Scam

We have a tool available to do just that. Click Here. How to use dd2010_decrypter.exe to do batch processing: Place the encrypted files in a directory (i.e. c:\encrypted_files\) Copy dd2010_decrypter.exe into another directory and FROM THAT DIRECTORY, run the following command: for %f in (“c:\encrypted_files\.”) do dd2010_decrypter.exe %f %f.decrypted All files in the encrypted_files folder will be processed and the new decrypted files will have the same name but their extension will be “.decrypted.” ...

Koobface is still going strong despite not making the headlines so much anymore. Well, the Koobface gang took the time to send a Christmas card and wish security researchers a happy new year. Very nice of them… For a couple of days now I’ve been looking at their infection method and trying to see any interesting patterns. The bad guys use bogus blogpost.com blog pages to redirect users to the actual Koobface malware. The redirection consists of several attempts to connect to compromised PCs, through their IP address. Below is a Fiddler log showing those attempted connections (in red are failed connections). Once a host has successfully responded, the users are redirected to a fake page prompting them to install a video codec. ...

I recently received a suspicious Gmail chat message from a friend (shown below). I was immediately suspicious about the message because this friend has never used chat to talk with me previously, and also he appeared to be offline and the content of the message was similar to messages that other instant messaging worms use. I expected that when I clicked on the link I would be asked to download an executable thinly disguised as a photo (for example, coolpic.jpg.exe) like W32.Scrimge.E or that some drive-by exploits would be used on the page such as the ones Koobface uses. Instead I was brought to the following page that asked me to log in to my choice of MSN, Yahoo, Gtalk, or AIM accounts to view the “private album.” ...

No Malware is a rogue security program, or a phony. NoMalware is designed to trick people into purchasing the software, which is actually useless, a PC infection in itself. NoMalware will use security scans to alert the user that their PC is infected. These security scans are not real, the infections reported are false. NoMalware will show these falsified scan results and refuse to remove the supposed infections unless the user buys the software. Do not fall for this scam. Victims that purchase NoMalware quickly lean that the software does not prevent infections or remove infections form their PC’s. ...

The massive growth of gold farming – the exchange of real money for virtual goods – might result in an increase in gaming Trojans and other malware aimed at gamers in the future. A well-respected researcher has described the incredible growth of “gold farming,” an significant industry and source of employment in China and other parts of Asia. He estimates there are 400,000 people, working for gold farming companies. They spend as much as 12 hours per day playing online games in order to accumulate virtual goods which can be sold to some of the 50 million on-line game players world wide for real cash. ...

The creators of WiniGuard rogue security software have released their first clone of 2010. This new rogue is called PcsProtector.

We see spam all the time. One of the most dependable things spammers do is to try and exploit various newsworthy events and holidays. Recently, we have seen spammers spreading malware using a combination of either or both flash updates andchristmas scams. Add one more to that list. Take for example, a spam I received today. The following email wishes the recipient a Merry Christmas and a Happy New Year, and then displays the following screen in an attempt to entice the user to click on the message. ...

This is an interesting sample, caught by our honeypots. The file comes as a zip archive from qtpom{removed}.tripod.com/codec.zip, which once extracted looks like this: It is almost undetected. Virus Total report here. Truth be told, no blatant sign of malware activity is noticed at first until this: What the heck? This is not my Google home page. And what are those tabs up there: “Pharmacy”, “Casino”? ...

Antivirus PC 2009 is the latest rogue security software to hit the internet. Antivirus PC 2009 is a complete scam designed to harass PC users into buying the corrupt software. Antivirus PC 2009 will try to trick people into thinking that their PC is infected with malware and recommends purchase or registering the software to remove the malware. Antivirus PC 2009 will show false scan results that report numerous infections. Antivirus PC 2009 will also display annoying popups and system alerts that stat the PC is infected, under attack or not protected with antivirus software and recommends buying Antivirus PC 2009. Antivirus PC 2009 will also prevent other programs from opening, even the web browser making it impossible to use the internet, rendering the PC nearly useless. ...

Cybercriminals love to use social engineering techniques to trick users into installing their malware. One of the latest fake-alert variants attempts to trick users into believing the software is related to or hosted by McAfee:mcafeevirusremover.com. The script hosted by the domain can attack the Windows browsers Internet Explorer, Mozilla Seamonkey, and Chrome. The script also affects browsers on Linux platforms. This fake-alert variant is hosted on at least 13 other known domains. McAfee’s Trusted Source blocks the IP addresses and the domains (including DNS and mail servers) associated with this Trojan. For example: ...