RARSTONE is a RAT, which is used in targeted attacks against Asian organizations. RARSTONE is included in a cybercriminal campaign, dubbed Naikon, that attacks communications, oil, government, media and other types of organizations from Asia. The cybercriminals send out spear-phishing emails that allegedly include documents pertaining to diplomatic discussions in the Asia-Pacific region. When the documents attached to the emails are opened, a vulnerability in Windows common control is exploited, and RARSTONE is pushed onto the victim’s computer system. In the meantime, a lure document is shown not to raise suspicion. Once it finds itself on a device, a backdoor component is downloaded from a command and control (C&C) server directly to the memory. This enables the malware infection to go undetected by numerous security applications. RARSTONE checks the Uninstall Registry Key and uses it…
Security Threats
TSPY_QHOST.QFB
TSPY_QHOST.QFB is a Trojan that is used by cybercrooks to reroute customers of South Korean Banks to phishing websites fooling them into revealing their personal and financial data. TSPY_QHOST.QFB makes modifications to the attacked PC’s HOSTS file to diverts victimized computer users to an IP address located in Japan. When on the phishing website, attacked computer users are asked several questions about PC security, after which they’re instructed to get a security certificate. Attacked PC users are asked to give their name, Korean resident registration number, phone number, account number, password, user ID, associated password, and the certificate password. These phishing websites abuse the trust that web users have in their banks to get financial and personal data from victimized web users. These websites are designed to think that computer users are entering their information in…
Itdefender.exe
Itdefender.exe is a dangerous executable file and a component of a fake anti-spyware application called Internet Security Premium. Itdefender.exe specifies that the phony security program called Internet Security Premium is installed on the corrupted PCm. To eliminate Internet Security Premium from the affected computer system, attacked PC users should delete itdefender.exe from the victimized computer with a reputable anti-malware tool. Itdefender.exe decreases PC performance and leads to other privacy and security issues….
Ihdefender.exe
Ihdefender.exe is a dangerous executable file of a rogue anti-spyware program called Internet Security. Ihdefender.exe specifies that the bogus security tool called Internet Security Premium is installed on the compromised PC. For removal of Internet Security Premium from the affected computer system, target PC users should delete itdefender.exe from the targeted computer system with a legal anti-malware application. Ihdefender.exe is a security risk to the infected computer; therefore, it has to be removed as soon as possible….
TrojanDownloader:Win32/Beebone.IJ
TrojanDownloader:Win32/Beebone.IJ is a Trojan that stealthily drops and installs other damaging applications on a corrupted PC without a computer user’s permission. TrojanDownloader:Win32/Beebone.IJ can install other malware infections or malware components on the compromised PC. While being installed, TrojanDownloader:Win32/Beebone.IJ makes system modifications by adding harmful files. TrojanDownloader:Win32/Beebone.IJ contacts a remote host to receive configuration or other data, to receive instructions from a remote cybercriminal, to report a new infection to its author, to add and run arbitrary files (covering updates or other security threats) and to upload data taken from the affected computer system….
Worm:JS/Proslikefan.gen!D
Worm:JS/Proslikefan.gen!D is a polymorphic worm, which can modify a targeted PC’s settings, block processes related to security tools and drop harmful files. Worm:JS/Proslikefan.gen!D grabs information about the compromised PC and may distribute other security threats. Worm:JS/Proslikefan.gen!D can also prevent security applications from functioning appropriately. Worm:JS/Proslikefan.gen!D propagates through file-sharing networks and removable drives. While being installed, Worm:JS/Proslikefan.gen!D makes system alterations on the affected computer system. Worm:JS/Proslikefan.gen!D can restrict PC users from running Task Manager and Registry Editor. Worm:JS/Proslikefan.gen!D can also prevent the victimized PC user from using the Windows Security Center service and modifying the start page ob Internet Explorer. Worm:JS/Proslikefan.gen!D modifies the Windows Registry on the attacked…
Worm:VBS/Dunihi.A
Worm:VBS/Dunihi.A is a VBScript worm, which grabs information about a compromised PC and transfers it to a remote cybercriminal. A cybercriminal can then tell Worm:VBS/Dunihi.A to accomplish a variety of malicious actions on the infected computer system, covering downloading and installing other security infections. Worm:VBS/Dunihi.A proliferates through removable storage devices, such as a floppy disks or USB flash drives. Worm:VBS/Dunihi.A checks the corrupted PC for removable drives. If a removable drive is found Worm:VBS/Dunihi.A creates a copy of itself into that drive. Worm:VBS/Dunihi.A creates several link (.lnk) files that run the VBScript worm. The .lnk file names are created using the file names already on the removable drive. While being installed, Worm:VBS/Dunihi.A makes system modifications on the attacked PC by modifying the Windows Registry and adding infected files….
Download Terms
Download Terms, otherwise known as DownloadTerms or Download Terms 1.0, is a potentially unwanted program, which is also categorized as an adware application. Mainly, Download Terms invades an attacked computer system without a victimized PC user’s consent and awareness. When Download Terms penetrates into the hacked PC, it makes system modifications and adds own entries on all hijacked web browsers. When the affected PC user starts using Internet Explorer, Google Chrome, Mozilla Firefox or other Internet browsers, Download Terms starts showing unwanted pop-up ads and underlined words. Download Terms will also lead to irritating diversions to Trustedoffer.com and other sponsored websites. Download Terms doesn’t need the computer user to download it manually. Download Terms can easily enter the compromised PC packed with other applications. Commonly, Download Terms comes packed with…
See Similar
See Similar is an adware application, which shows a ‘See Similar’ button on product images on Amazon, Youtube, Walmart and other websites that are visited by web users. The ‘See Similar’ pop-up advertisements will be shown as boxes, which include various coupons that are available or as underlined keywords, which when clicked will divert the victimized computer user to a supported website. The ‘See Similar’ pop-up carries a browser add-on that is usually embedded when the PC user installs another free applications, such download-managers, video recording/streaming or PDF creators that had packaged into their installation See Similar. When the target Internet user installs these free programs, they will also install a See Similar adware on their PCs. Some of the software products that are known to come packaged with ‘See Similar’ adware incorporate Genius Box, WebCake, Superfish,…
Follow ESG
Popular Malware
- System Care Antivirus
- Microsoft Security Essentials Alert Virus
- Windows Fix
- Internet Security
- Home Malware Cleaner
- ULocker Ransomware
- Cheshire Police Authority Ransomware
- Vista Antivirus 2013
- Win 7 Antivirus Plus 2013
- Windows Antivirus Care
- Windows Malware Firewall
- Windows XP Fix
- Vista Antispyware 2013
- Total Anti Malware Protection
- System Check
- System Doctor 2014
- Reloadit Pack Virus
- XP Antivirus 2013
- Best Virus Protection
- Smart HDD
- System Protection
- XP Antispyware 2013
- Decrypt Protect Ransomware
- Polizia Penitenziaria Ransomware
- Data Recovery
- System Protector
- ICE Cyber Crimes Center Ransomware
- Internet Security 2012
- Microsoft Antivirus 2013
- Politiet Kongeriget Danmark Ransomware
- FBI MoneyPak Ransomware
- You Have 48 Hours to Pay the Fine Ransomware
- Microsoft Security Essentials Alert Virus
- Windows Genuine Advantage Ransomware
- FBI Ultimate Game Card Virus
- Reveton
- Google Redirect Virus
