HeadlineAlley Toolbar is a potentially unwanted program/toolbar, which is produced by MindSpark. While HeadlineAlley Toolbar can really help web users who are interested in the latest news and gossips, it has some annoying things. When installing HeadlineAlley Toolbar on the computer system, various components come bundled with it. HeadlineAlley Toolbar can install ActiveX Control component, Toolbar browser helper object (BHO) and Search Assistant browser helper object. HeadlineAlley Toolbar can also be able to substitute the default homepage and default search engine on the compromised Internet browser with a closely related dubious search system Mywebsearch.com. HeadlineAlley Toolbar...
A fake Windows Firewall will often appear in the event of a rogue security program infection. These are malware threats that disguise themselves as legitimate security programs. As part of their attack, they will often replace the real Windows Firewall with their own fake Windows Firewall. This is part of a con game designed to rob money from novice computer users. These kinds of fake security applications tend to use highly realistic messages and tactics to fool computer users into believing that they are actually the real thing. If fake Windows Firewall seems to have been activated on your computer, this is usually a clue that your machine has been compromised by a rogue security program. It is important to ignore all recommendations and messages from the fake security program responsible for the fake Windows Firewall and instead remove the fake Windows Firewall with a reliable...
Posted on April 25, 2013 in Malware
Trojan.Spamats is a Trojan that opens a back door and sends spam email messages from the corrupted PC. Once run, Trojan.Spamats creates the malevolent files. Trojan.Spamats creates the registry entry so that it can load automatically whenever you start Windows. Trojan.Spamats then opens a back door on the targeted PC and drops files from the specific web addresses.
Trojan.Spamats may then send spam messages from the infected computer system.
Trojan.Spamats has typically the following processes in memory:
%UserProfile%\Application Data\[RANDOM FILE NAME].exe
%Temp%\[RANDOM FILE NAME].exe
Trojan.Spamats creates the following registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"[COMPUTER SPECIFIC STRING]" = "[PATH TO TROJAN]"
Posted on April 24, 2013 in Trojans
W32.Inabot is a worm that proliferates through removable drives and network shares. W32.Inabot steals information from the corrupted PC. Once run, W32.Inabot creates the malevolent file. While being active, the original executable file is deleted in order to conceals occurrence on the targeted PC. W32.Inabot then creates the registry entry so that it can load automatically whenever you start Windows. W32.Inabot then connects to one of the command-and-control (C&C) servers and opens a back door on the affected computer system. W32.Inabot gathers information from the infected computer and transmits it to the remote cybercriminal. W32.Inabot can also initiate distributed-denial-of-service (DDoS) attacks through UDP or TCP flooding.
Posted on April 24, 2013 in Worms
Exploit:Java/CVE-2013-0431 is a malevolent Java application that is distributed via compromised websites and attacks PCs using a vulnerable version of Java. Exploit:Java/CVE-2013-0431 is a malevolent code that uses a vulnerability (CVE-2013-0431) to download and install other malware infections onto the affected computer system. Exploit:Java/CVE-2013-0431 is to be found during the course of Internet surfing, while the malware infections it distributed, if already downloaded, betray the vulnerability on the host machine.
Posted on April 24, 2013 in Malware
Priceblink Virus is a potentially unwanted program, which is recognized as an adware program. When Priceblink Virus enters the affected computer, it inserts an add-on on all web browsers, incorporating Google Chrome, Mozilla Firefox, and Internet Explorer.
Priceblink Virus displays a variety of pop-up advertisements, underlined words and alerts that reroute victimized PC users to doubtful websites. Priceblink Virus claims to offer information about price comparisons, promotions, coupons and similar stuff. Priceblink Virus takes over the hijacked Internet browser and repeatedly interrupts the attacked computer user's browsing sessions. Priceblink Virus can be installed by using several means. One of the means needs the PC user's awareness because it asks to install this software product manually. Priceblink Virus can also install itself on the corrupted PC without the victim's...
Posted on April 24, 2013 in Adware
Mutter is a malware threat that is included in the spear-phishing attack. Mutter is spread via spam email messages that contain infected documents that strive to fool affected recipients into clicking on the file, which would distribute Mutter malware. One of the documents is an article about Pakistan's unmanned aerial vehicle industry written by Aditi Malhotra, an Indian writer and associate fellow at the Centre for Land Warfare Studies in New Delhi. When downloaded, the Mutter malware opens a backdoor on the compromised PCs in order to receive commands from C&C servers and to transfer stolen information. To bypass the detection, Mutter is able to stay dormant for long periods of time so that it will finally be classified as safe by security programs.
Posted on April 24, 2013 in Malware
Trojan-Banker.Win32.BifitAgent is a banker Trojan that is generated to affect computer users of online banking program made by a company named 'BIFIT'. Trojan-Banker.Win32.BifitAgent executes two basic modules on the victimized PC user's computer, an executable file and a JAVA archive. Throughout installation, Trojan-Banker.Win32.BifitAgent creates the folder, to which it copies the malevolent files. In the course of its functioning, Trojan-Banker.Win32.BifitAgent also creates several named pipes. Thus, throughout the functioning of the Trojan-Banker.Win32.BifitAgent, the basic executable module, which is responsible for communicating with the command server, works simultaneously with the malevolent JAR files, permitting the cybercriminals to immediately alter any code running under JAVA while banking transactions are being executed. The attackers might 'sell' compromised PCs on which...
Posted on April 23, 2013 in Trojans
PUP.VShareRedir is a potentially unwanted program, which disables Google Chrome and other Internet browsers. Once installed on the corrupted PC, PUP.VShareRedir reduces the infected computer's performance, however, without damaging intentions. PUP.VShareRedir compromises the hacked web browser and leads to irritating diversions to dubious websites, specifically, to file sharing websites. PUP.VShareRedir is hard to find and uninstall from the targeted computer. PUP.VShareRedir can also block victimized computer users from accessing it on the attacked PC. Affected computer users should use a genuine anti-malware application to completely uninstall PUP.VShareRedir from the compromise PC.
The TorRAT malware is a remote access Trojan that is commonly associated with attacks on financial institutions. Like other remote access Trojans, the TorRAT malware is specifically designed to allow a third party to gain access to a computer from a remote location without the computer user's authorization. There's a recent wave of attacks which spread the TorRAT malware infections through malicious links on Twitter. According to reports received from affected computer users, hijacked Twitter accounts are used to share links that lead to attack websites that attempt to inject TorRAT malware into the victim's computer. If you have a reason to believe that your machine has been exposed to the TorRAT malware, ESG security researchers strongly advise to put into service an authentic anti-malware program to analyze your PC.
ESG malware researchers have dealt with the TorRAT malware...
Posted on April 23, 2013 in Malware
The Securebit Technologies (Securebit Technologies Free Antivirus) anti-malware program is a fake security program that criminals use to steal money from computer users. Fake anti-malware programs like Securebit Technologies are a component of a well used online scam that has been around for several years. Fake security programs like Securebit Technologies Free Antivirus use authentic-looking error messages to convince computer users that their machine requires the use of a security program in order to remove nonexistent Trojans, viruses and worms. However, trying to use Securebit Technologies to remove these supposed threats simply leads to error messages that try to convince the...
Posted on April 23, 2013 in Rogue Anti-Virus Program
The Morocco Sûreté Nationale Ransomware Trojan is a variant of the Reveton Trojan that targets computers located in Morocco. More specifically, the Morocco Sûreté Nationale Ransomware is part of a large number of Reveton variants that have appeared in 2013. These Reveton variants are characterized by their use of ransom messages written in Arabic, since they target countries in Northern Africa and in the Middle East and that they require the payment of the ransom by way of CashU, an online payment service that serves customers in this region. The use of CashU by the Morocco Sûreté Nationale Ransomware is similar to what occurs with variants of this threat in several parts of the globe. Just as Reveton variants located in Europe demand payment through Ukash and North American variants demand payment through MoneyPak, this new set of variants in the Reveton family demands...
Posted on April 23, 2013 in Ransomware
TROJ_EXTADB.US is a Trojan that is incorporated in a Facebook scam that seduces PC users into downloading a fake Adobe Flash Player plugin. TROJ_EXTADB.US may be distributed by other security infections. TROJ_EXTADB.US connects to specific websites to get and transfer information from particular domains. While being installed, TROJ_EXTADB.US will publish the same spam post using the target computer user's account, even tagging the victim's friends in the message.
Posted on April 22, 2013 in Trojans
TROJ_FAKEADB.US is a Trojan that is a component of a Facebook scam that attracts web users into downloading a fraudulent Adobe Flash Player plugin. TROJ_FAKEADB.US is distributed as a bogus Adobe flash via a fake webpage with so-called 90 Million Likes. For some Facebook users, this large number of Facebook likes may be enough for them to check the page out. It also means that the page is quite popular and may lead Internetusers into believing that it is genuine and safe. However, in actuality, this 91 million 'Likes' is imaginary at all and is simply a social engineering lure. When PC users visit the web page, they are instead diverted to this website. The page allegedly hosts an Adobe Flash Player plugin, found as TROJ_FAKEADB.US. If the victim downloads the plugin and surf the page via Google Chrome, the page will automatically close, and a Chrome extension file (.CRX file) is...
Posted on April 22, 2013 in Trojans
Trojan horse IRC/BackDoor.SdBot4.ADKD is a Trojan that is detected in by default restricted area of the infected computer system. Trojan horse IRC/BackDoor.SdBot4.ADKD involves system files, and the computer user is commonly asked in line with security policy for software environment concerned if such alterations are authorized by the person administrating the PC. Since Trojan horse IRC/BackDoor.SdBot4.ADKD can evade this procedure, it is clear that its installation involves a breach of basic security regulations. Trojan horse IRC/BackDoor.SdBot4.ADKD is associated with another malware infection that is responsible for its unclear invasion.
Posted on April 22, 2013 in Trojans