz is a new adware program that displays annoying popups, installs malicious files and also a Browser Helper Object that is used to control and hijack your Internet Explorer web browser. Make sure to not fall in this scam, if your computer is infected with PlayMP3Z.biz, it is recommended to remove it immediately and to […]
Continue reading...