Track Global Malware Trends
View the trending of malware based on the 'detection count' reports of threats found in infected PCs and volume levels which reflect malware infection rates. For real-time data on malware outbreaks worldwide, visit MalwareTracker.

Top Security News

Top 20 Countries Found to Have the Most Cybercrime
Have you ever wondered which countries face the most cybercrime? If you have ever wondered which countries have the most cybercrime, then you may be surprised to know that there are few contributing factors that attract cybercriminals to specific regions of the world. Security research firm,...
Gmail Filter Virus Attacks Gmail Users Turning Them Into Spammers
A new vulnerability within the Gmail email account system, called Gmail Filter Virus, is currently affecting some Gmail users taking control of their account turning it into a virtual spam proxy. Many Gmail account users will utilize the 'filters' feature for various automation functions in...
Crafty Scammers Offer a Fake Survey Bypassing Script That is Really a Survey Scam Campaign in Disguise
Just when you think that you have heard about some of the most clever scams online, cybercrooks amaze us all again as they introduce their very own solution to online survey scams. The people responsible for survey scams are not only still tricking computer users through the use of their annoying...

More Articles

LaSuperba

LaSuperba may be associated with numerous problems that may be caused by PUPs (Potentially Unwanted Programs). LaSuperba may interrupt the computer users' activities when browsing the Web and cause performance problems on affected Web browsers. LaSuperba is linked to an adware that may affect most commonly used Web browsers on the Windows operating system, including Internet Explorer, Mozilla Firefox and Google Chrome. LaSuperba advertisements may take the form of irritating pop-up messages that make it very difficult to use the affected Web browser. In most cases, removing adware associated with LaSuperba will stop LaSuperba advertisements from appearing on affected Web browsers. However, most adware infections do not come alone; the presence of one adware component may indicate the presence of others, all of which may be connected with LaSuperba and similar unwanted content....

Posted on August 31, 2015 in Adware

VirLock Ransomware

Screenshot

The VirLock Ransomware is a ransomware Trojan that takes computers hostage and then demands payment from the computer users using BitCoin, a crypto-currency that is known for permitting anonymous online payments. The VirLock Ransomware will threaten computer users, claiming that the VirLock Ransomware has found pirated software on the infected computer and threatening to report the victim to the authorities unless the fine is paid. These claims have no basis. The VirLock Ransomware cannot check your computer for pirated software or alert the authorities. Rather, the VirLock Ransomware is engineered to lock down your computer and prevent access to your files. If the VirLock Ransomware...

Posted on December 10, 2014 in Ransomware

CryptoWall Ransomware

Screenshot

The CryptoWall Ransomware is a ransomware Trojan that carries the same strategy as a number of other encryption ransomware infections such as Cryptorbit Ransomware or CryptoLocker Ransomware . The CryptoWall Ransomware is designed to infect all versions of Windows, including Windows XP, Windows Vista, Windows 7 and Windows 8. As soon as the CryptoWall Ransomware infects a computer, the CryptoWall Ransomware uses the RSA2048 encryption to encrypt crucial files. Effectively, the CryptoWall Ransomware prevents computer users from accessing their data, which will be encrypted and out of reach. The CryptoWall Ransomware claims that it is necessary to pay $500 USD to recover the encrypted...

Posted on May 12, 2014 in Ransomware

CryptoLocker Ransomware

Screenshot

The CryptoLocker Trojan is a ransomware infection that encrypts the victim's files. CryptoLocker may typically be installed by another threat such as a Trojan downloader or a worm. Once CryptoLocker is installed, CryptoLocker will search for sensitive files on the victim's computer and encrypt them. Essentially, CryptoLocker takes the infected computer hostage by preventing access to any of the computer user's files. CryptoLocker then demands payment of a ransom to decrypt the infected files. CryptoLocker is quite harmful, and ESG security analysts strongly advise computer users to use an efficient, proven and updated anti-malware program to protect their computer from these types of...

Posted on September 11, 2013 in Ransomware

MyStart by Incredibar

Screenshot

MyStart is a browser hijacker that uses the MyStart by Incredibar toolbar and a browser hijacking component that forces its victims to visit the MyStart.Incredibar.com website. This website is a low-quality search engine that displays more advertisements than legitimate results. Even worse, several of MyStart's search results may lead computer users to websites containing malicious content. Although MyStart actually provides a supposed tool to remove this component from the victim's web browser, ESG security researchers recommend disregarding this component and instead removing MyStart with the help of a reputable anti-malware utility. MyStart can refer to both the low-quality...

Posted on July 31, 2012 in Adware

FBI Moneypak Ransomware

Screenshot

ESG security researchers have received reports of a ransomware infection, known as the FBI Moneypak ransomware, that targets computer users in the United States. The FBI Moneypak ransomware infection will claim that the victim's computer was involved in viewing child pornography and then demands payment of a 100 dollar 'fine' to be sent via MoneyPack. Of course, that a criminal charge as serious as child pornography would be punished with a mere 100 dollar fine is laughable. There is a reason for this, the FBI Moneypak ransomware is not really from the FBI. Rather, this message is actually part of a common malware scam. The FBI Moneypak ransomware scam will use a Winlocker, that is,...

Posted on June 25, 2012 in Ransomware

Live Security Platinum

Screenshot

Live Security Platinum is one of the many fake security programs in the WinWebSec family of malware. Although ESG security researchers have been following the family of malware for several years, Live Security Platinum is a relatively new variant first detected in 2012. Because of this, it is pivotal to ensure that your security software is fully updated. Like most fake security programs, Live Security Platinum is designed to induce PC users to purchase a worthless 'full version' of Live Security Platinum. To do this, Live Security Platinum will try to scare the computer user with a variety of fake error messages, pop-up alerts from the Taskbar and a convincing fake scan of the...

Posted on June 1, 2012 in Rogue Anti-Spyware Program

DNS Changer

Screenshot

DNS Changer is a Trojan that is designed to force a computer system to use rogue DNS servers. Also, DNS Changer is being referred to as the Internet Doomsday Virus, Ghost Click Malware, DNS Changer Rootkit, DNS Changer Malware, DNS Changer Trojan, DNS Changer Virus, FBI DNS Changer or DNSChanger. A DNS Changer infection will typically have two steps, in order to reroute the infected computer’s traffic to these malicious DNS servers: A DNS Changer malware infection will change the infected computer system’s settings, in order to replace the DNS servers to rogue DNS servers belonging to hackers or online criminals. The DNS Changer malware infection will then try to...

Posted on November 25, 2011 in Trojans

‘Cyber Security Warning’ Scam Message

The 'Cyber Security Warning' scam message can appear on your screen when you are infected with adware and click on corrupted links. Adware may have entered your CP with a free software bundle that you installed with the 'Express' and 'Typical' option. The 'Cyber Security Warning' scam message is used by fake technical support companies to scare users and attempt to convince them that they have committed a cyber crime. The 'Cyber Security Warning' screen is known to feature the following text: 'YOUR COMPUTER HAS BEEN LOCKED! Your computer has been locked due to violation of the cyber security Act of 2016 (SCA 2016, A. 2077) of the United States Of America. Your IP address was used to visit websites containing Virus, Malware, Trojan and Key Logger. Your computer also contains files that have infected with a virus. Spam-messages which contains virus were also sent from your...

Posted on August 26, 2016 in Adware

‘Hacking Alert’ Pop-Ups

The 'Hacking Alert' is hosted on untrusted pages and may be displayed on your screen if you are infected with adware like Dealsfinder and Everysale . Online shops and sites with inadequate security may feature ads and in-text hyperlinks that bring up the 'Hacking Alert' pop-ups as well. Security investigators note that the 'Hacking Alert' pop-up messages should not be trusted because they provide misleading information to cause distress and direct the user to call numbers like 800-098-8383. Con artists operate the phone lines listed on the 'Hacking Alert' pop-ups. They are trained to use utilities and error reports in Windows to fool the user into thinking that the OS is infected. The con artists may enter commands in CMD and play GIF animations on the potential victim's PC to simulate a virus infection. You should not call numbers provided on the 'Hacking Alert' pop-ups if you...

Posted on August 26, 2016 in Browser Hijackers

‘Savepanda@india.com’ Ransomware

The Savepanda@india.com Ransomware is not the dark project of eco-terrorists that want to save as many pandas as possible by using Ransomware to collect 'donations to the cause.' The Savepanda@india.com Ransomware is used by cyber extortionists to gather ransom from users that have their data locked and wish to restore it. The Savepanda@india.com Ransomware is not an original encryption Trojan; it is built on the Crysis Ransomware engine and is spread among users via traditional means like spam email and corrupted links. Experts reveal that the Savepanda@india.com Ransomware is compatible with the latest version of Windows and targets a broad range of data containers. The Savepanda@india.com Ransomware uses the AES-128 cipher to lock the user's data and appends a custom file extension to altered objects. The Savepanda@india.com Ransomware scans for targets on connected drives and...

Posted on August 26, 2016 in Ransomware

Malevich Ransomware

The Malevich Ransomware is named after the black screen it uses to notify the user of its presence. However, when the Malevich Ransomware changes your desktop wallpaper, it is too late to save your data. The desktop wallpaper at hand serves as a manifesto for the Malevich Ransomware by pointing the user to check for the ransom note on the PC. Researchers report that the Malevich Ransomware is a custom build of the Crysis Ransomware , and it may be deployed to users via spam emails that look like invoices and links to photos on Facebook and Instagram by your friends. The Malevich Ransomware is nearly identical to the Radxlove7@india.com Ransomware , and the Grand_car@aol.com Ransomware ,. The Malevich Ransomware targets the following file formats: .odc, .odm, .odp, .ods, .odt, .docm, .docx, .doc, .odb, .mp4, sql, .7z, .m4a, .rar, .wma, .gdb, .tax, .pkpass, .bc6, .bc7, .avi,...

Posted on August 26, 2016 in Ransomware

‘Ramachandra7@india.com’ Ransomware

The Ramachandra7@india.com Ransomware is another adaptation of the Crysis Ransomware to the modern anti-virus defenses that is designed to extort users for money. The Ramachandra7@india.com Ransomware is an Encryption Trojan that you may encounter in spam email and at untrusted pages. The Ramachandra7@india.com Ransomware is aimed at users that do not update their systems regularly and do not follow sound cyber security policies. The Ramachandra7@india.com Ransomware is very similar to the Vegclass Ransomware and the Veracrypt Ransomware since they are running on the same engine. The Ramachandra7@india.com Ransomware is programmed to use the AES-128 encryption method to lock files on your drives and drop a ransom note. The Ramachandra7@india.com Ransomware is known to target the following data containers: .odc, .odm, .odp, .ods, .odt, .docm, .docx, .doc, .odb, .mp4, sql,...

Posted on August 26, 2016 in Ransomware

Fantom Ransomware

The Fantom Ransomware is a rather intriguing cryptomalware that makes an extra effort to hide its activity with a fake update screen. The Fantom Ransomware may be delivered to users via compromised RDP (Remote Desktop Protocol) connections and spam mail. What makes the Fantom Ransomware stand out is that it is using signed executable like WindowsUpdate.exe and WinUpdSvc.exe to run undetected. Additionally, the Fantom Ransomware will use the native Windows message service to bring up an alert that the user needs to install a critical update for Windows. Users that open a file attached to spam and are presented with a critical update after that immediately are likely to have executed the Fantom Ransomware. The fake Windows update screen by Fantom Ransomware will act as a diversion and occupy the user's attention with a slowly moving progress bar. Meanwhile, the Fantom cryptomalware...

Posted on August 26, 2016 in Ransomware

Leslie Jones’ Official Site Hacked, Exposing Private Docs and Nude Photos

There is no question as to the Internet being a cruel world. Computer hackers and cybercrooks are constantly on the hunt to steal your information or make you the next victim of an online crime in some shape or form. In recent unfortunate events on the Internet, actress and comedian Leslie Jones's official website was hacked to display her private documents and nude photographs of her. After discovering the hacking incident, Jones' official site, justleslie.com, was taken down and redirected to a parked 404 page. Leslie Jones is known for her tall-statured presence on the big screen and featured in the new Ghostbusters movie. She has a rather large following on social media in addition to her fan base surrounding her many TV and movie appearances. The recent hack on Jones' website has resulted in frustration from the shocking racism and sexism against her as an...

Posted on August 25, 2016 in Computer Security

‘Systemdown@india.com’ Ransomware

The 'Systemdown@india.com' Ransomware belongs to a large family of ransomware Trojans that are all variants of Crysis, a ransomware Trojan first observed in March of 2016. The 'Systemdown@india.com' Ransomware was first spotted in the wild in August of 2016. The 'Systemdown@india.com' Ransomware's attack is typical of these kinds of threats. The 'Systemdown@india.com' Ransomware may be installed on the victim's computer in a number of different ways. Once installed, the 'Systemdown@india.com' Ransomware encrypts the victim's files using a strong encryption algorithm. The 'Systemdown@india.com' Ransomware then demands that the victim pays large amounts of money to recover access to the infected files. One of the reasons why ransomware Trojans like the 'Systemdown@india.com' Ransomware are so effective is that, even if they are removed with a reliable security program, the files will...

Posted on August 25, 2016 in Ransomware

‘Makdonalds@india.com’ Ransomware

The 'Makdonalds@india.com' Ransomware is a ransomware Trojan that belongs to a large family of ransomware threats that is active today. The 'Makdonalds@india.com' Ransomware uses a sophisticated encryption algorithm to encrypt the victim's files, changing their extension to '.makdonalds@india.com.xtbl' in the process. The use of the extension '.xbtl' is one characteristic of the 'Makdonalds@india.com' Ransomware that seems to connect to other members of this threatening encryption ransomware Trojan family. How the 'Makdonalds@india.com' Ransomware Carries out Its Attack In many cases, the 'Makdonalds@india.com' Ransomware is installed with the help of another threat infection. The 'Makdonalds@india.com' Ransomware may enter the victim's computer by taking advantage of vulnerabilities that can be exploited to install this threat infection. In most cases, the...

Posted on August 25, 2016 in Ransomware

Window Rates Manager

Window Rates Manager is a PUP (Potentially Unwanted Program). Computer users affected by Window Rates Manager have complained that Window Rates Manager uses large amounts of processing power and other system resources. According to these reports, Window Rates Manager (contained in the file winrate.exe) uses up to 20 simultaneous threads and may use large amounts of memory at once. This makes affected computers freeze and present significant performance issues frequently. Computer users have reported that Window Rates Manager will run in the background constantly, starting up when Windows starts up and running and consuming Windows resources automatically even when nothing else is running on the affected computer. Window Rates Manager has been associated with game installs, particularly new expansions of the World of Warcraft (particularly when installed from a questionable website or...

Posted on August 25, 2016 in Possibly Unwanted Program

‘844-313-5529’ Pop-Ups

The '844-313-5529' pop-ups are part of an adware application or scam that attempts to make computer users believe that their system is in need of service or repair. The '844-313-5529' pop-ups may explain a bogus situation where your porn was detected or you have been flagged for identity theft. Those who give into the message displayed by the '844-313-5529' pop-ups may dial and connect to the toll-free number it provides, which will connect you to a person who demands payment from you. Paying for the alleged issues that the '844-313-5529' pop-ups relays on its notification is a bit mistake that may end up costing you a lot of money in the long run. The '844-313-5529' pop-ups is part of an adware scam that should be detected and removed with the proper antimalware resources.

Posted on August 25, 2016 in Browser Hijackers

‘888-403-7927’ Pop-Ups

The '888-403-7927' pop-ups are part of an adware scheme that may be intrusive as it displays at random when surfing the Internet. The '888-403-7927' pop-ups may display when you are viewing certain web pages where it may offer a toll free service number for supposedly fixing computer issues that may have been detected on your computer. Computer users who utilize the '888-403-7927' Pop-Ups service by dialing the number may be connected to a person where a computer fix service is offered. Though, the service will demand that a payment be made for the service and potentially make up issues that they have detected on your computer. Moreover, the '888-403-7927' Pop-Ups may cause performance issues with your web browser, which is more reason to remove the '888-403-7927' Pop-Ups by using the proper antimalware resources to detect and eliminate all instances of the adware add-ons or...

Posted on August 25, 2016 in Browser Hijackers

Everyday Manuals Toolbar

Everyday Manuals Toolbar is a questionable add-on component or browser extension that is known to offer quick functions for accessing manuals over the Internet. Additionally, Everyday Manuals Toolbar may be intrusive for some computer users as it is prone to loading sponsored links or advertisements upon using associated sites that it may cause to load. Much like other common add-on toolbars, Everyday Manuals Toolbar will take up space just below the menu bar of your web browser application. Everyday Manuals Toolbar may also display a search box, that if used, will query internet search results only to be surrounded with advertisements and sponsored links. While Everyday Manuals Toolbar is not immediately harmful to a PC, it may lead to loading of questionable sites that could distribute malicious files or applications. It is best that computer users utilize caution when using the...

Posted on August 25, 2016 in Possibly Unwanted Program

‘Sitaram108@india.com Ransomware’

The 'Sitaram108@india.com' Ransomware is part of a large ransomware family. The 'Sitaram108@india.com' Ransomware and its variants first appeared in 2016. The 'Sitaram108@india.com' Ransomware is fairly typical and similar to other countless encryption ransomware Trojan attacks that have become quite common in the last couple of years. However, the 'Sitaram108@india.com' Ransomware uses a sophisticated encryption algorithm, which means that the files encrypted by the 'Sitaram108@india.com' Ransomware cannot be decrypted without access to the decryption key. Unfortunately, a decryption utility for the files affected by the 'Sitaram108@india.com' Ransomware and its variants does not exist currently. This is one of the ways in which ransomware Trojans are more effective than many other threat infections; even if the 'Sitaram108@india.com' Ransomware is removed with an anti-malware...

Posted on August 25, 2016 in Ransomware

‘A_Princ@aol.com’ Ransomware

The 'A_princ@aol.com Ransomware' is part of a large family of ransomware Trojans that was first observed in Spring of 2016. This particular variant, the 'A_princ@aol.com Ransomware', was first observed in August of 2016. Like its many variants, the 'A_princ@aol.com Ransomware' carries out a typical ransomware Trojan attack: the 'A_princ@aol.com Ransomware' enters a victims' computers through covert methods, encrypts their files using a strong encryption algorithm, and then demands the payment of a large ransom. PC security analysts consider the 'A_princ@aol.com Ransomware' a strong threat to the computer users' data and steps should be taken to ensure that you are well protected from the 'A_princ@aol.com Ransomware' and other ransomware attacks. The best step you can take to make sure that you do not become a victim of the 'A_princ@aol.com Ransomware' or one of the other countless...

Posted on August 25, 2016 in Ransomware
1 2 3 4 5 6 7 8 9 10 11 1,081