Track Global Malware Trends
View the trending of malware based on the 'detection count' reports of threats found in infected PCs and volume levels which reflect malware infection rates. For real-time data on malware outbreaks worldwide, visit MalwareTracker.

Top Security News

Top 20 Countries Found to Have the Most Cybercrime
Have you ever wondered which countries face the most cybercrime? If you have ever wondered which countries have the most cybercrime, then you may be surprised to know that there are few contributing factors that attract cybercriminals to specific regions of the world. Security research firm,...
Gmail Filter Virus Attacks Gmail Users Turning Them Into Spammers
A new vulnerability within the Gmail email account system, called Gmail Filter Virus, is currently affecting some Gmail users taking control of their account turning it into a virtual spam proxy. Many Gmail account users will utilize the 'filters' feature for various automation functions in...
Crafty Scammers Offer a Fake Survey Bypassing Script That is Really a Survey Scam Campaign in Disguise
Just when you think that you have heard about some of the most clever scams online, cybercrooks amaze us all again as they introduce their very own solution to online survey scams. The people responsible for survey scams are not only still tricking computer users through the use of their annoying...

More Articles

LaSuperba

LaSuperba may be associated with numerous problems that may be caused by PUPs (Potentially Unwanted Programs). LaSuperba may interrupt the computer users' activities when browsing the Web and cause performance problems on affected Web browsers. LaSuperba is linked to an adware that may affect most commonly used Web browsers on the Windows operating system, including Internet Explorer, Mozilla Firefox and Google Chrome. LaSuperba advertisements may take the form of irritating pop-up messages that make it very difficult to use the affected Web browser. In most cases, removing adware associated with LaSuperba will stop LaSuperba advertisements from appearing on affected Web browsers. However, most adware infections do not come alone; the presence of one adware component may indicate the presence of others, all of which may be connected with LaSuperba and similar unwanted content....

Posted on August 31, 2015 in Adware

VirLock Ransomware

Screenshot

The VirLock Ransomware is a ransomware Trojan that takes computers hostage and then demands payment from the computer users using BitCoin, a crypto-currency that is known for permitting anonymous online payments. The VirLock Ransomware will threaten computer users, claiming that the VirLock Ransomware has found pirated software on the infected computer and threatening to report the victim to the authorities unless the fine is paid. These claims have no basis. The VirLock Ransomware cannot check your computer for pirated software or alert the authorities. Rather, the VirLock Ransomware is engineered to lock down your computer and prevent access to your files. If the VirLock Ransomware...

Posted on December 10, 2014 in Ransomware

CryptoWall Ransomware

Screenshot

The CryptoWall Ransomware is a ransomware Trojan that carries the same strategy as a number of other encryption ransomware infections such as Cryptorbit Ransomware or CryptoLocker Ransomware . The CryptoWall Ransomware is designed to infect all versions of Windows, including Windows XP, Windows Vista, Windows 7 and Windows 8. As soon as the CryptoWall Ransomware infects a computer, the CryptoWall Ransomware uses the RSA2048 encryption to encrypt crucial files. Effectively, the CryptoWall Ransomware prevents computer users from accessing their data, which will be encrypted and out of reach. The CryptoWall Ransomware claims that it is necessary to pay $500 USD to recover the encrypted...

Posted on May 12, 2014 in Ransomware

CryptoLocker Ransomware

Screenshot

The CryptoLocker Trojan is a ransomware infection that encrypts the victim's files. CryptoLocker may typically be installed by another threat such as a Trojan downloader or a worm. Once CryptoLocker is installed, CryptoLocker will search for sensitive files on the victim's computer and encrypt them. Essentially, CryptoLocker takes the infected computer hostage by preventing access to any of the computer user's files. CryptoLocker then demands payment of a ransom to decrypt the infected files. CryptoLocker is quite harmful, and ESG security analysts strongly advise computer users to use an efficient, proven and updated anti-malware program to protect their computer from these types of...

Posted on September 11, 2013 in Ransomware

MyStart by Incredibar

Screenshot

MyStart is a browser hijacker that uses the MyStart by Incredibar toolbar and a browser hijacking component that forces its victims to visit the MyStart.Incredibar.com website. This website is a low-quality search engine that displays more advertisements than legitimate results. Even worse, several of MyStart's search results may lead computer users to websites containing malicious content. Although MyStart actually provides a supposed tool to remove this component from the victim's web browser, ESG security researchers recommend disregarding this component and instead removing MyStart with the help of a reputable anti-malware utility. MyStart can refer to both the low-quality...

Posted on July 31, 2012 in Adware

FBI Moneypak Ransomware

Screenshot

ESG security researchers have received reports of a ransomware infection, known as the FBI Moneypak ransomware, that targets computer users in the United States. The FBI Moneypak ransomware infection will claim that the victim's computer was involved in viewing child pornography and then demands payment of a 100 dollar 'fine' to be sent via MoneyPack. Of course, that a criminal charge as serious as child pornography would be punished with a mere 100 dollar fine is laughable. There is a reason for this, the FBI Moneypak ransomware is not really from the FBI. Rather, this message is actually part of a common malware scam. The FBI Moneypak ransomware scam will use a Winlocker, that is,...

Posted on June 25, 2012 in Ransomware

Live Security Platinum

Screenshot

Live Security Platinum is one of the many fake security programs in the WinWebSec family of malware. Although ESG security researchers have been following the family of malware for several years, Live Security Platinum is a relatively new variant first detected in 2012. Because of this, it is pivotal to ensure that your security software is fully updated. Like most fake security programs, Live Security Platinum is designed to induce PC users to purchase a worthless 'full version' of Live Security Platinum. To do this, Live Security Platinum will try to scare the computer user with a variety of fake error messages, pop-up alerts from the Taskbar and a convincing fake scan of the...

Posted on June 1, 2012 in Rogue Anti-Spyware Program

DNS Changer

Screenshot

DNS Changer is a Trojan that is designed to force a computer system to use rogue DNS servers. Also, DNS Changer is being referred to as the Internet Doomsday Virus, Ghost Click Malware, DNS Changer Rootkit, DNS Changer Malware, DNS Changer Trojan, DNS Changer Virus, FBI DNS Changer or DNSChanger. A DNS Changer infection will typically have two steps, in order to reroute the infected computer’s traffic to these malicious DNS servers: A DNS Changer malware infection will change the infected computer system’s settings, in order to replace the DNS servers to rogue DNS servers belonging to hackers or online criminals. The DNS Changer malware infection will then try to...

Posted on November 25, 2011 in Trojans

‘Systemdown@india.com’ Ransomware

The Systemdown@india.com Ransomware is an Encryption Trojan that is a variant of the Crysis Ransomware . The Systemdown@india.com Ransomware is designed to work on server systems and prioritize the encryption of large databases followed by resources in HTML, DOCX, DOC, XLS, XLSX and PDF format. Most infections with the Systemdown@india.com Ransomware happened due to poorly configured server defenses and compromised RDP (Remote Desktop Protocol) connections. Additionally, the Systemdown@india.com Ransomware may be deployed to server admins as spam emails that offer updates to modules for the Windows Server franchise. The Systemdown@india.com Ransomware is known to be compatible with Windows Server 2016, Windows Server 2012 R2 and its earlier version from 2012. The Systemdown@india.com Ransomware uses the AES-128 encryption algorithm to lock the data on the infected machine. Some...

Posted on August 25, 2016 in Ransomware

‘Makdonalds@india.com’ Ransomware

Many server administrators may be enraged if the Makdonalds@india.com Ransomware manages to encrypt data on their machines. The Makdonalds@india.com Ransomware may be pushed onto the system via compromising RDP (Remote Desktop Protocol) connections and account passwords. The Makdonalds@india.com Ransomware is part of the Ecovector family of Encryption Trojans that are used to extort money from companies and small business predominantly. The Makdonalds@india.com Ransomware uses a combination of RSA an AES ciphers to encode the data on the infected machine and drop the ransom note. The Makdonalds@india.com Ransomware is a very effective Encryption Trojan that features basic obfuscation. The coders behind the Makdonalds@india.com Ransomware made sure that their app will not damage the server infrastructure and it will lock data only. The Makdonalds@india.com Ransomware has a smart...

Posted on August 25, 2016 in Ransomware

Window Rates Manager

The Window Rates Manager program is deemed as a Potentially Unwanted Program (PUP) because it is known to hijack the Internet bandwidth and increase the load on the disk. Users report that the Window Rates Manager program uses up to 140MB of RAM and can freeze and crash their PCs occasionally. Security investigators looked into the Window Rates Manager and found out that it loads several modules into the kernel that are listed as WinRate.exe, WinRate_.exe, WinRateSync.exe and WinRateSync_.exe. Computer users may find the Window Rates Manager installed to: C:\Program Files (x86)\WinRate\ The Window Rates Manager is likely to download large cache files to: C:\Program Files (x86)\WinRate\cache The analysis of the network communications of the Window Rates Manager program leads us to believe that it is used for network computing and generating pay-per-click revenue off of...

Posted on August 25, 2016 in Possibly Unwanted Program

‘844-313-5529’ Pop-Ups

'1-844-313-5529' Pop-Ups (info: https://malwaretips.com/blogs/remove-cyber-security-warning-popups/) '1-844-313-5529' Pop-Ups are part of an adware application or scam that attempts to make computer users believe that their system is in need of service or repair. The '1-844-313-5529' Pop-Ups may explain a bogus situation where your porn was detected or you have been flagged for identity theft. Those who give into the message displayed by the '1-844-313-5529' Pop-Ups may dial and connect to the toll-free number it provides, which will connect you to a person who demands payment from you. Paying for the alleged issues that '1-844-313-5529' Pop-Ups relays on its notification is a bit mistake that may end up costing you a lot of money in the long run. '1-844-313-5529' Pop-Ups is part of an adware scam that should be detected and removed with the proper antimalware resources....

Posted on August 25, 2016 in Browser Hijackers

‘888-403-7927’ Pop-Ups

'1-888-403-7927' Pop-Ups are part of an adware scheme that may be intrusive as it displays at random when surfing the Internet. '1-888-403-7927' Pop-Ups may display when you are viewing certain web pages where it may offer a toll free service number for supposedly fixing computer issues that may have been detected on your computer. Computer users who utilize the '1-888-403-7927' Pop-Ups service by dialing the number may be connected to a person where a computer fix service is offered. Though, the service will demand that a payment be made for the service and potentially make up issues that they have detected on your computer. Moreover, '1-888-403-7927' Pop-Ups may cause performance issues with your web browser, which is more reason to remove '1-888-403-7927' Pop-Ups by using the proper antimalware resources to detect and eliminate all instances of the adware add-ons or components...

Posted on August 25, 2016 in Browser Hijackers

Everyday Manuals Toolbar

Everyday Manuals Toolbar is a questionable add-on component or browser extension that is known to offer quick functions for accessing manuals over the Internet. Additionally, Everyday Manuals Toolbar may be intrusive for some computer users as it is prone to loading sponsored links or advertisements upon using associated sites that it may cause to load. Much like other common add-on toolbars, Everyday Manuals Toolbar will take up space just below the menu bar of your web browser application. Everyday Manuals Toolbar may also display a search box, that if used, will query internet search results only to be surrounded with advertisements and sponsored links. While Everyday Manuals Toolbar is not immediately harmful to a PC, it may lead to loading of questionable sites that could distribute malicious files or applications. It is best that computer users utilize caution when using the...

Posted on August 25, 2016 in Possibly Unwanted Program

‘Sitaram108@india.com Ransomware’

Sitaram108@india.com Ransomware is a dangerous computer infection that utilizes file encryption to hold an infected computer for a ransom fee that may cost victimized computer users hundreds of dollars to restore and decrypt their files. Sitaram108@india.com Ransomware is known for displaying a notification that explains how files are being encrypted and computer users must address and email to the address of Sitaram108@india.com to make payment for the ransom to get a decryption key. Most times, Sitaram108@india.com Ransomware is spread through spam attachments that contain a ZIP file with malicious JavaScript code. Upon opening up such a file, Sitaram108@india.com Ransomware may then be installed and start running where it will immediately start encrypting files. Eliminating Sitaram108@india.com Ransomware may require the use of the proper antimalware tools to seek out all related...

Posted on August 25, 2016 in Ransomware

‘A_Princ@aol.com’ Ransomware

The A_princ@aol.com Ransomware is part of the ever- growing family of cryptomalware. The A_princ@aol.com Ransomware is an Encryption Trojan that is a customized version of the Ecovector Ransomware . The A_princ@aol.com Ransomware is built on the same engine as the Mahasaraswati Ransomware . The payload of the A_princ@aol.com Ransomware is spread among PC users by using spam bots and the RIG Exploit Kit . Users that work in human resources departments should be extra careful since most samples of the A_princ@aol.com Ransomware are packed as macro-enabled PDF and DOCX files that pretend to be CVs and job applications. Our analysis of the A_princ@aol.com Ransomware revealed that it can run as a process masked as a javaUpdate.exe on the infected PC. The A_princ@aol.com Ransomware is known to target the following data containers: .3GP, .7Z, .APK, .AVI, .BMP, .CDR, .CER, .CHM,...

Posted on August 25, 2016 in Ransomware

Globe Ransomware

The Globe Ransomware falls into the category of encryption Trojans that use a combination of AES and RSA ciphers to lock the user's data. The Globe Ransomware can lock data on SSD and HHD without administrative privileges. The Globe Ransomware is a variant of the Purge Ransomware that may avoid detection due to modified runtime parameters. Like its predecessor, the Globe Ransomware is spread among PC users via corrupted links and file attachments on spam email. The payload of the Globe Ransomware may be disguised as an RAR, ZIP, DOCX, and PDF file, and you should not open spam if you wish to avoid the Globe Ransomware. The Globe Ransomware is named after the custom desktop wallpaper it uses to notify users that their files are encrypted. The image represents a globe on a background of the default Windows Vista wallpaper. The wallpaper by the Globe Ransomware features the...

Posted on August 24, 2016 in Ransomware

Netutils Ads

We have received reports that a suspicious program named Netutils is traveling with freeware bundles and not appearing on the 'Control Panel' when installed. Its investigation revealed that the Netutils program exhibits the behavior of adware. Security experts recommend users to explore the 'Advanced' and 'Typical' option of installers to make sure they do not install the Netutils software. The Netutils adware is known to promote the PC Speed Up rogue anti-spyware program. The Netutils adware appears to serve as a proxy that redirects users to a page where they can download and buy a license for PC Speed Up. Computer users that are infected with the Netutils adware may notice netutils.exe running in the background by opening Windows Task Manager. The Netutils adware is designed to open new tab pages in your browser and switch the focus to a dialog box that says 'Your computer...

Posted on August 24, 2016 in Adware

Meldonii@india.com Ransomware

The Meldonii@india.com Ransomware is an Encryption Trojan that is built upon the same engine used for the Crysis Ransomware . The Meldonii@india.com Ransomware is using the .xtbl file extension but does not belong to the Troldesh family of cryptomalware. The Meldonii@india.com Ransomware is delivered to users via spam emails that may include documents that appear as invoices, payment notifications, and communique from media outlets. Objects that are encrypted by the Meldonii@india.com Ransomware may be represented by an icon that looks like a blank sheet of paper. PC users can move, copy and delete corrupted data but you will not have access to its content. The Meldonii@india.com Ransomware is programmed to target the following data containers: .odc, .odm, .odp, .ods, .odt, .docm, .docx, .doc, .odb, .mp4, sql, .7z, .m4a, .rar, .wma, .gdb, .tax, .pkpass, .bc6, .bc7, .avi,...

Posted on August 24, 2016 in Ransomware

Radxlove7@india.com Ransomware

The Radxlove7@india.com Ransomware is a member of the Troldesh family of cryptomalware that is designed to target server networks. Unlike regular Encryption Trojans like the Zepto Ransomware the Radxlove7@india.com Ransomware targets more data containers. Also, the Radxlove7@india.com Ransomware may block data on connected server systems. The Radxlove7@india.com Ransomware is capable of encrypting data on the latest versions of Windows Server. The Radxlove7@india.com Ransomware can render online stores and platforms inaccessible until payment is delivered. There are reports suggesting that the Radxlove7@india.com Ransomware is spread via remote desktop connections. Hackers may combine the processing power of botnets to launch brute force attacks on RDP (Remote Desktop Protocol) panels and gain access to the server. The Radxlove7@india.com Ransomware can begin the encryption...

Posted on August 24, 2016 in Ransomware

Grand_car@aol.com Ransomware

The Grand_car@aol.com Ransomware is another adaptation of the Crysis Ransomware designed to avoid detection by AV scanners and use an industry level cipher to lock the user's data. The Grand_car@aol.com cryptomalware uses the AES-128 encryption to deprive users of access to their data across connected drives. You can find the Grand_car@aol.com Ransomware attached to spam mail. In some cases, the Grand_car@aol.com Ransomware may be delivered to servers via brute force attacks on RDP (Remote Desktop Protocol) panels. We recommend users to avoid opening links and files from spam mail as well as use a secure password for their server account. Worst case scenario—the Grand_car@aol.com Ransomware will scan the compromised PC for the following file formats: .odc, .odm, .odp, .ods, .odt, .docm, .docx, .doc, .odb, .mp4, sql, .7z, .m4a, .rar, .wma, .gdb, .tax, .pkpass, .bc6, .bc7,...

Posted on August 24, 2016 in Ransomware

Veracrypt Ransomware

The Veracrypt Ransomware is another member of the Mahasaraswati Ransomware family of Ransomware. The Veracrypt Ransomware is built on the same engine used to create cryptomalware like Vegclass , Ecovector and Green_Ray . The Veracrypt Ransomware functions as an Encryption Trojan that is delivered to users as an executable via spam email. The threatening program at hand may use the icon of a PDF, DOCX, and RAR file to fool the user into double-clicking it. Security experts reveal that the Veracrypt Ransomware uses an industry grade encryption algorithm to lock the victim's data. Decryption is impossible through brute force and users may be welcomed to buy and send 3 Bitcoins ($1722) to the operators of the Veracrypt Ransomware. The Veracrypt Ransomware is programmed to encrypt photos, MP3s, videos, presentations, spreadsheets, text documents, HTML resources outside the Windows...

Posted on August 24, 2016 in Ransomware

‘Drugvokrug727@india.com’ Ransomware

The Drugvokrug727@india.com Ransomware comes from the same team behind the Crysis Ransomware that is using another email to contact their victims. The Drugvokrug727@india.com Ransomware is an Encryption Trojan that is used to target regular PC users. The payload of the Drugvokrug727@india.com Ransomware is known to be packed as a macro-enabled Microsoft Word document attached to spam mail. The spam carrying the Drugvokrug727@india.com Ransomware is likely to feature social engineering and lure users to open a corrupted executable disguised as a text file. The compromised macro put in place will connect to the Internet and download the Drugvokrug727@india.com Ransomware when the user opens the corrupted DOCX file. The victim may be presented with a fake message from PR operatives from Facebook and Twitter while the Drugvokrug727@india.com Ransomware is being installed in the...

Posted on August 24, 2016 in Ransomware
1 2 3 4 5 6 7 8 9 10 11 1,080