Alert

Mozilla yesterday posted a notice on its AMO blog (that’s an acronym for their add-on site addons.mozilla.org) that two add-ons have been found infected with Trojan code: Sothink Web Video Downloader v. 4.0 and all versions of Master Filer. Version 4.0 of Sothink Web Video Downloader contained Win32.LdPinch.gen and Master Filer contained Win32.Bifrose. According to the blog, Masterfiler was downloaded 600 times before it was removed from the site Jan. 25 and Sothink was downloaded more than 4,000 times before it was removed Feb. 2. ...

Since yesterday, our lab has detected a flood of email messages that seem to contain a Microsoft Update, but it’s actually malware. We’ve seen around 3,000 in a few hours. The message is like the following: This email, which seems to have been sent by the Microsoft Support team, informs you that a new security update for Outlook/Outlook Express has been released. It’s a critical update, so it’s better to install it as soon as possible. ...

In recent weeks, various cybercrime attacks have disrupted the computer systems that allow nations to manage their national greenhouse-gas emissions quotas and their possession of carbon assets according to international agreements (the Kyoto Protocol and the European system). One quota is the right to emit the equivalent of one ton of carbon dioxide during a specified period. The initial attack targeted the Danish CO₂ quota register that was shut down on January 12. The Danish authorities took this decision after registry users received a fake email purporting to originate from the Danish Energy Agency and redirecting the recipients to a mirror site to steal their credentials. ...

With the latest release of their browser, v.4.0, Google has published a long expected feature: Browser Extensions. Now Chrome features what other browsers like Firefox, IE, Opera and so on offer for a long time already. But, being able to compete with the others better doesn’t mean that they have solved all problems. Actually, their problems just start to appear – because adding extensions in the browser is just the same as opening Pandora’s box. ...

It has been a month since Sophos added detection for Troj/JSRedir-AK and figures generated today show that over 40% of all web-based detections have been from this malicious code. [Graph shows Malware hosted on websites from 2009-12-22 11:00:00 to 2010-01-21 11:00:00 (GMT-8)] Translating the numbers into a more human comprehensible form: 1 site every 15 secs was being detected as Troj/JSRedir-AK. ...

Disguised IQ test combines virus, rootkit and worm — malicious code for one fatal formula BitDefender today identified a new e-threat that combines the destructive behavior of a virus with the spreading mechanisms of a worm. There are two known variants of this virus, which enters the computer as a harmless IQ test. Once executed, the worm creates between seven and eleven copies of itself (depending on the variant) in critical areas of the Windows system. ...

I am a very lucky guy. In fact, I must be the luckiest person in the world since spammers like to send all kinds of lucky spam to me. These days, I get inundated with lucky spam. The last spam I had, I got offered a free gift card if I purchased some Viagra from them. Wow. On other days, asking me to lose my weight results in instant chances of winning a lottery at the same time and all of this is due to my lucky email address. ...

False images from Cosmopolitan infect computers with fake antivirus product BitDefender today warned of a new threat following the flood of interest in the result of the January 19th Massachusetts elections. The day after his winning Senate campaign, nude pictures of Cosmopolitan’s Sexiest Man of 1982 Scott Brown not only stirred women’s imaginations, but also got the interest of malware creators. The latter exploited the news to spread a fake antivirus: Trojan.FakeAV.XP. Instead of spicy pictures, the targeted user received messages of false infections on their computer and prompts to buy a fake antivirus product. ...

Some questionable sites associated with the Winigard family of rogue security products pulls it from this location, which appears to belong to a graphic designer in Canada. It’s funny and here’s waaaay too much truth there:

This week we’ve seen a spam campaign aimed at separating unsuspecting users from their iPhone details. Messages have the subject “IMPORTANT: Your iPhone Warranty Extension for 1 Year!”, pretend to be sent from “[email protected]”, and look as follows (click to enlarge the image): Recipients who feel like they can’t let this limited-time too-good-to-be-true special offer pass them by will find themselves redirected to the following page: ...