Tag: malware

Trojan-Dropper.Win32.Ambler

Recently a user has submitted a suspicious file, he informed us that he downloaded the files from a website that has served the file as a video codec. Below there is the report of the virus scaner: Report Generated: 18.3.2009 at 16.34.15 (GMT 1) File Name: setup_exe File Size: 63 KB MD5 Hash: A11E0E5389C93738D793E850C8AAA1C1 SHA...
Continue reading...

Rustock is back again more active than ever!

Recently Steve received some new .EXE files classified as Rootkit.Rustock and we have analyzed one file to see if the beast Rustock is still active. The bad thing is that the results of this analysis reveal that the spam activity of Rustock is yet highly active… During the analysis we noticed that the malware used [&hellip...
Continue reading...

LuckySploit – New exploit kit

In the last few days a user submitted a new sample of an exploit kit called LuckySploit. This new exploit kit (similar to EL.FIESTA Exploit Kit) is a set of .HTML files, used for spreading the malware with the method of Drive-by-Download, that are full of malicious JavaScript obfuscated (evil) code. A small part of […]
Continue reading...

PROHIBITED_MATRIMONY.rar Spam = Worm.Win32.Mabezat

We have recently received an email that contains a ZIP archive named: PROHIBITED_MATRIMONY.rar The subject of the email is: ABOUT PEOPLE WITH WHOM MATRIMONY IS PROHIBITED The file extracted from PROHIBITED_MATRIMONY.rar is named Readme.doc.exe and note that it has the double extension to trick the user to think that it is a norm...
Continue reading...

Christmas Postcard Spam and Trojan.Win32.Waledac

Steve sent me a sample of malware classified as Trojan.Win32.Waledac that he has received in some Christmas Postcard Spam emails with following subjects: Merry Christmas and best wishes just for you Merry Christmas 2009! A super Xmas card for you Merry XXXmas! You’ve got a Merry Christmas greeting e-card I made this e-card...
Continue reading...

Fake Flash Player and Trojan DNSChanger.gen

Steve has found a very interesting sample in the wild that looks like a fake flash player that installs the DNSChanger trojan in the victim’s computer. The malicious file is named FlashPlayer.v..exe: Report Generated 10.12.2008 at 16.48.20 (GMT 1) Filename: FlashPlayer.v..exe File size: 78 KB MD5 Hash: D2EBDAB38246882A8A39...
Continue reading...

I-Worm/Nuwar.W + Rustock.E Variant – Analysis

Steve sent me a new interesting malware sample classified as I-Worm/Nuwar.W. When I executed the file, it injected code into a system process named svchost.exe, and I started to receive a lot of traffic from a specified domain that has a random name (aaqarkznvb.com), and during the established connections with the domain, a lot ...
Continue reading...

Serpent BOT (Web Based Malware)

Steve sent me another sample of malware he found, but this time, we found a Web Based Malware with a web-interface: The file that established connections with the website was named load.exe and below there is the report of the scan: Report Generated 22.11.2008 at 23.15.36 (GMT 1) Filename: load.exe File size: 27 KB MD5 […...
Continue reading...

Trojan.Clicker served through beedly.us ADS

Today, while I was searching in beedly.us, I found this ADS: Why I get porn when I search for “free online virus” ? I followed the ADS to analyze it, and I arrived at a fake porn site that contains in the HTML some malicious code that was designed to trick the user into downloading […]
Continue reading...

Website with hidden iframe and Malware Analysis

All began this morning (16/10/2008) at 13:00am, I checked the HTML code of index.php and I saw something suspicious inside. Our index.php and 4 other .php pages were infected with an iframe from 11:00am to 13:00am, and fortunately we analyze the code of our site every 2/3 hours, and immediatly removed the infected code. I [&hell...
Continue reading...