Track Global Malware Trends
View the trending of malware based on the 'detection count' reports of threats found in infected PCs and volume levels which reflect malware infection rates. For real-time data on malware outbreaks worldwide, visit MalwareTracker.

Top Security News

Top 20 Countries Found to Have the Most Cybercrime
Have you ever wondered which countries face the most cybercrime? If you have ever wondered which countries have the most cybercrime, then you may be surprised to know that there are few contributing factors that attract cybercriminals to specific regions of the world. Security research firm,...
Gmail Filter Virus Attacks Gmail Users Turning Them Into Spammers
A new vulnerability within the Gmail email account system, called Gmail Filter Virus, is currently affecting some Gmail users taking control of their account turning it into a virtual spam proxy. Many Gmail account users will utilize the 'filters' feature for various automation functions in...
Crafty Scammers Offer a Fake Survey Bypassing Script That is Really a Survey Scam Campaign in Disguise
Just when you think that you have heard about some of the most clever scams online, cybercrooks amaze us all again as they introduce their very own solution to online survey scams. The people responsible for survey scams are not only still tricking computer users through the use of their annoying...

More Articles

LaSuperba

LaSuperba may be associated with numerous problems that may be caused by PUPs (Potentially Unwanted Programs). LaSuperba may interrupt the computer users' activities when browsing the Web and cause performance problems on affected Web browsers. LaSuperba is linked to an adware that may affect most commonly used Web browsers on the Windows operating system, including Internet Explorer, Mozilla Firefox and Google Chrome. LaSuperba advertisements may take the form of irritating pop-up messages that make it very difficult to use the affected Web browser. In most cases, removing adware associated with LaSuperba will stop LaSuperba advertisements from appearing on affected Web browsers. However, most adware infections do not come alone; the presence of one adware component may indicate the presence of others, all of which may be connected with LaSuperba and similar unwanted content....

Posted on August 31, 2015 in Adware

VirLock Ransomware

Screenshot

The VirLock Ransomware is a ransomware Trojan that takes computers hostage and then demands payment from the computer users using BitCoin, a crypto-currency that is known for permitting anonymous online payments. The VirLock Ransomware will threaten computer users, claiming that the VirLock Ransomware has found pirated software on the infected computer and threatening to report the victim to the authorities unless the fine is paid. These claims have no basis. The VirLock Ransomware cannot check your computer for pirated software or alert the authorities. Rather, the VirLock Ransomware is engineered to lock down your computer and prevent access to your files. If the VirLock Ransomware...

Posted on December 10, 2014 in Ransomware

CryptoWall Ransomware

Screenshot

The CryptoWall Ransomware is a ransomware Trojan that carries the same strategy as a number of other encryption ransomware infections such as Cryptorbit Ransomware or CryptoLocker Ransomware . The CryptoWall Ransomware is designed to infect all versions of Windows, including Windows XP, Windows Vista, Windows 7 and Windows 8. As soon as the CryptoWall Ransomware infects a computer, the CryptoWall Ransomware uses the RSA2048 encryption to encrypt crucial files. Effectively, the CryptoWall Ransomware prevents computer users from accessing their data, which will be encrypted and out of reach. The CryptoWall Ransomware claims that it is necessary to pay $500 USD to recover the encrypted...

Posted on May 12, 2014 in Ransomware

CryptoLocker Ransomware

Screenshot

The CryptoLocker Trojan is a ransomware infection that encrypts the victim's files. CryptoLocker may typically be installed by another threat such as a Trojan downloader or a worm. Once CryptoLocker is installed, CryptoLocker will search for sensitive files on the victim's computer and encrypt them. Essentially, CryptoLocker takes the infected computer hostage by preventing access to any of the computer user's files. CryptoLocker then demands payment of a ransom to decrypt the infected files. CryptoLocker is quite harmful, and ESG security analysts strongly advise computer users to use an efficient, proven and updated anti-malware program to protect their computer from these types of...

Posted on September 11, 2013 in Ransomware

MyStart by Incredibar

Screenshot

MyStart is a browser hijacker that uses the MyStart by Incredibar toolbar and a browser hijacking component that forces its victims to visit the MyStart.Incredibar.com website. This website is a low-quality search engine that displays more advertisements than legitimate results. Even worse, several of MyStart's search results may lead computer users to websites containing malicious content. Although MyStart actually provides a supposed tool to remove this component from the victim's web browser, ESG security researchers recommend disregarding this component and instead removing MyStart with the help of a reputable anti-malware utility. MyStart can refer to both the low-quality...

Posted on July 31, 2012 in Adware

FBI Moneypak Ransomware

Screenshot

ESG security researchers have received reports of a ransomware infection, known as the FBI Moneypak ransomware, that targets computer users in the United States. The FBI Moneypak ransomware infection will claim that the victim's computer was involved in viewing child pornography and then demands payment of a 100 dollar 'fine' to be sent via MoneyPack. Of course, that a criminal charge as serious as child pornography would be punished with a mere 100 dollar fine is laughable. There is a reason for this, the FBI Moneypak ransomware is not really from the FBI. Rather, this message is actually part of a common malware scam. The FBI Moneypak ransomware scam will use a Winlocker, that is,...

Posted on June 25, 2012 in Ransomware

Live Security Platinum

Screenshot

Live Security Platinum is one of the many fake security programs in the WinWebSec family of malware. Although ESG security researchers have been following the family of malware for several years, Live Security Platinum is a relatively new variant first detected in 2012. Because of this, it is pivotal to ensure that your security software is fully updated. Like most fake security programs, Live Security Platinum is designed to induce PC users to purchase a worthless 'full version' of Live Security Platinum. To do this, Live Security Platinum will try to scare the computer user with a variety of fake error messages, pop-up alerts from the Taskbar and a convincing fake scan of the...

Posted on June 1, 2012 in Rogue Anti-Spyware Program

DNS Changer

Screenshot

DNS Changer is a Trojan that is designed to force a computer system to use rogue DNS servers. Also, DNS Changer is being referred to as the Internet Doomsday Virus, Ghost Click Malware, DNS Changer Rootkit, DNS Changer Malware, DNS Changer Trojan, DNS Changer Virus, FBI DNS Changer or DNSChanger. A DNS Changer infection will typically have two steps, in order to reroute the infected computer’s traffic to these malicious DNS servers: A DNS Changer malware infection will change the infected computer system’s settings, in order to replace the DNS servers to rogue DNS servers belonging to hackers or online criminals. The DNS Changer malware infection will then try to...

Posted on November 25, 2011 in Trojans

Globe Ransomware

The Globe Ransomware falls into the category of encryption Trojans that use a combination of AES and RSA ciphers to lock the user's data. The Globe Ransomware can lock data on SSD and HHD without administrative privileges. The Globe Ransomware is a variant of the Purge Ransomware that may avoid detection due to modified runtime parameters. Like its predecessor, the Globe Ransomware is spread among PC users via corrupted links and file attachments on spam email. The payload of the Globe Ransomware may be disguised as an RAR, ZIP, DOCX, and PDF file, and you should not open spam if you wish to avoid the Globe Ransomware. The Globe Ransomware is named after the custom desktop wallpaper it uses to notify users that their files are encrypted. The image represents a globe on a background of the default Windows Vista wallpaper. The wallpaper by the Globe Ransomware features the...

Posted on August 24, 2016 in Rogue Anti-Spyware Program

Netutils Ads

We have received reports that a suspicious program named Netutils is traveling with freeware bundles and not appearing on the 'Control Panel' when installed. Its investigation revealed that the Netutils program exhibits the behavior of adware. Security experts recommend users to explore the 'Advanced' and 'Typical' option of installers to make sure they do not install the Netutils software. The Netutils adware is known to promote the PC Speed Up rogue anti-spyware program. The Netutils adware appears to serve as a proxy that redirects users to a page where they can download and buy a license for PC Speed Up. Computer users that are infected with the Netutils adware may notice netutils.exe running in the background by opening Windows Task Manager. The Netutils adware is designed to open new tab pages in your browser and switch the focus to a dialog box that says 'Your computer...

Posted on August 24, 2016 in Adware

Meldonii@india.com Ransomware

The Meldonii@india.com Ransomware is an Encryption Trojan that is built upon the same engine used for the Crysis Ransomware . The Meldonii@india.com Ransomware is using the .xtbl file extension but does not belong to the Troldesh family of cryptomalware. The Meldonii@india.com Ransomware is delivered to users via spam emails that may include documents that appear as invoices, payment notifications, and communique from media outlets. Objects that are encrypted by the Meldonii@india.com Ransomware may be represented by an icon that looks like a blank sheet of paper. PC users can move, copy and delete corrupted data but you will not have access to its content. The Meldonii@india.com Ransomware is programmed to target the following data containers: .odc, .odm, .odp, .ods, .odt, .docm, .docx, .doc, .odb, .mp4, sql, .7z, .m4a, .rar, .wma, .gdb, .tax, .pkpass, .bc6, .bc7, .avi,...

Posted on August 24, 2016 in Ransomware

Radxlove7@india.com Ransomware

The Radxlove7@india.com Ransomware is a member of the Troldesh family of cryptomalware that is designed to target server networks. Unlike regular Encryption Trojans like the Zepto Ransomware the Radxlove7@india.com Ransomware targets more data containers. Also, the Radxlove7@india.com Ransomware may block data on connected server systems. The Radxlove7@india.com Ransomware is capable of encrypting data on the latest versions of Windows Server. The Radxlove7@india.com Ransomware can render online stores and platforms inaccessible until payment is delivered. There are reports suggesting that the Radxlove7@india.com Ransomware is spread via remote desktop connections. Hackers may combine the processing power of botnets to launch brute force attacks on RDP (Remote Desktop Protocol) panels and gain access to the server. The Radxlove7@india.com Ransomware can begin the encryption...

Posted on August 24, 2016 in Ransomware

Grand_car@aol.com Ransomware

The Grand_car@aol.com Ransomware is another adaptation of the Crysis Ransomware designed to avoid detection by AV scanners and use an industry level cipher to lock the user's data. The Grand_car@aol.com cryptomalware uses the AES-128 encryption to deprive users of access to their data across connected drives. You can find the Grand_car@aol.com Ransomware attached to spam mail. In some cases, the Grand_car@aol.com Ransomware may be delivered to servers via brute force attacks on RDP (Remote Desktop Protocol) panels. We recommend users to avoid opening links and files from spam mail as well as use a secure password for their server account. Worst case scenario—the Grand_car@aol.com Ransomware will scan the compromised PC for the following file formats: .odc, .odm, .odp, .ods, .odt, .docm, .docx, .doc, .odb, .mp4, sql, .7z, .m4a, .rar, .wma, .gdb, .tax, .pkpass, .bc6, .bc7,...

Posted on August 24, 2016 in Ransomware

NewsCrawler.com

NewsCrawler.com is the official page for the NewzCrawler program that is promoted as an RSS-feed reader for Microsoft's Internet Explorer. As you may know, Internet Explorer does not come with an RSS-reader and many users that like to keep up with articles from Nytimes.com and Bbc.com may e willing to install NewsCrawler. Windows users that favor IE above Google Chrome and Mozilla Firefox can visit www.newzcrawler.com/download.shtml and download the NewsCrawler program. Keep in mind that NewsCrawler is compatible with Microsoft Internet Explorer 7 and later versions. Additionally, NewsCrawler may change your homepage to NewsCrawler.com and your default search aggregator to Search.newscrawler.com. We should note that if you are interested in using NewsCrawler by ADC Software, you will be required to use Search.newscrawler.com as your primary search provider. Google and Yahoo will be...

Posted on August 23, 2016 in Possibly Unwanted Program

Trojan.Agent.DEC

The Trojan.Agent.DEC notification is utilized by anti-malware software to inform the users of a Trojan-Downloader on their PCs. Threats like the Trojan.Agent.DEC are favored by threat developers for their versatility and ability to drop other threats on the targeted computer. An infamous member of the Trojan dropper family of threatening applications is Win32.Viking.JJ that is used for corporate espionage. Therefore, you should not underestimate Trojan.Agent.DEC and overlook security alerts that mention it. The Trojan.Agent.DEC malware can be delivered to users as a fake software update so that the user does not suspect suspicious activity when a binary is downloaded from a remote server. Needless to say, users that are willing to risk installing pirated games might be presented with the payload of the Trojan.Agent.DEC. The Trojan.Agent.DEC program is a Trojan, and it may install...

Posted on August 23, 2016 in Trojans

The Federal Trade Commission Plans Panel Discussion on Ransomware to Recommend Solutions

Ransomware has captivated many facets of the computer security world and has emerged as being one of the most dangerous types of malware that we face over the Internet. Ransomware has grown to be the dominating malware so much that it has gained the undivided attention of many government entities, including the Federal Trade Commission (FTC). To address the proliferation of ransomware, the FTC is making plans to host several panel discussions to highlight the seriousness and crime syndicates that have come out of the endurance of ransomware in the past couple of years. The event, set for September 7, 2016, was announced earlier this year and has recently been listed to include several government officials and business representatives from companies like Symantec to discuss the extremely dangerous outlook of ransomware. Expected to be part of a three-panel discussion, the...

Posted on August 23, 2016 in Computer Security

Alma Locker Ransomware

The Alma Locker Ransomware is spread among users by using corrupted links predominantly. These links can be embedded into spam messages and compromised pages. The team behind the Alma Locker Ransomware is known to rely on the RIG Exploit Kit to maximize the spread of their product. The researcher Darien Huss discovered the Alma Locker cryptomalware, and you should stick to the tried and true practice of ignoring spam email if you do not want to install the Alma Locker Ransomware or similar threats. Computer users that have the misfortune to launch the Alma Locker Ransomware will be required to pay 1 Bitcoin, which is $580 if they want their data back. The Alma Locker Ransomware uses TOR-based 'Command and Control' servers to store the encryption key and upload the private decryption key. The Alma Locker Ransomware is very similar to Locky and CTB-Locker in that regard....

Posted on August 23, 2016 in Ransomware

Trojan-Proxy.PowerShell

The Trojan-Proxy.PowerShell malware is a Banking Trojan that is designed to change the system's proxy configuration and reroute the PCs Web traffic to a proxy server that is monitored. What makes the Trojan-Proxy.PowerShell malware special is that it does not install additional proxy configurations and is hard to detect. Banking Trojans like Bunitu and Proxybox are programmed to drop corrupted PAC (Proxy Auto-Config) files to redirect the Internet requests on the infected OS. That is not how the Trojan-Proxy.PowerShell malware works. The Trojan-Proxy.PowerShell corrupted executable takes advantage of a Microsoft-licensed utility inside Windows to bypass detection and facilitate its activity. As its name suggests, the Trojan-Proxy.PowerShell uses the PowerShell automation service that is introduced with Windows 7, 8, 8.1 and 10. The PowerShell module is almost identical to CMD...

Posted on August 23, 2016 in Ransomware

Czech Ransomware

Computer users from the Czech Republic that are familiar with cryptomalware should be on the look out for the Czech Ransomware. The Czech Ransomware is a customized Encryption Trojan that is used against Czech citizens primarily. The operation of the Czech Ransomware is similar to the one we have seen with the Korean Ransomware . Both cryptomalware are adapted for targeted attacks and include geopolitical and economic parameters. Also, the Czech Ransomware uses the AES-256 encryption algorithm as well. Analysis of samples of the Czech Ransomware suggests that the Czech Ransomware may be a heavily modified version of the HiddenTear project. The Czech Ransomware is deployed to users via spam email that may appear as messages from Facebook and Twitter related to social events in the Czech Republic. The payload of the Czech Ransomware might be packed as a macro-enabled DOCX file that...

Posted on August 23, 2016 in Ransomware

Mystartpage1.ru

The Mystartpage1.ru domain does not have a publicly known owner and is related to several instances of browser hijacking. The Mystartpage1.ru domain hosts a Web application named 'Free Avatar Maker' that allows users to crop images in the JPG, GIF, and PNG format to a size that is suitable for setting up as a profile picture. The 'Free Avatar Maker' app on Mystartpage1.ru does not require subscription or payment because it is supported by advertisements and affiliate network. Computer users that install freeware frequently may stumble upon programs that may change the user's homepage and search provider to Mystartpage1.ru/i/startm.html. The ad revenue from Web traffic at Mystartpage1.ru/i/startm.html and Mystartpage1.ru allows users to benefit from the 'Free Avatar Maker' app for free. Unfortunately, some programs might hijack your Internet browser and redirect users to resources...

Posted on August 22, 2016 in Browser Hijackers

‘Windows Activation Error Code: 0x44578’ Lock Screen

The 'Windows Activation Error Code: 0x44578' lock screen may appear on PCs that are infected with badware associated with fake technical support services. Security experts reveal that the 'Windows Activation Error Code: 0x44578' lock screen is generated by a program that is designed to prevent users from accessing files on their hard drives. The purpose of the 'Windows Activation Error Code: 0x44578' program is to convince users that their Windows OSes are not legitimate and their key needs to be renewed. Applications such as these may run in portable mode, and the chances are that it will not appear in the 'Control Panel.' The badware at hand is distributed to users via links to unsigned executable hosted on file sharing platforms like Google Drive, Dropbox and MediaFire. Users that are already infected with adware like DealGrabbers and FocusBase may see advertisements that...

Posted on August 22, 2016 in Browser Hijackers

DetoxCrypto Ransomware

The DetoxCrypto Ransomware was discovered by Marc Rivero López, a security investigator. He reveals that the DetoxCrypto Ransomware is almost identical to the Pokemon GO Ransomware . However, the DetoxCrypto Ransomware features a slightly different ransomware message that portraits a sad Pikachu instead of the happy Pikachu we have seen earlier. The DetoxCrypto Ransomware functions as you would expect from an Encryption Trojan and uses AES and RSA ciphers to lock the victim's data. The makers of the DetoxCrypto Ransomware transitioned into using dynamically-generated encryption keys as opposed to the static key strategy we have seen in Power Worm Ransomware . The payload of the DetoxCrypto Ransomware is deployed via a spam campaign that may feature logos from Facebook, Twitter, Instagram, Amazon, and PayPal to trick users into downloading a corrupted file. The dropper for the...

Posted on August 22, 2016 in Ransomware

Thraflabe-rs.ru

Thraflabe-rs.ru is a website that is closely related to a browser hijacker that, once inside your computer, may lead you to shady and unsafe sites on the Web. The browser hijacker linked to Thraflabe-rs.ru may alter your browser settings automatically. Thraflabe-rs.ru may collect non-personal information such as visited sites, IP address, search queries, and more. The collected information may be transmitted to third parties that may use it for marketing purposes. Besides profiting from the advertisements Thraflabe-rs.ru may display on your machine, it also can be paid by the forced redirections to its partner websites. These redirections may pose a security risk since you can't be sure if the site you are visiting is safe or it can take advantage of your visit to install adware, Possibly Unwanted Programs (PUPs)O and even threats. To avoid the entrance of programs that may not...

Posted on August 19, 2016 in Browser Hijackers
1 2 3 4 5 6 7 8 9 10 11 1,079