Track Global Malware Trends
View the trending of malware based on the 'detection count' reports of threats found in infected PCs and volume levels which reflect malware infection rates. For real-time data on malware outbreaks worldwide, visit MalwareTracker.

Top Security News

Top 20 Countries Found to Have the Most Cybercrime
Have you ever wondered which countries face the most cybercrime? If you have ever wondered which countries have the most cybercrime, then you may be surprised to know that there are few contributing factors that attract cybercriminals to specific regions of the world. Security research firm,...
Gmail Filter Virus Attacks Gmail Users Turning Them Into Spammers
A new vulnerability within the Gmail email account system, called Gmail Filter Virus, is currently affecting some Gmail users taking control of their account turning it into a virtual spam proxy. Many Gmail account users will utilize the 'filters' feature for various automation functions in...
Crafty Scammers Offer a Fake Survey Bypassing Script That is Really a Survey Scam Campaign in Disguise
Just when you think that you have heard about some of the most clever scams online, cybercrooks amaze us all again as they introduce their very own solution to online survey scams. The people responsible for survey scams are not only still tricking computer users through the use of their annoying...

More Articles

LaSuperba

LaSuperba may be associated with numerous problems that may be caused by PUPs (Potentially Unwanted Programs). LaSuperba may interrupt the computer users' activities when browsing the Web and cause performance problems on affected Web browsers. LaSuperba is linked to an adware that may affect most commonly used Web browsers on the Windows operating system, including Internet Explorer, Mozilla Firefox and Google Chrome. LaSuperba advertisements may take the form of irritating pop-up messages that make it very difficult to use the affected Web browser. In most cases, removing adware associated with LaSuperba will stop LaSuperba advertisements from appearing on affected Web browsers. However, most adware infections do not come alone; the presence of one adware component may indicate the presence of others, all of which may be connected with LaSuperba and similar unwanted content....

Posted on August 31, 2015 in Adware

VirLock Ransomware

Screenshot

The VirLock Ransomware is a ransomware Trojan that takes computers hostage and then demands payment from the computer users using BitCoin, a crypto-currency that is known for permitting anonymous online payments. The VirLock Ransomware will threaten computer users, claiming that the VirLock Ransomware has found pirated software on the infected computer and threatening to report the victim to the authorities unless the fine is paid. These claims have no basis. The VirLock Ransomware cannot check your computer for pirated software or alert the authorities. Rather, the VirLock Ransomware is engineered to lock down your computer and prevent access to your files. If the VirLock Ransomware...

Posted on December 10, 2014 in Ransomware

CryptoWall Ransomware

Screenshot

The CryptoWall Ransomware is a ransomware Trojan that carries the same strategy as a number of other encryption ransomware infections such as Cryptorbit Ransomware or CryptoLocker Ransomware . The CryptoWall Ransomware is designed to infect all versions of Windows, including Windows XP, Windows Vista, Windows 7 and Windows 8. As soon as the CryptoWall Ransomware infects a computer, the CryptoWall Ransomware uses the RSA2048 encryption to encrypt crucial files. Effectively, the CryptoWall Ransomware prevents computer users from accessing their data, which will be encrypted and out of reach. The CryptoWall Ransomware claims that it is necessary to pay $500 USD to recover the encrypted...

Posted on May 12, 2014 in Ransomware

CryptoLocker Ransomware

Screenshot

The CryptoLocker Trojan is a ransomware infection that encrypts the victim's files. CryptoLocker may typically be installed by another threat such as a Trojan downloader or a worm. Once CryptoLocker is installed, CryptoLocker will search for sensitive files on the victim's computer and encrypt them. Essentially, CryptoLocker takes the infected computer hostage by preventing access to any of the computer user's files. CryptoLocker then demands payment of a ransom to decrypt the infected files. CryptoLocker is quite harmful, and ESG security analysts strongly advise computer users to use an efficient, proven and updated anti-malware program to protect their computer from these types of...

Posted on September 11, 2013 in Ransomware

MyStart by Incredibar

Screenshot

MyStart is a browser hijacker that uses the MyStart by Incredibar toolbar and a browser hijacking component that forces its victims to visit the MyStart.Incredibar.com website. This website is a low-quality search engine that displays more advertisements than legitimate results. Even worse, several of MyStart's search results may lead computer users to websites containing malicious content. Although MyStart actually provides a supposed tool to remove this component from the victim's web browser, ESG security researchers recommend disregarding this component and instead removing MyStart with the help of a reputable anti-malware utility. MyStart can refer to both the low-quality...

Posted on July 31, 2012 in Adware

FBI Moneypak Ransomware

Screenshot

ESG security researchers have received reports of a ransomware infection, known as the FBI Moneypak ransomware, that targets computer users in the United States. The FBI Moneypak ransomware infection will claim that the victim's computer was involved in viewing child pornography and then demands payment of a 100 dollar 'fine' to be sent via MoneyPack. Of course, that a criminal charge as serious as child pornography would be punished with a mere 100 dollar fine is laughable. There is a reason for this, the FBI Moneypak ransomware is not really from the FBI. Rather, this message is actually part of a common malware scam. The FBI Moneypak ransomware scam will use a Winlocker, that is,...

Posted on June 25, 2012 in Ransomware

Live Security Platinum

Screenshot

Live Security Platinum is one of the many fake security programs in the WinWebSec family of malware. Although ESG security researchers have been following the family of malware for several years, Live Security Platinum is a relatively new variant first detected in 2012. Because of this, it is pivotal to ensure that your security software is fully updated. Like most fake security programs, Live Security Platinum is designed to induce PC users to purchase a worthless 'full version' of Live Security Platinum. To do this, Live Security Platinum will try to scare the computer user with a variety of fake error messages, pop-up alerts from the Taskbar and a convincing fake scan of the...

Posted on June 1, 2012 in Rogue Anti-Spyware Program

DNS Changer

Screenshot

DNS Changer is a Trojan that is designed to force a computer system to use rogue DNS servers. Also, DNS Changer is being referred to as the Internet Doomsday Virus, Ghost Click Malware, DNS Changer Rootkit, DNS Changer Malware, DNS Changer Trojan, DNS Changer Virus, FBI DNS Changer or DNSChanger. A DNS Changer infection will typically have two steps, in order to reroute the infected computer’s traffic to these malicious DNS servers: A DNS Changer malware infection will change the infected computer system’s settings, in order to replace the DNS servers to rogue DNS servers belonging to hackers or online criminals. The DNS Changer malware infection will then try to...

Posted on November 25, 2011 in Trojans

TopSecurityTab

Some computer users have moved their attention to advertisements and popups called TopSecurityTab, which is part of an adware threat that is inclined to display random ads to potentially interrupt normal use of a computer. TopSecurityTab ads are associated with the company Imali Ltd, which may be known for other browser hijackers or advertisements applications. TopSecurityTab may attempt to offer computer users with other methods of surfing the web securely. The features of TopSecurityTab may prove to be unwanted for some computer users. Use of the TopSecurityTab ads may cause unwanted redirects to load sites that have questionable content. TopSecurityTab is made up of web browser plugins or add-on components. Most times, TopSecurityTab components will load as a result of installing freeware programs or 3rd party applications. Reversing the effects of TopSecurityTab may require the...

Posted on August 29, 2016 in Adware

Domino Ransomware

Software pirates are the primary target of the Domino Ransomware, which is delivered to users bundled with an illegal Activator for the Microsoft Windows and Microsoft Office Suite. The Domino Ransomware is known to travel with the KMSPico software that is actively developed by coders who specialize in cracking the protection for Microsoft Office suites and Windows OS. The installer for the Domino Ransomware will deliver a working KMSpico program and an encryption Trojan to the PC of any user who does not want to pay for shareware. The Domino Ransomware is based on the HiddenTear open-source encryption project that was released in 2015. The Domino Ransomware is programmed to use the AES-1024 cipher to encode the victim's data on all connected drives including USB drives and MP3 players. The Domino Ransomware will not encrypt data inside: Windows directory Program Files /...

Posted on August 29, 2016 in Ransomware

‘Legioner_seven@aol.com’ Ransomware

The 'Legioner_seven@aol.com' Ransomware is an encryption Trojan that is a customized build of the Crysis Ransomware . The new variant 'Legioner_seven@aol.com' Ransomware is named after the email it instructs victims to use for negotiations. The operators of the 'Legioner_seven@aol.com' Ransomware are known to ask for a ransom that is in the range of 1 to 2 Bitcoins. Most ransomware demands from $570 to $1150 to release a decryptor for the victim and the 'Legioner_seven@aol.com' Ransomware is not an exception. The 'Legioner_seven@aol.com' Ransomware is a standard cryptomalware that you can encounter in spam email. The spam email loaded with the 'Legioner_seven@aol.com' Ransomware may appear as messages from your health insurance company, the judicial system and friends on Facebook. That type of spam may be opened by users that tend to open emails from unknown senders. Experts...

Posted on August 29, 2016 in Ransomware

‘Space_rangers@aol.com’ Ransomware

The 'Space_rangers@aol.com' Ransomware is another clone of the Crysis Ransomware that uses a new payment portal and email address for contact with its victims. ESG researchers note that the 'Space_rangers@aol.com' Ransomware is optimized for 32-bit Windows 7 systems and can run on 64-bit architectures and Windows 10 as well. The payload of the 'Space_rangers@aol.com' Ransomware may be propagated via spam mail. The threat-dropper for the 'Space_rangers@aol.com' Ransomware may appear as a DOCX, DOC, PDF, and XLSX file that is supposed to contain a court order, payment notification, invoice and photos from your friends on social media. PC users are advised to avoid files and links provided from unknown and untrusted sources if they wish to avoid the 'Space_rangers@aol.com' Ransomware. The 'Space_rangers@aol.com' Ransomware features anti-debugging and obfuscation capabilities that...

Posted on August 29, 2016 in Ransomware

‘888-980-3085’ Pop-Ups

The '888-980-3085' pop-up messages should not be trusted even if they include logos and emblems associated with the Microsoft Corp. The '888-980-3085' pop-up messages are not related to legitimate services from Microsoft. The '888-980-3085' notifications are designed to direct users to call fake technical support agents on the 888-980-3085 phone line. The con artists operating the 888-980-3085 phone line may make allegations that the user has pirated software and threats on their PCs, which need to be removed. Computer users that experience the '888-980-3085' pop-up windows may be infected with adware that is designed to show ads and redirect users. Also, the '888-980-3085' pop-ups may appear on compromised pages that host foreign code. The '888-980-3085' pop-ups are not a sign of a security breach. Your browser may freeze and show the following alert: 'BSOD: dllRegisterSetting...

Posted on August 29, 2016 in Adware

‘Seven_legion@aol.com’ Ransomware

Seven_legion@aol.com Ransomware is extremely dangerous malware that has been found to conduct file encryption actions to hold an infected PC for a substantial ransom fee. Those who have been victimized by Seven_legion@aol.com Ransomware will notice a notification that warns them of their computer having its files encrypted and then suggested to contact the Seven_legion@aol.com email address to make arrangements for a ransom payment, which is alleged as being a means of obtaining a decryption key to decrypt the encrypted files. Computer users who utilize the Seven_legion@aol.com Ransomware’s provided email address may receive instructions on how to may their payment, which is commonly demanded to be in Bitcoin as to avoid tracking the transaction. The unfortunate part of Seven_legion@aol.com Ransomware is that some computer users may not receive a proper decryption key after paying...

Posted on August 29, 2016 in Ransomware

‘Siddhiup2@india.com’ Ransomware

The cryptomalware theater is rich with variants of the Crysis Ransomware, and the 'Siddhiup2@india.com' Ransomware is another attempt of cyber-extortionists at earning easy money. The 'Siddhiup2@india.com' Ransomware is built on the CrySIS malware engine and uses a custom suffix to flag file that it have encrypted successfully. The 'Siddhiup2@india.com' Ransomware is using the AE-128 cipher to lock data on infected machines. Users are compromised via a corrupted executable attached to spam email. In most cases, the spam loaded with the 'Siddhiup2@india.com' Ransomware is related to new features on Facebook, Twitter, and notifications from online stores like Amazon and eBay. Researchers reveal that the 'Siddhiup2@india.com' Ransomware might mask its operations and run as a Java Updater, Flash Updater, and a program with a random name that lacks a description and a valid digital...

Posted on August 27, 2016 in Ransomware

‘Cyber Security Warning’ Scam Message

The 'Cyber Security Warning' scam message can appear on your screen when you are infected with adware and click on corrupted links. Adware may have entered your CP with a free software bundle that you installed with the 'Express' and 'Typical' option. The 'Cyber Security Warning' scam message is used by fake technical support companies to scare users and attempt to convince them that they have committed a cyber crime. The 'Cyber Security Warning' screen is known to feature the following text: 'YOUR COMPUTER HAS BEEN LOCKED! Your computer has been locked due to violation of the cyber security Act of 2016 (SCA 2016, A. 2077) of the United States Of America. Your IP address was used to visit websites containing Virus, Malware, Trojan and Key Logger. Your computer also contains files that have infected with a virus. Spam-messages which contains virus were also sent from your...

Posted on August 26, 2016 in Adware

‘Hacking Alert’ Pop-Ups

The 'Hacking Alert' is hosted on untrusted pages and may be displayed on your screen if you are infected with adware like Dealsfinder and Everysale . Online shops and sites with inadequate security may feature ads and in-text hyperlinks that bring up the 'Hacking Alert' pop-ups as well. Security investigators note that the 'Hacking Alert' pop-up messages should not be trusted because they provide misleading information to cause distress and direct the user to call numbers like 800-098-8383. Con artists operate the phone lines listed on the 'Hacking Alert' pop-ups. They are trained to use utilities and error reports in Windows to fool the user into thinking that the OS is infected. The con artists may enter commands in CMD and play GIF animations on the potential victim's PC to simulate a virus infection. You should not call numbers provided on the 'Hacking Alert' pop-ups if you...

Posted on August 26, 2016 in Browser Hijackers

‘Savepanda@india.com’ Ransomware

The Savepanda@india.com Ransomware is not the dark project of eco-terrorists that want to save as many pandas as possible by using Ransomware to collect 'donations to the cause.' The Savepanda@india.com Ransomware is used by cyber extortionists to gather ransom from users that have their data locked and wish to restore it. The Savepanda@india.com Ransomware is not an original encryption Trojan; it is built on the Crysis Ransomware engine and is spread among users via traditional means like spam email and corrupted links. Experts reveal that the Savepanda@india.com Ransomware is compatible with the latest version of Windows and targets a broad range of data containers. The Savepanda@india.com Ransomware uses the AES-128 cipher to lock the user's data and appends a custom file extension to altered objects. The Savepanda@india.com Ransomware scans for targets on connected drives and...

Posted on August 26, 2016 in Ransomware

Malevich Ransomware

The Malevich Ransomware is named after the black screen it uses to notify the user of its presence. However, when the Malevich Ransomware changes your desktop wallpaper, it is too late to save your data. The desktop wallpaper at hand serves as a manifesto for the Malevich Ransomware by pointing the user to check for the ransom note on the PC. Researchers report that the Malevich Ransomware is a custom build of the Crysis Ransomware , and it may be deployed to users via spam emails that look like invoices and links to photos on Facebook and Instagram by your friends. The Malevich Ransomware is nearly identical to the Radxlove7@india.com Ransomware , and the Grand_car@aol.com Ransomware ,. The Malevich Ransomware targets the following file formats: .odc, .odm, .odp, .ods, .odt, .docm, .docx, .doc, .odb, .mp4, sql, .7z, .m4a, .rar, .wma, .gdb, .tax, .pkpass, .bc6, .bc7, .avi,...

Posted on August 26, 2016 in Ransomware

‘Ramachandra7@india.com’ Ransomware

The Ramachandra7@india.com Ransomware is another adaptation of the Crysis Ransomware to the modern anti-virus defenses that is designed to extort users for money. The Ramachandra7@india.com Ransomware is an Encryption Trojan that you may encounter in spam email and at untrusted pages. The Ramachandra7@india.com Ransomware is aimed at users that do not update their systems regularly and do not follow sound cyber security policies. The Ramachandra7@india.com Ransomware is very similar to the Vegclass Ransomware and the Veracrypt Ransomware since they are running on the same engine. The Ramachandra7@india.com Ransomware is programmed to use the AES-128 encryption method to lock files on your drives and drop a ransom note. The Ramachandra7@india.com Ransomware is known to target the following data containers: .odc, .odm, .odp, .ods, .odt, .docm, .docx, .doc, .odb, .mp4, sql,...

Posted on August 26, 2016 in Ransomware

Fantom Ransomware

The Fantom Ransomware is a rather intriguing cryptomalware that makes an extra effort to hide its activity with a fake update screen. The Fantom Ransomware may be delivered to users via compromised RDP (Remote Desktop Protocol) connections and spam mail. What makes the Fantom Ransomware stand out is that it is using signed executable like WindowsUpdate.exe and WinUpdSvc.exe to run undetected. Additionally, the Fantom Ransomware will use the native Windows message service to bring up an alert that the user needs to install a critical update for Windows. Users that open a file attached to spam and are presented with a critical update after that immediately are likely to have executed the Fantom Ransomware. The fake Windows update screen by Fantom Ransomware will act as a diversion and occupy the user's attention with a slowly moving progress bar. Meanwhile, the Fantom cryptomalware...

Posted on August 26, 2016 in Ransomware

Leslie Jones’ Official Site Hacked, Exposing Private Docs and Nude Photos

There is no question as to the Internet being a cruel world. Computer hackers and cybercrooks are constantly on the hunt to steal your information or make you the next victim of an online crime in some shape or form. In recent unfortunate events on the Internet, actress and comedian Leslie Jones's official website was hacked to display her private documents and nude photographs of her. After discovering the hacking incident, Jones' official site, justleslie.com, was taken down and redirected to a parked 404 page. Leslie Jones is known for her tall-statured presence on the big screen and featured in the new Ghostbusters movie. She has a rather large following on social media in addition to her fan base surrounding her many TV and movie appearances. The recent hack on Jones' website has resulted in frustration from the shocking racism and sexism against her as an...

Posted on August 25, 2016 in Computer Security

‘Systemdown@india.com’ Ransomware

The 'Systemdown@india.com' Ransomware belongs to a large family of ransomware Trojans that are all variants of Crysis, a ransomware Trojan first observed in March of 2016. The 'Systemdown@india.com' Ransomware was first spotted in the wild in August of 2016. The 'Systemdown@india.com' Ransomware's attack is typical of these kinds of threats. The 'Systemdown@india.com' Ransomware may be installed on the victim's computer in a number of different ways. Once installed, the 'Systemdown@india.com' Ransomware encrypts the victim's files using a strong encryption algorithm. The 'Systemdown@india.com' Ransomware then demands that the victim pays large amounts of money to recover access to the infected files. One of the reasons why ransomware Trojans like the 'Systemdown@india.com' Ransomware are so effective is that, even if they are removed with a reliable security program, the files will...

Posted on August 25, 2016 in Ransomware
1 2 3 4 5 6 7 8 9 10 11 1,081