This second part of our part 1 analysis, will show you what the files we collected did once live. From the main loader we can extract the following useful strings: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 msxslt3.exe MsXSLT SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ntdll.dll wininet.dll Content-Type: application/x-www-form-ur...
Continue reading...

Today we will analyze a sample of a rogue security software that is packed by an unknown packer named Mystic Compressor, and that has been identified to be used mostly to pack rogue security software executables. Steve has successfully unpacked the sample and this is his analysis: Call to VirtualProtect to make the data in [&hel...
Continue reading...

Desktop Security 2010 is a rogue security software, it is a false anti-spyware application that is generally installed in the user’s computer by dangerous trojans (such as Zlob and false video codecs), but it can also be installed manually by the victim. Once your computer is infected with this parasite, it will immediatel...
Continue reading...

Win Security 360 is a rogue security software, it is a false anti-spyware application that is generally installed in the user’s computer by dangerous trojans (such as Zlob and false video codecs), but it can also be installed manually by the victim. Once your computer is infected with this parasite, it will immediately dis...
Continue reading...

Recently, while I was searching on google for some security software related keywords, I have noticed a massive attempt of Blackhat SEO strategy used to capture users that search for keywords related to various security software. When clicking on any of these links the user is generally redirected to the malicious links that are...
Continue reading...

SysDefenders is a rogue security software, it is a false anti-spyware application that is generally installed in the user’s computer by dangerous trojans (such as Zlob and false video codecs), but it can also be installed manually by the victim. Once your computer is infected with this parasite, it will immediately display...
Continue reading...

DefendAPc is a rogue security software, it is a false anti-spyware application that is generally installed in the user’s computer by dangerous trojans (such as Zlob and false video codecs), but it can also be installed manually by the victim. Once your computer is infected with this parasite, it will immediately displays s...
Continue reading...

Ghost Antivirus is a rogue security software, it is a false anti-spyware application that is generally installed in the user’s computer by dangerous trojans (such as Zlob and false video codecs), but it can also be installed manually by the victim. Once your computer is infected with this parasite, it will immediately disp...
Continue reading...

We have noticed a new case of blackhat SEO used by cybercriminals to distribute their backdoors and to gain as many victims as possible, by driving specific users traffic (by hijacking keywords in search engines) to malicious websites that contains hidden iframes, evil javascript codes, and other sorts of malicious code, that re...
Continue reading...

Strategies used by cyber criminals to spread rogue software and other dangerous threats such as ZeUs Trojan or Zlob are always more oriented to web-based-spreading using Blackhat SEO and Social Engineering to let the user download and install the malicious executable file. The most used method is to create a webpage, generally w...
Continue reading...