‘CIA Special Agent 767’ Screen Locker

The ‘CIA Special Agent 767’ screen message isn’t related in any way to the legitimate Central Intelligence Agency of the United States of America. The ‘CIA Special Agent 767’ message includes a fake badge for an agent with the code name 767 and claims that the user’s files are encrypted ‘using an extremely secure and unbreakable algorithm.’ In reality, the notification is shown by the ‘CIA Special Agent 767’ Screen Locker Trojan that may have been installed on your PC via a macro-enabled file, riskware or a fake update to plug-ins like Adobe Flash and Java. The ‘CIA Special Agent 767’ Screen Locker Trojan does what its name suggests—it displays a lock screen and prevents the user from accessing the desktop and the file manager. Researchers reveal that the ‘CIA...

Posted on December 15, 2016 in Ransomware

Search.searchleasier.com

The Search.searchleasier.com domain is associated with the LoginEasier browser extension developed by Spigot, Inc. According to the official page of LoginEasier at Logineasier.com the extension supports Google Chrome, Internet Explorer and Mozilla Firefox. The LoginEasier software from Spigot, Inc. is promoted as a free browser extension for emails. LoginEasier is supposed to provide users with quick access to email providers and features frequently used. The LoginEasier browser extension may alter your new tab settings and load Search.searchleasier.com by default. The Search.searchleasier.com portal is equipped with links to Outlook and Hotmail by Microsoft, Yahoo, Facebook, Gmail and Google Maps. Users will need to grant the LoginEasier app access to their browsing history and installed extensions if they want to benefit from the...

Posted on December 14, 2016 in Browser Hijackers

‘Love.server@mail.ru’ Ransomware

The ‘Love.server@mail.ru’ Ransomware is named after the email love.server@mail.ru, which victims are welcomed to contact after they made a payment and needed to require a decryption key. Researchers were provided with samples of the ‘Love.server@mail.ru’ Ransomware in December 2016, which revealed the Trojan is aimed at Web servers and online shop infrastructures. Further investigation into the ‘Love.server@mail.ru’ Ransomware showed that the Trojan might use the email ‘file.recover@mail.ru,’ as well as other Mail.ru-based accounts. It is not clear whether the team behind the ‘Love.server@mail.ru’ Ransomware a.k.a. LoveServer Ransomware consists of Russian citizens. We received reports from Spain, Germany, and the UK regarding the ‘Love.server@mail.ru’ Ransomware...

Posted on December 14, 2016 in Ransomware

CyberSplitter 2.0 Ransomware

The CyberSplitter 2.0 Ransomware is under the title ‘CyberSpLiTTer Vbs Ransomware 2.0’ judging by its ransom notification. The CyberSplitter 2.0 Ransomware is a fully functional encryption Trojan that is injected into Windows computers using corrupted documents. Spam emails carrying macro-enabled documents are dispersed among users using spam bots and misappropriated email accounts. The distribution of ‘CyberSpLiTTer’ includes images and logos of trusted companies like PayPal and Amazon to increase the chance of users opening the dropper. When a user double-clicks macro-enabled documents, the CyberSplitter 2.0 Ransomware may be installed to the Temp directory. Researchers alert that the CyberSplitter 2.0 Ransomware is ranked among threats like the Phoenix Ransomware and the Sage Ransomware . What makes the...

Posted on December 14, 2016 in Ransomware

Addonsmash Ads

Addonsmash is platform hosted at Addonsmash.com that offers solutions to software publishers. The Addonsmash platform appears to be tailored to freeware developers and publishers looking for a way to monetize their services with alternative mechanisms. Freelance programmers and publishers can work with Addonsmash to deploy browser extensions and standalone programs that PC users can install and benefit from for free. However, there is a catch. You are not required to pay a monthly subscription fee and purchase a commercial license, but you are provided with promotional materials like banners, video ads, coupons and discounts. These Addonsmash ads may be placed on banners, ad-boxes and pop-up windows. Programs that include code from Addonsmash may be released as extensions for browsers like Google Chrome and Mozilla Firefox...

Posted on December 14, 2016 in Adware

Antix Ransomware

The Antix Ransomware is a Trojan that is used in attacks on the Windows OS users and aims to convince them to transfer 0.25 Bitcoin (195 USD/183 EUR) to a wallet address. The initial release of the Antix Ransomware does not support encryption and behaves like the Trojan behind the Black Virus Lockscreen . Researchers noticed the Antix Ransomware in December 2016 and reported that it features screen locking capabilities. The Antix Ransomware Trojan can be injected into systems via corrupted documents attached to spam emails and fake updates to Adobe Reader from Adobe Systems Inc. The Antix Ransomware is designed to lock your screen when you log into Windows and demands the payment of 0.25 Bitcoin to allow you access to the desktop. The developer of the Antix Ransomware programmed the Trojan to disable the Command Line tool, the...

Posted on December 13, 2016 in Ransomware

PayDay Ransomware

The PayDay Ransomware was spotted by security analysts while investigating a Trojan associated with an image from the Payday game franchise from Overkill Software. Investigators report that the PayDay Ransomware is an encryption Trojan based on the Hidden Tear project published by Utku Sen on Github.com. The PayDay Ransomware ranks amongst threats such as the Satan666 Ransomware and the HappyLocker Ransomware . The PayDay Ransomware is aimed at PC users who speak Portuguese and leaves the email catsexy@protonmail.com for contact between victims and operators. Researchers note that the PayDay Ransomware can encrypt data hosted on local drives and removable storage such as USB drives and media players. You can recognize enciphered files by the ‘.sexy’ extension placed after the original file extension. For example,...

Posted on December 13, 2016 in Browser Hijackers

Kraken Ransomware

The Kraken Ransomware is named after the title of the ransom note displayed on the victim’s screen. Apparently, the designers behind the Kraken Ransomware are not as creative as those behind the Jigsaw Ransomware and the Mahasaraswati Ransomware , which include a mascot so to speak. The Kraken Ransomware is spread among users via spam emails, links that lead to compromised pages, and executable with a double extension that may appear as benign documents. The Kraken Ransomware is a standard encryption Trojan that is programmed to append the ‘.kraken’ suffix to encrypted files and encode their names using base64 algorithm. The Kraken crypto-threat is using the AES-256 cipher to encrypt the contents of data containers that are used to store images, presentations, audio, videos, databases and spreadsheets. We have...

Posted on December 13, 2016 in Rogue Anti-Spyware Program

SystemKeeperPro

The SystemKeeperPro software from Monterix Software is advertised at Systemkeeperpro.us as a system optimization and safety tool. Computer users are offered ‘a 9-in-1 ultimate tool which automatically fixes common system errors, optimizes system settings and cleans your PC’ according to Systemkeeperpro.us. SystemKeeperPro is shareware that supports a trial version that allows users to diagnose their system with SystemKeeperPro and receive a report on potential problems. However, you need to purchase a commercial license to address any problems found by SystemKeeperPro. Monterix Software offers licenses for two, three and five computers on your network and you may be welcomed to pay between $30 and $60 depending on your needs. SystemKeeperPro is deemed by computer experts as a Potentially Unwanted Program (PUP) since most...

Posted on December 13, 2016 in Possibly Unwanted Program

‘Your Computer is heavily damaged! (33.2%)’ Pop-Ups

The ‘Your Computer is heavily damaged! (33.2%)’ pop-ups are associated with a browser hijacking software that may affect Internet clients such as Google Chrome, Opera, Internet Explorer and Mozilla Firefox. The browser hijacker at hand may have arrived on your PC with a freeware bundle and run as a browser add-on. Security experts have received complaints from users that the ‘Your Computer is heavily damaged! (33.2%)’ pop-ups appear at random intervals and suggest there are viruses on their PCs. The ‘Your Computer is heavily damaged! (33.2%)’ notifications are known to be hosted on untrusted pages and display the following message: ‘DOWNLOAD REQUIRED Your Computer is heavily damaged! (33.2%) Please download PC Keeper™ application to remove (3) Viruses from your Pc. VIRUS INFORMATION...

Posted on December 12, 2016 in Adware

Bigslide.ru

The Bigslide.ru site is home to presentations on various topics. Bigslide.ru offers access to free presentations in the sphere of biology, geometry and twenty-six more areas of human knowledge. The owners of Bigslide.ru support open access to the presentations by showing commercial offers from sponsors. Visitors can use services like Steam, Vkontakte, Mail.ru, Facebook, and LinkedIn to create a profile on Bigslide.ru and build a playlist of favorite presentations for easy navigation. If you are interested in using Bigslide.ru for research purposes, you should take into consideration that the site supports only a version in Russian. Web surfers who do not know Russian and have trouble reading Cyrillic are not likely to stay on at Bigslide.ru for too long. We have received reports that Bigslide.ru is associated with a search service...

Posted on December 12, 2016 in Browser Hijackers

‘M4N1F3STO Virus’ Lockscreen

The ‘M4N1F3STO Virus’ Lockscreen is generated by a Trojan that is designed to fool the users into believing that the data on their computers was encrypted and about to be deleted. The developer of the ‘M4N1F3STO Virus’ requires the payment of 0.3 Bitcoin (234 USD or 221 EUR) to be made to a wallet address in case you don’t want your files to be deleted. The message shown by the ‘M4N1F3STO Virus’ Trojan resembles many variants we have seen with threats like the Cuzimvirus Ransomware and the BrLock Ransomware . There does not appear to be a connection between the Trojans mentioned before, and the ‘M4N1F3STO Virus’ Lockscreen may look like a joke to some users. However, the ‘M4N1F3STO Virus’ threat is no joke and can cause distress for many users since it can be...

Posted on December 12, 2016 in Ransomware

UltraLocker Ransomware

The UltraLocker Ransomware is a ransomware Trojan that is being used to attack computer users around the world. The UltraLocker Ransomware works in a way similar to most other ransomware Trojans, encrypting the victim’s files and then demanding that the victim pays a ransom in exchange for the decryption key. Essentially, the UltraLocker Ransomware takes the victim’s files hostage in exchange for ransom. Part of what makes the UltraLocker Ransomware attack so effective and these threats so popular is that even if the UltraLocker Ransomware infection itself is removed, the victim’s files will remain inaccessible. Unfortunately, modern encryption methods make it nearly impossible to recover the files that have been encrypted in these attacks; the same technology that allows us to keep our data safe, also allows these...

Posted on December 12, 2016 in Ransomware

‘Xbotcode@gmail.com’ Ransomware

The ‘Xbotcode@gmail.com’ Ransomware is a ransomware Trojan that is being used to trick computer users. The ‘Xbotcode@gmail.com’ Ransomware is being sold on the Dark Web. PC security researchers named the ‘Xbotcode@gmail.com’ Ransomware because of the email address that is used to contact the ‘Xbotcode@gmail.com’ Ransomware’s developers. Some anti-virus programs will detect the ‘Xbotcode@gmail.com’ Ransomware as the ‘Source Code’ Ransomware because its source code is freely available in several different versions. The ‘Xbotcode@gmail.com’ Ransomware is being offered to con artists as a RaaS (Ransomware as a Service) platform that allows anyone to create ransomware campaigns and profit at the expense of victims around the world. By using a botnet to...

Posted on December 12, 2016 in Ransomware

Levis Locker Ransomware

The Levis Locker Ransomware is named after the media creator LewissTechYT whose photo is incorporated into the lockscreen used by the Ransomware. The Levis Locker Ransomware was discovered while researchers were looking into spam emails carrying suspicious files. The distribution scheme for the Levis Locker Ransomware involves logos from trusted companies, banks, and NGOs with the aim to convince users into opening a macro-enabled attachment. The Levis Locker Ransomware is a Trojan that is designed to lock the screen of the user and display a rather disturbing message. The Levis Locker lock screen features accusations that the user is engaged in browsing illegal materials including child pornography, bestiality, torture and rape. These allegations are more than likely to trigger an angry reaction from many users. The successful...

Posted on December 12, 2016 in Ransomware