Track Global Malware Trends
View the trending of malware based on the 'detection count' reports of threats found in infected PCs and volume levels which reflect malware infection rates. For real-time data on malware outbreaks worldwide, visit MalwareTracker.

Top Security News

Top 20 Countries Found to Have the Most Cybercrime
Have you ever wondered which countries face the most cybercrime? If you have ever wondered which countries have the most cybercrime, then you may be surprised to know that there are few contributing factors that attract cybercriminals to specific regions of the world. Security research firm,...
Gmail Filter Virus Attacks Gmail Users Turning Them Into Spammers
A new vulnerability within the Gmail email account system, called Gmail Filter Virus, is currently affecting some Gmail users taking control of their account turning it into a virtual spam proxy. Many Gmail account users will utilize the 'filters' feature for various automation functions in...
Crafty Scammers Offer a Fake Survey Bypassing Script That is Really a Survey Scam Campaign in Disguise
Just when you think that you have heard about some of the most clever scams online, cybercrooks amaze us all again as they introduce their very own solution to online survey scams. The people responsible for survey scams are not only still tricking computer users through the use of their annoying...

More Articles

LaSuperba

LaSuperba may be associated with numerous problems that may be caused by PUPs (Potentially Unwanted Programs). LaSuperba may interrupt the computer users' activities when browsing the Web and cause performance problems on affected Web browsers. LaSuperba is linked to an adware that may affect most commonly used Web browsers on the Windows operating system, including Internet Explorer, Mozilla Firefox and Google Chrome. LaSuperba advertisements may take the form of irritating pop-up messages that make it very difficult to use the affected Web browser. In most cases, removing adware associated with LaSuperba will stop LaSuperba advertisements from appearing on affected Web browsers. However, most adware infections do not come alone; the presence of one adware component may indicate the presence of others, all of which may be connected with LaSuperba and similar unwanted content....

Posted on August 31, 2015 in Adware

VirLock Ransomware

Screenshot

The VirLock Ransomware is a ransomware Trojan that takes computers hostage and then demands payment from the computer users using BitCoin, a crypto-currency that is known for permitting anonymous online payments. The VirLock Ransomware will threaten computer users, claiming that the VirLock Ransomware has found pirated software on the infected computer and threatening to report the victim to the authorities unless the fine is paid. These claims have no basis. The VirLock Ransomware cannot check your computer for pirated software or alert the authorities. Rather, the VirLock Ransomware is engineered to lock down your computer and prevent access to your files. If the VirLock Ransomware...

Posted on December 10, 2014 in Ransomware

CryptoWall Ransomware

Screenshot

The CryptoWall Ransomware is a ransomware Trojan that carries the same strategy as a number of other encryption ransomware infections such as Cryptorbit Ransomware or CryptoLocker Ransomware . The CryptoWall Ransomware is designed to infect all versions of Windows, including Windows XP, Windows Vista, Windows 7 and Windows 8. As soon as the CryptoWall Ransomware infects a computer, the CryptoWall Ransomware uses the RSA2048 encryption to encrypt crucial files. Effectively, the CryptoWall Ransomware prevents computer users from accessing their data, which will be encrypted and out of reach. The CryptoWall Ransomware claims that it is necessary to pay $500 USD to recover the encrypted...

Posted on May 12, 2014 in Ransomware

CryptoLocker Ransomware

Screenshot

The CryptoLocker Trojan is a ransomware infection that encrypts the victim's files. CryptoLocker may typically be installed by another threat such as a Trojan downloader or a worm. Once CryptoLocker is installed, CryptoLocker will search for sensitive files on the victim's computer and encrypt them. Essentially, CryptoLocker takes the infected computer hostage by preventing access to any of the computer user's files. CryptoLocker then demands payment of a ransom to decrypt the infected files. CryptoLocker is quite harmful, and ESG security analysts strongly advise computer users to use an efficient, proven and updated anti-malware program to protect their computer from these types of...

Posted on September 11, 2013 in Ransomware

MyStart by Incredibar

Screenshot

MyStart is a browser hijacker that uses the MyStart by Incredibar toolbar and a browser hijacking component that forces its victims to visit the MyStart.Incredibar.com website. This website is a low-quality search engine that displays more advertisements than legitimate results. Even worse, several of MyStart's search results may lead computer users to websites containing malicious content. Although MyStart actually provides a supposed tool to remove this component from the victim's web browser, ESG security researchers recommend disregarding this component and instead removing MyStart with the help of a reputable anti-malware utility. MyStart can refer to both the low-quality...

Posted on July 31, 2012 in Adware

FBI Moneypak Ransomware

Screenshot

ESG security researchers have received reports of a ransomware infection, known as the FBI Moneypak ransomware, that targets computer users in the United States. The FBI Moneypak ransomware infection will claim that the victim's computer was involved in viewing child pornography and then demands payment of a 100 dollar 'fine' to be sent via MoneyPack. Of course, that a criminal charge as serious as child pornography would be punished with a mere 100 dollar fine is laughable. There is a reason for this, the FBI Moneypak ransomware is not really from the FBI. Rather, this message is actually part of a common malware scam. The FBI Moneypak ransomware scam will use a Winlocker, that is,...

Posted on June 25, 2012 in Ransomware

Live Security Platinum

Screenshot

Live Security Platinum is one of the many fake security programs in the WinWebSec family of malware. Although ESG security researchers have been following the family of malware for several years, Live Security Platinum is a relatively new variant first detected in 2012. Because of this, it is pivotal to ensure that your security software is fully updated. Like most fake security programs, Live Security Platinum is designed to induce PC users to purchase a worthless 'full version' of Live Security Platinum. To do this, Live Security Platinum will try to scare the computer user with a variety of fake error messages, pop-up alerts from the Taskbar and a convincing fake scan of the...

Posted on June 1, 2012 in Rogue Anti-Spyware Program

DNS Changer

Screenshot

DNS Changer is a Trojan that is designed to force a computer system to use rogue DNS servers. Also, DNS Changer is being referred to as the Internet Doomsday Virus, Ghost Click Malware, DNS Changer Rootkit, DNS Changer Malware, DNS Changer Trojan, DNS Changer Virus, FBI DNS Changer or DNSChanger. A DNS Changer infection will typically have two steps, in order to reroute the infected computer’s traffic to these malicious DNS servers: A DNS Changer malware infection will change the infected computer system’s settings, in order to replace the DNS servers to rogue DNS servers belonging to hackers or online criminals. The DNS Changer malware infection will then try to...

Posted on November 25, 2011 in Trojans

NewsCrawler.com

NewsCrawler.com is the official page for the NewzCrawler program that is promoted as an RSS-feed reader for Microsoft's Internet Explorer. As you may know, Internet Explorer does not come with an RSS-reader and many users that like to keep up with articles from Nytimes.com and Bbc.com may e willing to install NewsCrawler. Windows users that favor IE above Google Chrome and Mozilla Firefox can visit www.newzcrawler.com/download.shtml and download the NewsCrawler program. Keep in mind that NewsCrawler is compatible with Microsoft Internet Explorer 7 and later versions. Additionally, NewsCrawler may change your homepage to NewsCrawler.com and your default search aggregator to Search.newscrawler.com. We should note that if you are interested in using NewsCrawler by ADC Software, you will be required to use Search.newscrawler.com as your primary search provider. Google and Yahoo will be...

Posted on August 23, 2016 in Possibly Unwanted Program

Trojan.Agent.DEC

The Trojan.Agent.DEC notification is utilized by anti-malware software to inform the users of a Trojan-Downloader on their PCs. Threats like the Trojan.Agent.DEC are favored by threat developers for their versatility and ability to drop other threats on the targeted computer. An infamous member of the Trojan dropper family of threatening applications is Win32.Viking.JJ that is used for corporate espionage. Therefore, you should not underestimate Trojan.Agent.DEC and overlook security alerts that mention it. The Trojan.Agent.DEC malware can be delivered to users as a fake software update so that the user does not suspect suspicious activity when a binary is downloaded from a remote server. Needless to say, users that are willing to risk installing pirated games might be presented with the payload of the Trojan.Agent.DEC. The Trojan.Agent.DEC program is a Trojan, and it may install...

Posted on August 23, 2016 in Trojans

The Federal Trade Commission Plans Panel Discussion on Ransomware to Recommend Solutions

Ransomware has captivated many facets of the computer security world and has emerged as being one of the most dangerous types of malware that we face over the Internet. Ransomware has grown to be the dominating malware so much that it has gained the undivided attention of many government entities, including the Federal Trade Commission (FTC). To address the proliferation of ransomware, the FTC is making plans to host several panel discussions to highlight the seriousness and crime syndicates that have come out of the endurance of ransomware in the past couple of years. The event, set for September 7, 2016, was announced earlier this year and has recently been listed to include several government officials and business representatives from companies like Symantec to discuss the extremely dangerous outlook of ransomware. Expected to be part of a three-panel discussion, the...

Posted on August 23, 2016 in Computer Security

Alma Locker Ransomware

The Alma Locker Ransomware is spread among users by using corrupted links predominantly. These links can be embedded into spam messages and compromised pages. The team behind the Alma Locker Ransomware is known to rely on the RIG Exploit Kit to maximize the spread of their product. The researcher Darien Huss discovered the Alma Locker cryptomalware, and you should stick to the tried and true practice of ignoring spam email if you do not want to install the Alma Locker Ransomware or similar threats. Computer users that have the misfortune to launch the Alma Locker Ransomware will be required to pay 1 Bitcoin, which is $580 if they want their data back. The Alma Locker Ransomware uses TOR-based 'Command and Control' servers to store the encryption key and upload the private decryption key. The Alma Locker Ransomware is very similar to Locky and CTB-Locker in that regard....

Posted on August 23, 2016 in Ransomware

Trojan-Proxy.PowerShell

The Trojan-Proxy.PowerShell malware is a Banking Trojan that is designed to change the system's proxy configuration and reroute the PCs Web traffic to a proxy server that is monitored. What makes the Trojan-Proxy.PowerShell malware special is that it does not install additional proxy configurations and is hard to detect. Banking Trojans like Bunitu and Proxybox are programmed to drop corrupted PAC (Proxy Auto-Config) files to redirect the Internet requests on the infected OS. That is not how the Trojan-Proxy.PowerShell malware works. The Trojan-Proxy.PowerShell corrupted executable takes advantage of a Microsoft-licensed utility inside Windows to bypass detection and facilitate its activity. As its name suggests, the Trojan-Proxy.PowerShell uses the PowerShell automation service that is introduced with Windows 7, 8, 8.1 and 10. The PowerShell module is almost identical to CMD...

Posted on August 23, 2016 in Ransomware

Mystartpage1.ru

The Mystartpage1.ru domain does not have a publicly known owner and is related to several instances of browser hijacking. The Mystartpage1.ru domain hosts a Web application named 'Free Avatar Maker' that allows users to crop images in the JPG, GIF, and PNG format to a size that is suitable for setting up as a profile picture. The 'Free Avatar Maker' app on Mystartpage1.ru does not require subscription or payment because it is supported by advertisements and affiliate network. Computer users that install freeware frequently may stumble upon programs that may change the user's homepage and search provider to Mystartpage1.ru/i/startm.html. The ad revenue from Web traffic at Mystartpage1.ru/i/startm.html and Mystartpage1.ru allows users to benefit from the 'Free Avatar Maker' app for free. Unfortunately, some programs might hijack your Internet browser and redirect users to resources...

Posted on August 22, 2016 in Browser Hijackers

‘Windows Activation Error Code: 0x44578’ Lock Screen

The 'Windows Activation Error Code: 0x44578' lock screen may appear on PCs that are infected with badware associated with fake technical support services. Security experts reveal that the 'Windows Activation Error Code: 0x44578' lock screen is generated by a program that is designed to prevent users from accessing files on their hard drives. The purpose of the 'Windows Activation Error Code: 0x44578' program is to convince users that their Windows OSes are not legitimate and their key needs to be renewed. Applications such as these may run in portable mode, and the chances are that it will not appear in the 'Control Panel.' The badware at hand is distributed to users via links to unsigned executable hosted on file sharing platforms like Google Drive, Dropbox and MediaFire. Users that are already infected with adware like DealGrabbers and FocusBase may see advertisements that...

Posted on August 22, 2016 in Browser Hijackers

DetoxCrypto Ransomware

The DetoxCrypto Ransomware was discovered by Marc Rivero López, a security investigator. He reveals that the DetoxCrypto Ransomware is almost identical to the Pokemon GO Ransomware . However, the DetoxCrypto Ransomware features a slightly different ransomware message that portraits a sad Pikachu instead of the happy Pikachu we have seen earlier. The DetoxCrypto Ransomware functions as you would expect from an Encryption Trojan and uses AES and RSA ciphers to lock the victim's data. The makers of the DetoxCrypto Ransomware transitioned into using dynamically-generated encryption keys as opposed to the static key strategy we have seen in Power Worm Ransomware . The payload of the DetoxCrypto Ransomware is deployed via a spam campaign that may feature logos from Facebook, Twitter, Instagram, Amazon, and PayPal to trick users into downloading a corrupted file. The dropper for the...

Posted on August 22, 2016 in Ransomware

Thraflabe-rs.ru

Thraflabe-rs.ru is a website that is closely related to a browser hijacker that, once inside your computer, may lead you to shady and unsafe sites on the Web. The browser hijacker linked to Thraflabe-rs.ru may alter your browser settings automatically. Thraflabe-rs.ru may collect non-personal information such as visited sites, IP address, search queries, and more. The collected information may be transmitted to third parties that may use it for marketing purposes. Besides profiting from the advertisements Thraflabe-rs.ru may display on your machine, it also can be paid by the forced redirections to its partner websites. These redirections may pose a security risk since you can't be sure if the site you are visiting is safe or it can take advantage of your visit to install adware, Possibly Unwanted Programs (PUPs)O and even threats. To avoid the entrance of programs that may not...

Posted on August 19, 2016 in Browser Hijackers

Hprewriter2

When online shopping you may be offered to install a program named HPREWRITER2, which promises to find the best prices and coupons for the merchandising or service you are looking for. HPREWRITER2 features may sound interesting and useful. However, HPREWRITER2 may install an unwanted browser plugin to your favored Web browser automatically, no matter if it is Google Chrome, Opera, Internet Explorer or Mozilla Firefox. The main function of HPREWRITER2 is to display a flood of advertisements that besides been annoying, may disrupt the tasks you are trying to accomplish on your computer. These advertisements that may appear as coupons, pop-ups or banners may cover the Web pages you want to visit preventing you from viewing what you need. Besides, they may try to convince you to purchase a fake security program, install bogus updates and access unsafe content so that they can earn...

Posted on August 19, 2016 in Adware

Traffic-media.co

If an application named Trafficmedia.co appears on your computer, you should be on guard, because Trafficmedia.co is associated with a browser hijacker that may create some unwanted and irritating problems on the Web browser you are using, no matter if it is Internet Explorer, Mozilla Firefox or Google Chrome. It wasn't you that allowed the entrance of this program on your computer willingly; Trafficmedia.co may have had access to your machine through a questionable method called 'bundling', that is when the user installs a free program without paying attention to details, and this program has additional applications that will be installed automatically, unless the computer user unchecks a box that allows its installation. Trafficmedia.co may change your default settings and disable your firewall. Trafficmedia.co also may display fake alerts and advertisements, collect your...

Posted on August 19, 2016 in Browser Hijackers

DPower

Computer users that like to keep their machines well protected by security applications may be shocked by a large amount of advertisements displayed by an adware-laced program called DPower. Adware-laced programs such as DPower may enter a computer bundled with freeware. DPower is considered as adware due to the various issues it can bring to an affected computer. These issues may include a decreased performance of the machine, browsing details been monitored, redirections to corrupted websites and more. The adware behind DPower may cause the appearance of disturbing and unwanted advertisements that will cover any visited Web page. Dpower also may monitor the computer users browsing actions and collect information that may be used by third parties for marketing purposes. Also, by clicking on the advertisements displayed by Dpower, the computer user may be directed to websites with...

Posted on August 19, 2016 in Adware

360,000 Twitter Accounts Suspended for Having Ties to Terrorists

There is no doubt that a perpetual fear of terrorism is thriving in the United States, as it is around the world. On the front of cybersecurity, social networks like Twitter are taking a giant leap to curtail terrorist activity and communications by suspending 360,000 accounts that have terrorist ties . While this year"s presidential election cycle has stirred the concern for future terrorist activity in America and around the world, Twitter has responded by purging hundreds of thousands of Twitter accounts that they consider to have ties to terrorist or appear to have terrorist activity. The world as we know it has witnessed horrendous terrorist attacks and Twitter has made it known in recent blog posts that they strongly condemn such acts. Besides, Twitter has made it clear that they remain committed to eliminating the promotion of violence and terrorism on their platform....

Posted on August 19, 2016 in Computer Security

FSociety Ransomware

The FSociety Ransomware is not a fictional threat from the Mr.Robot TV series but an Encryption Trojan that uses the symbol of the FSociety. The researcher Michael Gillespie discovered the FSociety Ransomware, and that it uses the open source EDA2 encryption algorithm to facilitate the encoding process. The samples analyzed by Michael Gillespie show that the FSociety Ransomware can encrypt videos, music, images, text documents, spreadsheets and presentations. However, the FSociety Ransomware targets test folders on the Windows OS and does not include a ransom note at the time of writing this article. The FSociety Ransomware may be in early stages of development, but it can be packed as RAR, ZIP, DOCX, and PDF file that victims can launch with a single click. The FSociety Ransomware may be spread among users via a spam campaign, and you need to avoid the download of files sent by...

Posted on August 19, 2016 in Ransomware

Searchz.online

The Searchz.online site hosts a dubious search service that does not appear to work as you may expect. The search provider at Searchz.online does not show results no matter what you enter and there is no reason why Web surfers would want to visit Searchz.online. However, users that are infected with a browser hijacker may be redirected to Searchz.online whenever they enter keywords in the Omnibox in Google Chrome, the search bar in Mozilla Firefox and open a new tab page in Internet Explorer. The Searchz.online site is not trusted, and most Web filters like Websense are likely to block content on Searchz.online. The Searchz.online site is hosted on the 107.180.27.158 IP address used for another browser hijacker linked to Asearch.online . Computer users are advised against downloading apps from Searchz.online. Security scanners are known to flag binaries from Searchz.online as...

Posted on August 19, 2016 in Browser Hijackers
1 2 3 4 5 6 7 8 9 10 11 1,079