The SecurityTool rogue security product, which first turned up early in October, is still active and trying to avoid countermeasures by setting up 12-24 download sites per day. It comes in two flavors online scanner scam: and fake codec scam: For more information Click Here.
This is a new one: bribeware. They’ll pay you a dollar to install their product. Nice idea, but unfortunately in this case it comes bundled with malware. We detect it as C4DLMedia, a group of installers that include adware and agents that change browser home pages. It’s considered a “moderate” risk. I wonder if Microsoft considered this for VISTA. C4DL Media might have a marketing problem with the dollar bribe though. In places where a dollar is worth enough to make this worth the effort there probably isn’t any Internet connectivity.
Conficker (also known as Downadup) has dominated security headlines for months. Today — April 1, 2009 — media coverage peaks because variant Conficker.C is programmed to check a larger set of domain names for update instructions. The worm has not melted the internet overnight, but the attention is useful if it pushes lagging patches out the door. Defense is mostly discipline, not mystery. How It Spreads Conficker exploits failures administrators have warned about for years: ...
It’s not possible to emphasise enough the importance of using sensible passwords on your network. Not just on the areas of your network that you don’t want your users to traipse through, but also on the default network shares that are present on installations of commonly used operating systems like Windows NT/2000/XP/2003. One of the ways in which the Conficker worm (also known as Confick or Downadup) uses to spread is to try and batter its way into ADMIN$ shares using a long list of different passwords. ...
Early 2006 delivered a rude reminder: a picture was not always safe. A flaw in how Windows handles WMF (Windows Metafile) images allows attackers to run code through crafted files — sometimes simply by viewing them in a browser, image viewer, or Explorer preview pane. It is a classic zero-day moment: exploit code is circulating while users wait for an official fix. Why This Feels Different Previous worms often needed obvious .exe attachments. The WMF issue blurs the line: ...
If you run support for a home network or a small office, 2004 has been a constant lesson in how fast email malware spreads once one person clicks the wrong attachment. Mydoom was the headline name, but it lived in the same noisy ecosystem as Bagle and Netsky. Different family, same outcome: crowded mail queues, angry contacts, and half a day lost to cleanup. What We Saw in Early 2004 Mydoom.A appeared in January and spread faster than most AV vendors could ship signatures. Variants targeted high-profile domains — including SCO and Microsoft — with DDoS traffic from infected bots. Mydoom.B followed within days with tweaked behavior. By spring, IT forums were full of the same question: “Why is our mail server queueing ten thousand outbound messages?” ...