Tag: rogue

Welcome to the jungle: Zeus + Pinch + Rogue Software

This second part of our part 1 analysis, will show you what the files we collected did once live. From the main loader we can extract the following useful strings: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 msxslt3.exe MsXSLT SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ntdll.dll wininet.dll Content-Type: application/x-www-form-ur...
Continue reading...

Unpacking Mystic Compressor used to pack Rogue Software

Today we will analyze a sample of a rogue security software that is packed by an unknown packer named Mystic Compressor, and that has been identified to be used mostly to pack rogue security software executables. Steve has successfully unpacked the sample and this is his analysis: Call to VirtualProtect to make the data in [&hel...
Continue reading...

How to remove Desktop Security 2010 (Uninstall instructions)

Desktop Security 2010 is a rogue security software, it is a false anti-spyware application that is generally installed in the user’s computer by dangerous trojans (such as Zlob and false video codecs), but it can also be installed manually by the victim. Once your computer is infected with this parasite, it will immediatel...
Continue reading...

How to remove Win Security 360 (Uninstall instructions)

Win Security 360 is a rogue security software, it is a false anti-spyware application that is generally installed in the user’s computer by dangerous trojans (such as Zlob and false video codecs), but it can also be installed manually by the victim. Once your computer is infected with this parasite, it will immediately dis...
Continue reading...

Blackhat SEO Campaign targets Security Software

Recently, while I was searching on google for some security software related keywords, I have noticed a massive attempt of Blackhat SEO strategy used to capture users that search for keywords related to various security software. When clicking on any of these links the user is generally redirected to the malicious links that are...
Continue reading...

How to remove SysDefenders (Uninstall instructions)

SysDefenders is a rogue security software, it is a false anti-spyware application that is generally installed in the user’s computer by dangerous trojans (such as Zlob and false video codecs), but it can also be installed manually by the victim. Once your computer is infected with this parasite, it will immediately display...
Continue reading...

How to remove DefendAPc (Uninstall instructions)

DefendAPc is a rogue security software, it is a false anti-spyware application that is generally installed in the user’s computer by dangerous trojans (such as Zlob and false video codecs), but it can also be installed manually by the victim. Once your computer is infected with this parasite, it will immediately displays s...
Continue reading...

How to remove Ghost Antivirus (Uninstall instructions)

Ghost Antivirus is a rogue security software, it is a false anti-spyware application that is generally installed in the user’s computer by dangerous trojans (such as Zlob and false video codecs), but it can also be installed manually by the victim. Once your computer is infected with this parasite, it will immediately disp...
Continue reading...

More than 100 websites compromised for Blackhat SEO strategy

We have noticed a new case of blackhat SEO used by cybercriminals to distribute their backdoors and to gain as many victims as possible, by driving specific users traffic (by hijacking keywords in search engines) to malicious websites that contains hidden iframes, evil javascript codes, and other sorts of malicious code, that re...
Continue reading...

Blackhat SEO used to spread SystemVeteran Rogue Software

Strategies used by cyber criminals to spread rogue software and other dangerous threats such as ZeUs Trojan or Zlob are always more oriented to web-based-spreading using Blackhat SEO and Social Engineering to let the user download and install the malicious executable file. The most used method is to create a webpage, generally w...
Continue reading...