Track Global Malware Trends
View the trending of malware based on the 'detection count' reports of threats found in infected PCs and volume levels which reflect malware infection rates. For real-time data on malware outbreaks worldwide, visit MalwareTracker.

Top Security News

Top 20 Countries Found to Have the Most Cybercrime
Have you ever wondered which countries face the most cybercrime? If you have ever wondered which countries have the most cybercrime, then you may be surprised to know that there are few contributing factors that attract cybercriminals to specific regions of the world. Security research firm,...
Gmail Filter Virus Attacks Gmail Users Turning Them Into Spammers
A new vulnerability within the Gmail email account system, called Gmail Filter Virus, is currently affecting some Gmail users taking control of their account turning it into a virtual spam proxy. Many Gmail account users will utilize the 'filters' feature for various automation functions in...
Crafty Scammers Offer a Fake Survey Bypassing Script That is Really a Survey Scam Campaign in Disguise
Just when you think that you have heard about some of the most clever scams online, cybercrooks amaze us all again as they introduce their very own solution to online survey scams. The people responsible for survey scams are not only still tricking computer users through the use of their annoying...

More Articles

LaSuperba

LaSuperba may be associated with numerous problems that may be caused by PUPs (Potentially Unwanted Programs). LaSuperba may interrupt the computer users' activities when browsing the Web and cause performance problems on affected Web browsers. LaSuperba is linked to an adware that may affect most commonly used Web browsers on the Windows operating system, including Internet Explorer, Mozilla Firefox and Google Chrome. LaSuperba advertisements may take the form of irritating pop-up messages that make it very difficult to use the affected Web browser. In most cases, removing adware associated with LaSuperba will stop LaSuperba advertisements from appearing on affected Web browsers. However, most adware infections do not come alone; the presence of one adware component may indicate the presence of others, all of which may be connected with LaSuperba and similar unwanted content....

Posted on August 31, 2015 in Adware

VirLock Ransomware

Screenshot

The VirLock Ransomware is a ransomware Trojan that takes computers hostage and then demands payment from the computer users using BitCoin, a crypto-currency that is known for permitting anonymous online payments. The VirLock Ransomware will threaten computer users, claiming that the VirLock Ransomware has found pirated software on the infected computer and threatening to report the victim to the authorities unless the fine is paid. These claims have no basis. The VirLock Ransomware cannot check your computer for pirated software or alert the authorities. Rather, the VirLock Ransomware is engineered to lock down your computer and prevent access to your files. If the VirLock Ransomware...

Posted on December 10, 2014 in Ransomware

CryptoWall Ransomware

Screenshot

The CryptoWall Ransomware is a ransomware Trojan that carries the same strategy as a number of other encryption ransomware infections such as Cryptorbit Ransomware or CryptoLocker Ransomware . The CryptoWall Ransomware is designed to infect all versions of Windows, including Windows XP, Windows Vista, Windows 7 and Windows 8. As soon as the CryptoWall Ransomware infects a computer, the CryptoWall Ransomware uses the RSA2048 encryption to encrypt crucial files. Effectively, the CryptoWall Ransomware prevents computer users from accessing their data, which will be encrypted and out of reach. The CryptoWall Ransomware claims that it is necessary to pay $500 USD to recover the encrypted...

Posted on May 12, 2014 in Ransomware

CryptoLocker Ransomware

Screenshot

The CryptoLocker Trojan is a ransomware infection that encrypts the victim's files. CryptoLocker may typically be installed by another threat such as a Trojan downloader or a worm. Once CryptoLocker is installed, CryptoLocker will search for sensitive files on the victim's computer and encrypt them. Essentially, CryptoLocker takes the infected computer hostage by preventing access to any of the computer user's files. CryptoLocker then demands payment of a ransom to decrypt the infected files. CryptoLocker is quite harmful, and ESG security analysts strongly advise computer users to use an efficient, proven and updated anti-malware program to protect their computer from these types of...

Posted on September 11, 2013 in Ransomware

MyStart by Incredibar

Screenshot

MyStart is a browser hijacker that uses the MyStart by Incredibar toolbar and a browser hijacking component that forces its victims to visit the MyStart.Incredibar.com website. This website is a low-quality search engine that displays more advertisements than legitimate results. Even worse, several of MyStart's search results may lead computer users to websites containing malicious content. Although MyStart actually provides a supposed tool to remove this component from the victim's web browser, ESG security researchers recommend disregarding this component and instead removing MyStart with the help of a reputable anti-malware utility. MyStart can refer to both the low-quality...

Posted on July 31, 2012 in Adware

FBI Moneypak Ransomware

Screenshot

ESG security researchers have received reports of a ransomware infection, known as the FBI Moneypak ransomware, that targets computer users in the United States. The FBI Moneypak ransomware infection will claim that the victim's computer was involved in viewing child pornography and then demands payment of a 100 dollar 'fine' to be sent via MoneyPack. Of course, that a criminal charge as serious as child pornography would be punished with a mere 100 dollar fine is laughable. There is a reason for this, the FBI Moneypak ransomware is not really from the FBI. Rather, this message is actually part of a common malware scam. The FBI Moneypak ransomware scam will use a Winlocker, that is,...

Posted on June 25, 2012 in Ransomware

Live Security Platinum

Screenshot

Live Security Platinum is one of the many fake security programs in the WinWebSec family of malware. Although ESG security researchers have been following the family of malware for several years, Live Security Platinum is a relatively new variant first detected in 2012. Because of this, it is pivotal to ensure that your security software is fully updated. Like most fake security programs, Live Security Platinum is designed to induce PC users to purchase a worthless 'full version' of Live Security Platinum. To do this, Live Security Platinum will try to scare the computer user with a variety of fake error messages, pop-up alerts from the Taskbar and a convincing fake scan of the...

Posted on June 1, 2012 in Rogue Anti-Spyware Program

DNS Changer

Screenshot

DNS Changer is a Trojan that is designed to force a computer system to use rogue DNS servers. Also, DNS Changer is being referred to as the Internet Doomsday Virus, Ghost Click Malware, DNS Changer Rootkit, DNS Changer Malware, DNS Changer Trojan, DNS Changer Virus, FBI DNS Changer or DNSChanger. A DNS Changer infection will typically have two steps, in order to reroute the infected computer’s traffic to these malicious DNS servers: A DNS Changer malware infection will change the infected computer system’s settings, in order to replace the DNS servers to rogue DNS servers belonging to hackers or online criminals. The DNS Changer malware infection will then try to...

Posted on November 25, 2011 in Trojans

Thesearch.net

The Thesearch.net domain is designed to appear as a viable alternative to Bing and Google, but good search results do not boost its reputation. The Thesearch.net domain is not trusted because it is associated with a browser hijacker that may lead users to unsafe sites and welcome them to install harmful software. Its analysis showed that Thesearch.net is hosted on the 54.243.231.130 IP address that is related to several cyber threats including Hidrag and Sality . The browser hijacker related to Thesearch.net may be distributed to users by incorporating it with free software such as LyricalParty and MedPlayerNewVersion . Computer users that like to use free software need to be mindful of browser hijackers that may be used to compromise their security. Security analysts note that the Thesearch.net browser hijacker might be used to record your Internet history and read data like...

Posted on July 22, 2016 in Browser Hijackers

Istream.link

The Istream.link domain is blacklisted by many Web filters including Websense ThreatSeeker, Certly and Trustwave and rightly so. The Istream.link domain is associated with applications that hijack the browser of users and may redirect these users to threatening pages. The browser hijacker linked to Istream.link may load content from pages like Mevio.com and PrimoSearch.com . The 104.28.19.163 IP address of Istream.link is blocked by most security apps and extensions for modern browsers like Google Chrome, Opera, and Mozilla Firefox. However, the Istream.link browser hijacker may arrive on your PC bundled with a free program like the Koox System Optimizer . The Istream.link browser hijacker may close your running browser to modify its settings and load Istream.link as your homepage and default aggregator. The program linked to Istream.link might remove security tools attached...

Posted on July 22, 2016 in Browser Hijackers

BlackMoon

The BlackMoon malware is a Banking Trojan that is favored among cyber criminals in East Asia and is known to wreak havoc in South Korea, Japan and China. The BlackMoon Trojan is distributed via drive-by-downloads and exploit kits like Sibhost and HanJuan . The BlackMoon malware has a dropper that deletes itself and introduces BlackMoon as an executable DLL into the Windows OS. The DLL loaded with BlackMoon is executed via rundll32.exe and is designed to change the Hosts file of Windows so that requests to the Internet are rerouted to an IP address controlled by a fraudster. The BlackMoon malware enters the commands ipconfig.exe and flush DNS to clear the DNS cache and make sure users are redirected to a phishing portal. In simple terms, the BlackMoon Trojan changes the way your PC access the Internet and redirects users to a phishing message whenever they open a search engine and...

Posted on July 22, 2016 in Trojans

Anatel Ransomware

The Anatel Ransomware is supposedly cryptomalware that is operated by members of the hacking collective Anonymous. The Anatel Ransomware is involved in an attack on the 'Anatel' telecommunications company. The Anatel Ransomware is an Encryption Trojan that may have been injected into the servers and computers of 'Anatel' via an exploit, spam, and a USB drive. The attack with Anatel Ransomware may be a retaliation by an angry citizen because 'Anatel' tends to block popular instant messaging services quite often and limit the user's access to the Internet. Apps like WhatsApp, Viber, and Telegram experience problems with 'Anatel' quite often. Posts on social media suggest that PC and smartphone users in Brazil are not fond of the operations of the 'Anatel' company. Malware investigators note that the Anatel Ransomware is a standard Encryption Trojan that is designed to scan the...

Posted on July 22, 2016 in Ransomware

BlackMoon Banking Trojan Compromises Over 100K South Korea Banking Accounts

A relatively new banking Trojan horse, called BlackMoon , is on the scene to overtake online banking account login credentials. BlackMoon was identified by the security firm Fortinet, calling it W32/Banra. Through their research, they found that BlackMoon has a campaign that consists of its command and control servers and several compromised computers that form a botnet to overtake South Korean banking credentials. So far, BlackMoon is suspected of compromising over 100,000 South Korean banking account credentials. BlackMoon was first identified running a scheming campaign back in 2014. Just this year, during April of 2016, just over 60,000 victims were attacked to uncover their banking details . Most of the victims were located in South Korea making BlackMoon a threat that targeted specifically in that region. The authors of BlackMoon use configuration files that...

Posted on July 22, 2016 in Computer Security

Mytrustsearch.com

Web surfers that are infected with a browser hijacker may be redirected to Mytrustsearch.com whenever they enter keywords into their search bar, Omnibar and Windows start menu. The browser hijacking application linked to Mytrustsearch.com is released to users via free software bundles that may include apps like InboxAce and the Hyper Browser . Browser hijacking software may be used by hackers to divert Web traffic to infected pages. In other cases, browser hijacking applications may serve blacklisted advertisers to earn revenue and promote faulty goods. The browser hijacker associated with Mytrustsearch.com works as a custom search engine based on Google, may record the visitor's actions and generated related ads. Using Mytrustsearch.com will provide text and image results that are limited and are polluted by many marketing materials. Web browsers that are infected with the...

Posted on July 21, 2016 in Browser Hijackers

Social-avenue.com

The Social-avenue.com portal is associated with the Social-Avenue browser plug-in that is advertised via freeware packages as a tool that should help users socialize outside the Web. The Social-Avenue browser plug-in may claim to provide a map that is populated with data about other visitors to Social-avenue.com and allow users to meet in restaurants, clubs and parks. Also, the Social-Avenue browser plug-in may welcome users to provide access to their profile on Facebook and Reddit to facilitate text, video and image communications. Users that installed the Social-Avenue plug-in and are redirected to Social-avenue.com may be surprised to see that it does not support a communications hub on its own and relies on the user to authorize it to use Facebook and Reddit. Needless to say, that type of action has security implications because Social-avenue.com is not a trusted site and the...

Posted on July 21, 2016 in Browser Hijackers

CrypMIC Ransomware

The CrypMIC Ransomware is a spitting image of the CryptXXX Ransomwarebut has several features and code differences that make it stand out. The CrypMIC Ransomware comes from threat actors that decided to follow the model employed to spread the CryptXXX Ransomware . They are using the latest version of the Neutrino Exploit Kit to deliver corrupted DLL files to their victims via corrupted ads and compromised sites. Since the CrypMIC Ransomware is embedded into pages, the users will notice that this threat is loaded in the background and is executed silently. The CrypMIC Ransomware is programmed to target up nine hundred file formats and can render servers and computer inoperable in a matter of hours. The CrypMIC Ransomware is using the AES-256 encoding algorithm to lock the victim's data and does not append a custom file extension making the indexing of the corrupted files...

Posted on July 21, 2016 in Ransomware

Windows Route Manager

The Windows Route Manager may appear in your 'Control Panel' after installing a free audio player and browsers like Wind Browser and Mustang Browser that have a bad reputation. Security analysts analyzed the Windows Route Manager app and did not recommend users to install it. The Windows Route Manager program does not have a user interface and publicly known developer. We did not manage to find a site and official distributor as well. Network analysis suggests that the Windows Route Manager program may be used to generate pay-per-click revenue and reroute Web traffic to sponsored sites. Computer users with a limited connection to the Internet may notice significant lag and inability to load videos on YouTube and Vimeo. The Windows Route Manager software is flagged as a Potentially Unwanted Program (PUP) that may decrease your computer performance and prevent you from enjoying the...

Posted on July 20, 2016 in Possibly Unwanted Program

Unlimited.co.in

Computer users that are not satisfied with Google and Bing may be interested in installing the browser enhancer linked to Unlimited.co.in that is advertised to deliver improved search results. The browser enhancer from Unlimited.co.in may arrive on your PC bundled with third-party freeware such as AppEnable and the iWON Toolbar . You should know that the application associated with Unlimited.co.in may change your new tab settings and default search provider to Unlimited.co.in. The Unlimited.co.in portal hosts a search engine that is a customized version of Google with added features from Bing and Yahoo that is supposed to provide unparalleled experience if you choose to trust the marketing team of Unlimited.co.in. However, the app linked to Unlimited.co.in is recognized as a browser hijacker that is similar to the apps related to Search.entru.com and Globasearch.com . The...

Posted on July 20, 2016 in Browser Hijackers

‘Urgent Chrome Update’ Pop-Ups

'The 'Urgent Chrome Update' pop-ups are irritating pop-up messages that have been linked to news articles associated with questionable content distributed on social media. In most cases, the 'Urgent Chrome Update' pop-ups will be accompanied by numerous advertising content on the affected Web browser. Computer users complaining about the 'Urgent Chrome Update' pop-ups also may be affected by frequent pop-up messages, banners, random links inserted into plain text content and similar unwanted content. Computer users affected by the 'Urgent Chrome Update' pop-ups also have reported that their Web browser settings will have been altered automatically. The affected Web browser's homepage will be changed automatically, and they will be forced to use a specific, low-quality search engine that mostly delivers advertisements rather than real search results. The 'Urgent Chrome Update' pop-ups...

Posted on July 20, 2016 in Browser Hijackers

‘888-262-9519’ Pop-Ups

The '888-262-9519' pop-ups are associated with a well-known technical support tactic that may impersonate the Norton Security and anti-virus and security utilities. If the '888-262-9519' pop-ups are appearing on your computer, PC security analysts strongly advise ignoring their content and instead using a reliable security program to help with the removal of the '888-262-9519' pop-ups and any content associated with these unwanted messages. The '888-262-9519' pop-ups may be caused by a PUP (Potentially Unwanted Program) installed on a computer. In some cases, a Trojan may be responsible for the '888-262-9519' pop-ups and other pop-up content on the user's computer. This family of PUPs may display a bogus system scan titled 'Norton Security Scan,' which claims that a large number of threats were detected on the user's computer. The '888-262-9519' pop-ups include this phone number so...

Posted on July 20, 2016 in Browser Hijackers

Bart Ransomware Gets Free File Decrypter from Security Researcher

Ransomware has literally taken the computer security world by storm, and the future outlook doesn't look like ransomware authors will let up anytime soon. A particular type of threat that stands out from the rest of recent ransomware is Bart Ransomware , which is spread through a botnet and takes your files to place them inside of a password-protected ZIP file only to delete the originals. Bart Ransomware was recognized as a threat that took a different direction of other recent encryption type ransomware. In its different actions, Bart Ransomware asked its victims for a substantial ransom fee of 3 Bitcoin, which is about $1,800 USD. With what appears to be a crack on the malware, Bart Ransomware now has a free file decrypter that will essentially restore all files that were copied into a ZIP archive and then deleted from their original location. The decrypter, which is a...

Posted on July 20, 2016 in Computer Security

Bitcoinrush Ransomware

The Bitcoinrush Ransomware is an encryption ransomware Trojan. These threats are used to take the victims' files hostage, demanding the payment of a ransom to restore the computer user's files. The Bitcoinrush Ransomware scans the victim's computer, encrypting the victim's files using a strong encryption method and then appending the extension 'the Bitcoinrush@aol.com.xtbl' to each file it encrypts. After encrypting the victim's files, the Bitcoinrush Ransomware drops ransom notes in each directory where it encrypted content. The ransom note associated with the Bitcoinrush Ransomware will explain to the victim why the files can no longer be accessed and includes information about the payment. Backups are the Safest Way to Recover Encrypted Files The full text of the Bitcoinrush Ransomware ransom notes, which are dropped in each directory where the Bitcoinrush Ransomware...

Posted on July 20, 2016 in Ransomware

‘Payfornature@india.com’ Ransomware

The Payfornature@india.com Ransomware is a ransomware encryption Trojan. The Payfornature@india.com Ransomware demands the payment of a large amount after encrypting the victim's computer. The Payfornature@india.com Ransomware's ransom note is particularly blatant, blaming the victim for not being careful with their computers security, apart from asking for a large ransom. The Payfornature@india.com Ransomware's ransom amount is 3 BitCoin, which is more than $2000 USD on average at the current exchange rates. The Payfornature@india.com Ransomware also claims that if the victim does not pay the ransom within 24 hours, the amount is elevated to 5 BitCoin, approximately $3400 USD! Of course, paying such an elevated ransom is out of the reach of most computer users, although some businesses would gladly pay this amount to get their files back. PC security analysts strongly advise against...

Posted on July 20, 2016 in Ransomware
1 2 3 4 5 6 7 8 9 10 11 1,072