CryptoKill Ransomware

The CryptoKill Ransomware is a ransomware Trojan based on HiddenTear, an open source ransomware project that was released in 2016 for ‘educational purposes’ publicly. Since this ransomware Trojan was first released, countless variants of it have been used to carry out attacks on computer users. The CryptoKill Ransomware and numerous other ransomware threats have used this public accessible code to create numerous variants of the same hoax. New variants of ransomware, many of them using HiddenTear as their basis, are released every day. The CryptoKill Ransomware is integrated with the TOR network to carry out payments and communications with its Command and Control server, making it an effective ransomware Trojan capable of carrying out harmful attacks on its victims. The most common way of distributing the CryptoKill...

Posted on February 13, 2017 in Ransomware

‘MSSecTeam’ Tech Support Scam

The ‘MSSecTeam’ tech support scam involves a lock screen meant to trick computer users into paying large amounts of money. The ‘MSSecTeam’ tech support scam uses a fake message from the ‘Microsoft’s Security Team’ to alert the victim that the affected computer’s files have been encrypted, and then demanding the payment of a ransom. According to the ‘MSSecTeam’ tech support scam message, the victim’s files were encrypted because of ‘illegal activity.’ The ‘MSSecTeam’ tech support scam message claims that the ZhuangZi encryption was used to lock down the victim’s files. This is a non-existent encryption method, used to scare computer users into paying a ransom of 0.5 BitCoin, which is sent to the email address mssecteam@sigaint.org. Apart...

Posted on February 13, 2017 in Trojans

Xampp Locker Ransomware

The ‘Xampp Locker’ Ransomware is a ransomware Trojan that was first observed on February 13, 2017. The ‘Xampp Locker’ Ransomware is written using .NET and is based on HiddenTear, an open source ransomware Trojan that has been the basis for countless ransomware variants in the last year. The ‘Xampp Locker’ Ransomware is capable of carrying effective ransomware attacks against both individual computer users and large-scale targets such as corporate networks and servers. The ‘Xampp Locker’ Ransomware can be distributed in a variety of ways, ranging from the exploitation of weak passwords to corrupted email attachments. Compromised documents distributed using emails are the most common way in which con artists may distribute the ‘Xampp Locker’ Ransomware and other ransomware...

Posted on February 13, 2017 in Ransomware

Search.suchwowgames.com

Search.suchwowgames.com is a portal that is maintained by Eightpoint Technologies Ltd. and used to host most of the features presented with the SuchWowGames desktop application as stated on Free.suchwowgames.com/home/terms?source=. The SuchWowGames desktop application may make alterations to the settings in Google Chrome, Internet Explorer and Mozilla Firefox. The SuchWowGames program may change your new tab page layout and default search provider on Google Chrome to Search.suchwowgames.com. Internet Explore and Mozilla Firefox may be urged by Eightpoint Technologies Ltd. to set Search.suchwowgames.com as their start page, as well not just new tab design and search provider. When you enter keywords in the address bar and the Omnibar you should expect suggestions by Search.suchwowgames.com to be provided on a panel at the bottom. The...

Posted on February 13, 2017 in Browser Hijackers

Startsearch.info

Startsearch.info is a search service that is powered by a custom Google search engine. The engine powering Startsearch.info can be found at cse.google.bg/cse?cx=partner-pub-1798186880065655:9232981728 and features the name ‘POISK’ that is Russian for ‘Search.’ The Startsearch.info portal is not a trusted search service and may relay traffic via Counter.yadro.ru , which is linked to several representatives of the adware family of programs. PC security researchers note that users infected with adware like Everysale and Coupondo may be redirected to Startsearch.info and have their default search provider hijacked. Additionally, Web filters have detected that Startsearch.info was compromised on several occasions and included an iFrame that attempted to install unsigned and potentially threatening software on...

Posted on February 10, 2017 in Browser Hijackers

Youhomepage.org

The Youhomepage.org and the Newbornkittens.online domains that you may load from ads should no be trusted. Both domains may be used for misleading marketing campaigns that may lead users to spend hundreds of dollars on premium phone services, fake lotteries, and replicas of premium smartphones. Youhomepage.org and the Newbornkittens.online are reported by users who were suggested to complete a short questionnaire and participate in a lottery that would result in five lucky gentlemen and ladies getting an iPhone. Users that loaded Youhomepage.org and the Newbornkittens.online were welcomed to ask questions about Google, Microsoft, Facebook and Instagram. They had to choose from three answers and, regardless of their correct or incorrect choice, they would be redirected to pages like monclerfroutlets.com and suggested to provide their...

Posted on February 10, 2017 in Browser Hijackers

Fadesoft Ransomware

The Fadesoft Ransomware was first observed on February 9, 2017. The Fadesoft Ransomware seems to be related to the Erebus 2017 Ransomware , another known ransomware Trojan. These two, and the ever-merging other ransomware threats share a tactic that allows them to bypass the User Account Control (UAC) on the targeted computer and communicate with Command and Control servers using TOR. To bypass the UAC, the Fadesoft Ransomware alters the infected computer’s Registry to associate certain file types with the Fadesoft Ransomware’s executable, which then prompts the infected computer to run the Fadesoft Ransomware without activating the UAC. The Fadesoft Ransomware receives its name because the word ‘Fadesoft’ appears several times in the Fadesoft Ransomware’s code. When the Fadesoft Ransomware is...

Posted on February 10, 2017 in Ransomware

FPSeek.com

The Fpseek.com search portal is presented to users who value the Microsoft’s Bing and wish to explore an improved version of the search service. Web surfers may be interested to know that Fpseek.com is appraised quite a lot and is promoted to offer the best search results on the Open Web as stated on info.fpseek.com/AboutUs: ‘fpseek is an enhanced online search experience used by our users worldwide. Fast, simple, and easy to use, fpseek offers the best search results from across the web. Thanks to our collaboration with leading software providers, you can choose to install fpseek during setup and benefit from better online searches on your browser.’ The Fpseek.com site is associated with a browser add-on available for Google Chrome, Mozilla Firefox and Internet Explorer. The add-on may alter your new tab,...

Posted on February 10, 2017 in Browser Hijackers

Social Media Phishing Attacks Rise 500% in 2016 According to Startling Report

Social media has changed the world and how we communicate as we know it. Surprisingly, it has yet to be seen or definitively proven if social media has made everyone’s life better. While there are several ugly sides of social networks and social media, there is one apparent issue that has rose to show its face. The ugly face of social media has arisen in the form of surmounting phishing attacks taking place over multiple channels of the social Internet world. In fact, social media phishing, according to Proofpoint’s Quarterly Threat Summary from the last quarter of 2016, reveals that social media phishing attacks have climbed 500% throughout 2016. Phishing has long been a credible threat to unsuspecting computer users in that the act involves presenting a user with a bogus login page that mimics a legitimate login site...

Posted on February 9, 2017 in Computer Security

RunBooster

The RunBooster program by SkyNET Corporation has no official page and does not provide a contact information or a valid digital certificate. All the regular user has access to is its name and program files that appear to communicate with remote servers. Additionally, users may be flooded with marketing materials that carry slogans like ‘Ads by RunBooster,’ ‘Ads powered by RunBooster’ and ‘Sponsored by RunBooster.’ Computer security researchers alert that RunBooster is an adware that may be installed through free software bundles and fake update packages for Adobe Flash and Java. The RunBooster adware may use files with random names to avoid detection by AV scanners. There are hundreds of samples of the RunBooster adware that suggest the program is used to drive traffic to various shopping sites and...

Posted on February 9, 2017 in Adware

Ultimate Shopping Search

The Ultimate Shopping Search software is developed by the controversial company Saphire Max Media Co. Ltd. that released a browser with a built-in ad-blocker (Nomad Adblocker Browser) and a browser add-on (LottaDeals) that provides shopping recommendations for users in Germany. The Ultimate Shopping Search software is marketed as a shopping helper that is aimed at users based in the United States of America. Ultimate Shopping Search is a relative compact extension for Mozilla Firefox and Google Chrome users that manifests as a toolbar icon, which provides a search box. The input in the search box provided by the Ultimate Shopping Search extension leads users to a custom version of Yahoo! at Us.search.yahoo.com that include deals, coupons, and discounts suited to your area. The Ultimate Shopping Search by Saphire Max Media Co. Ltd. is...

Posted on February 9, 2017 in Browser Hijackers

DynA-Crypt Ransomware

The DynA-Crypt Ransomware refers to ransomware Trojans that are created using a ransomware creation key that is known as the ‘Dynamite Malware Creation Kit.’ The DynA-Crypt Ransomware encrypts the victims’ files using the AES encryption and identifies the files that have been encrypted with the file extension ‘.crypt.’ After encrypting the victim’s files, the DynA-Crypt Ransomware displays a pop-up window that demands a ransom payment from the victim. During the attack, the DynA-Crypt Ransomware can disable numerous Windows features and software, such as the Windows Task Manager or the Windows Firewall, delete software from the victim’s computer, and collect passwords that could be stored in the victim’s Web browsers. This sets the DynA-Crypt Ransomware apart from other ransomware Trojans...

Posted on February 9, 2017 in Ransomware

Digisom Ransomware

The Digisom Ransomware is a ransomware Trojan that enters a computer silently, without alerting the victim of its presence until the attack has been carried out. Like other ransomware Trojans, the Digisom Ransomware encrypts the victim’s files and then demands the payment of a ransom in exchange for the decryption key required to restore the affected files. During its encryption attack, the Digisom Ransomware will rename the affected files by appending the string ‘[three random characters].x’ to the end of the file’s extension. After encrypting the victim’s files, the Digisom Ransomware will alter the infected computer’s Desktop image so that it becomes a black screen, and drops ten text files on the Desktop with names like ‘the Digisom Readme0.txt,’ ‘the Digisom Readme1.txt,’...

Posted on February 9, 2017 in Ransomware

UpdateHost Ransomware

The UpdateHost Ransomware is a ransomware Trojan that was first observed in February 2017. The UpdateHost Ransomware is a significant threat to computer users. Like other ransomware Trojans, the UpdateHost Ransomware is designed to take over the victims’ computers specifically, preventing them from accessing their files as normal. The UpdateHost Ransomware and other ransomware Trojans carry out attacks where access to the victim’s computer or files is blocked in some way, through a lock screen or by encrypting the victim’s files. Then the victims are asked to pay a ransom to regain access to their own device. Computer users should take precautions to ensure that their computers are protected against the UpdateHost Ransomware and similar ransomware Trojans. The UpdateHost Ransomware has been carrying out attacks...

Posted on February 9, 2017 in Ransomware

GetFitNow New Tab

The GetFitNow New Tab software works as a browser add-on for Google Chrome, Internet Explorer and Mozilla Firefox. Web surfers that would like to improve their fitness routine, food habits, and live a healthier life can find GetFitNow New Tab at Getfitnow.co/Health?. The GetFitNow New Tab program is created by Polarity Technologies Ltd. that we have mentioned in our articles about BookmyFlight , Classifieds Easy and Package Track . The GetFitNow New Tab program is designed to make changes to the start page, new tab page, and search settings within your browser. The new configuration implemented by GetFitNow New Tab may differ across browsers. Google Chrome users may be provided with a new tab that loads Search.getfitnow.co; Mozilla Firefox and Internet Explorer users may have their homepages and new tabs set to Search.getfitnow.co...

Posted on February 9, 2017 in Potentially Unwanted Programs