Tag Archive | "malware"

Tags: , , ,

Rogue Anti-Spyware Application ‘Security Tool’ Spreading Through Fake ‘Warning’ Pop-up Alerts

Posted on 19 September 2010 by GranTorinoGuy

spyware-malware-bug-removalHave you ever been alerted through a pop-up notification that some type of application has detected a Virus on your computer but the message did not come from your normal anti-virus or anti-spyware software?

A fake security application called ‘Security Tool’ has been reported to display annoying and false ‘Security Tool Warning’ messages in an effort to convince computer users that they must purchase the full ‘Security Tool’ program.

Security Tool is a rogue anti-spyware program or in other words, a fake anti-spyware program that mimics a legitimate one only to extort money from computer users. Over the past few weeks Security Tool has been known to display a specific fake pop-up error message. The error pop-up message reads:

Security Tool Warning
Spyware.IEMonster activity detected. This is spyware that attempts to steal passwords from Internet Explorer, Mozilla Firefox, Outlook and other programs. Click here to remove it immediately with Security Tool
Security Tool Warning
Security Tool has detected harmful software in your system. We strongly recommend you to register Security Tool to remove these threats immediately.

The message above can be rather convincing to an unsuspecting computer user. Someone who is not familiar with the way rogue anti-spyware applications function could very well click on this notification and unintentionally install or run additional malware threats on their system. The Spyware.IEMonster parasite mentioned in the message above is a legitimate computer infection but in reality it is not the threat that is being detected. The message is completely fabricated.

It is a common tactic for rogue anti-spyware programs to utilize these fake warning messages to get computer users to either download and install malware or to purchase a bogus security program. In the case of Security Tool’s message above, it is known to be a scam that if clicked on will redirect the computer user to a bogus web site that asks the user to enter personal information along with a credit card to purchase the full version of Security Tool. The full version of Security Tool, unfortunately, does not detect or remove parasites as it says it will. Matter of fact, no rogue anti-spyware programs is able to detect or remove parasites. The creators of such applications program to make you think that they will ‘solve’ your parasite infection issues.

What we have learned from Security Tool so far is that it will repeatedly display the bogus warning message above until action is taken to completely remove Security Tool from the computer. Computer users must also realize that purchasing Security Tool will NOT solve any computer security issues at hand nor will it stop displaying the annoying warning message. The messages’ intent is to only sell and spread the fake security program Security Tool.

Popularity: 14%

Comments (0)

Tags: , ,

Brazil Soccer Coach Dunga gets Blue Eye in Malware Attack

Posted on 03 June 2010 by SlimboCA

Hackers are using the FIFA World Cup to lure victims in malware attacks.

This is the picture of Brazil Coach Carlos Dunga which hackers are using to con computer users into downloading malware onto their systems.

This is the picture of Brazil Coach Carlos Dunga which hackers are using to con computer users into downloading malware onto their systems.

Brazilian national soccer coach Carlos Dunga is the first popular world cup figure to be used as bait by cyber criminals.

The hackers are using email spam – which appears to be a page from a popular Brazilian newspaper – claiming that Dunga has been involved in a vicious assault. The coach was allegedly punched in the face by two angry fans because two players – Neymar and Ganso – had not been selected in his 23-man team for the FIFA World Cup in South Africa later this month.

Besides offering a very poorly modified picture of the coach, this scam also contained a link to pictures of the fight, but link leads to a corrupt website: hxxp://ml210-202-198-66.vdslpro.static.apol.com.tw/[REMOVED]/index.asp?

The link redirects unwary World Cup fans to another website, which belongs to the Malaysian government (according the domain .GOV.MY ) and which appears to be hacked: hxxp://kew.mida.gov.my/[REMOVED]agressao_dunga.exe

The file which claims to contain photos related of the fight is really a Trojan which specializes in capturing banking credentials. With the World Cup only eight days away, many more of these scams will surely arise.

Popularity: 13%

Comments (0)

Tags: , , , , , , ,

Spam and Cybercrime Attacks on Twitter and Facebook Have Tripled in 2009

Posted on 02 February 2010 by SlimboCA

Malware, spam and spyware attacks are on the rise on social networks such as Twitter, MySpace, Facebook and LinkedIn.

In the last year, 57 percent of users report they have been spammed via social networking sites, an increase of 70.6 percent compared to last year. Furthermore, 36 percent of users claim they’ve been sent spyware via social networking sites, which is a rise of 69.8 percent from last year.

On the other hand, CEOs of companies are concerned that their employees’ usage of social networks is posing a security risk for their company. Sophos has surveyed more than 500 organizations, discovering that 72 percent of them think social networks are a danger for their companies, with 60 percent of them tagging Facebook as the biggest security risk, followed by MySpace, Twitter and LinkedIn.

Facebook is the biggest threat because it’s the biggest social network out there, but some of the blame can be placed on Facebook’s own privacy rules. When Facebook rolled-out its new recommended privacy settings late last year, it was seen largely a backwards step, encouraging many users to share their information with everybody on the Internet.

Cyber-criminals are now also selling hacked usernames and passwords online to make hundreds of dollars. One Twitter account was offered at $1 000 in an underground hacker forum.

Hackers have maliciously been creating Internet data-stealing spyware since 2005. Now it’s becoming a growing problem on the Internet as these programs become more sophisticated. Some corrupt programs seek banking passwords, others hunt for online gaming credentials. But according to online security experts, the fastest-growing data stealers are generic spying programs which steal as much information as possible from their victims.

Cybercrooks are starting to realize that they can do more than simply swipe credit card numbers. In 2009 about 70,000 of these programs were identified, twice as many as the year before, and almost three times the number of banking password stealing programs.

Gmail accounts have been compromised and are put up for sale on Russian hacker forums, asking price 2500 rubles, or $82. RapidShare accounts going for $5 per month, as well as Skype, instant messaging and Facebook credentials being offered. The prices vary depending on the one who owns the account and the number of followers the person has. Attackers usually look for a trusted stepping stone from which to send malicious Twitter messages and infect more machines. A Twitter account, with just over 320 followers, has been offered at $1,000 in an underground hacker forum. Compared to MSN accounts, which have been seen priced at €1 (USD$1.40), the price for Twitter accounts is really high.

When the value of stolen credit cards and other types of credentials are added up, hackers can easily take in $1,000 worth of data after hacking just one computer.

Popularity: 27%

Comments (0)

Tags: , , ,

Santa’s Trojan Horse Spoils Xmas

Posted on 02 January 2010 by GranTorinoGuy

Computer users are being spoiled rotten this Christmas. Another piece of malware purporting to be a message from Santa is delivering surprise gifts over the Internet disguised in an electronic greetings card.

The Trojan horse “MerryX.A” is delivered in an email that encourages the recipient to open an attached “animation.” While the animation of Santa Claus delivering presents plays, a piece of malware hiding behind the name “SQLServer.exe” is installed on PCs running Windows, according to security experts. The software transmits information about the infected computer to a remote server, and then attempts to download files, which could include other malware, experts say.

Earlier this week, security researchers identified an instant-messaging worm, IM.GiftCom.All. Once it has infected a computer, the worm searches the contact databases of installed IM applications, and sends messages to the contacts it finds, encouraging them to visit a Web site. If the recipients click on the link, the Web site attempts to download another piece of malware to infect their PCs, which in turn spread the message further.

The end-of-year holidays provide plenty of opportunities for malware writers to hone their social-engineering skills since Internet users are unsurprised to receive brief messages with a seasonal theme from long-lost friends or distant business contacts.This time last year, someone modified the Zafi email worm to spread itself in a message entitled “Merry Christmas.”

As at any other time of year, security researchers advise users that the best defense is to check out unsolicited attachments or Web links with the purported sender before opening or clicking on them.

Popularity: 13%

Comments (0)