Posted by
admin on Wednesday, January 27th, 2010 57,549 views
This second part of our part 1 analysis, will show you what the files we collected did once live. From the main loader we can extract the following useful strings: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 msxslt3.exe MsXSLT SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ntdll.dll wininet.dll Content-Type: application/x-www-form-ur...
Continue reading...
Posted by
admin on Tuesday, January 26th, 2010 13,742 views
Today we will analyze a sample of a rogue security software that is packed by an unknown packer named Mystic Compressor, and that has been identified to be used mostly to pack rogue security software executables. Steve has successfully unpacked the sample and this is his analysis: Call to VirtualProtect to make the data in [&hel...
Continue reading...
Posted by
admin on Sunday, January 24th, 2010 7,781 views
Desktop Security 2010 is a rogue security software, it is a false anti-spyware application that is generally installed in the user’s computer by dangerous trojans (such as Zlob and false video codecs), but it can also be installed manually by the victim. Once your computer is infected with this parasite, it will immediatel...
Continue reading...
Posted by
admin on Sunday, January 24th, 2010 6,098 views
Win Security 360 is a rogue security software, it is a false anti-spyware application that is generally installed in the user’s computer by dangerous trojans (such as Zlob and false video codecs), but it can also be installed manually by the victim. Once your computer is infected with this parasite, it will immediately dis...
Continue reading...
Posted by
admin on Saturday, January 23rd, 2010 23,911 views
Recently, while I was searching on google for some security software related keywords, I have noticed a massive attempt of Blackhat SEO strategy used to capture users that search for keywords related to various security software. When clicking on any of these links the user is generally redirected to the malicious links that are...
Continue reading...
Posted by
admin on Friday, January 22nd, 2010 5,035 views
SysDefenders is a rogue security software, it is a false anti-spyware application that is generally installed in the user’s computer by dangerous trojans (such as Zlob and false video codecs), but it can also be installed manually by the victim. Once your computer is infected with this parasite, it will immediately display...
Continue reading...
Posted by
admin on Friday, January 22nd, 2010 5,299 views
DefendAPc is a rogue security software, it is a false anti-spyware application that is generally installed in the user’s computer by dangerous trojans (such as Zlob and false video codecs), but it can also be installed manually by the victim. Once your computer is infected with this parasite, it will immediately displays s...
Continue reading...
Posted by
admin on Friday, January 22nd, 2010 5,874 views
Ghost Antivirus is a rogue security software, it is a false anti-spyware application that is generally installed in the user’s computer by dangerous trojans (such as Zlob and false video codecs), but it can also be installed manually by the victim. Once your computer is infected with this parasite, it will immediately disp...
Continue reading...
Posted by
admin on Saturday, November 14th, 2009 34,152 views
We have noticed a new case of blackhat SEO used by cybercriminals to distribute their backdoors and to gain as many victims as possible, by driving specific users traffic (by hijacking keywords in search engines) to malicious websites that contains hidden iframes, evil javascript codes, and other sorts of malicious code, that re...
Continue reading...
Posted by
admin on Saturday, November 7th, 2009 7,768 views
Strategies used by cyber criminals to spread rogue software and other dangerous threats such as ZeUs Trojan or Zlob are always more oriented to web-based-spreading using Blackhat SEO and Social Engineering to let the user download and install the malicious executable file. The most used method is to create a webpage, generally w...
Continue reading...