More Articles


The Motsob Trojan is part of a Java-based malware attack that redirects computer users to an attack website in order to install dangerous Trojans on the victim's computer. Motsob has been associated with social engineering attacks involving the explosion of a fertilizer plant in Waco, Texas. Victims are enticed to click on a link leading to a news video with sensationalist subject lines referencing this unfortunate news event. However, clicking on the link actually leads to a Motsob attack which infects the victim's computer with a variety of Trojans and worms that pose a severe threat to the victim's computer and privacy. There have been Motsob attacks in association with other breaking news stories, the most recent of which is the bombing of the Boston Marathon. The social engineering aspect of the Motsob attack is probably the most important part of its infection process. Motsob...

Posted on April 22, 2013 in Trojans

State of Qatar Ministry of Interior Virus

The State of Qatar Ministry of Interior Virus is a Police Rasomware Trojan that affects systems with an IP address located in the State of Qatar. ESG security researchers strongly recommend against following the instructions contained in the State of Qatar Ministry of Interior Virus message and consider this Police Ransomware Trojan a severe threat to computer users in the Middle East region. Rather, the State of Qatar Ministry of Interior Virus should be removed with a reliable anti-malware program. What is the Purpose of Police Ransomware Trojans Like the State of Qatar Ministry of Interior Virus Scams like the State of Qatar Ministry of Interior Virus originated in the Russian Federation as early as 2006. Early versions of these scams demanded payment through SMS messages. However, after spreading to the rest of Europe, they started to demand payment through the Ukash...

Posted on April 22, 2013 in Ransomware

Ministry of Interior Kingdom of Saudi Arabia

The 'Ministry of Interior, Kingdom of Saudi Arabia' Virus is actually a ransomware Trojan that affects computer users located in Saudi Arabia. There are numerous variants of the 'Ministry of Interior, Kingdom of Saudi Arabia' Virus, all of which are Police Ransomware Trojans that affect computers in the Middle East. These kinds of scams have been active for several years in other regions of the world, originating in the Russian Federation, spreading from there to Europe and North America and eventually to the rest of the world. Like its many clones, the 'Ministry of Interior, Kingdom of Saudi Arabia' Virus demands payment of its ransom through CashU, an online payment service that is used by people in the Middle East. It is important to know that CashU is a legitimate service that has no direct association with the makers of the 'Ministry of Interior, Kingdom of Saudi Arabia' Virus....

Posted on April 22, 2013 in Ransomware

Disguised ‘BadNews’ Android Malware Apps Potentially Downloaded 9 Million Times

Mobile malware is exploding at exponential rates as security experts from Lookout Mobile Security discover a family of malware called 'BadNews' disguised as advertisements. Surely the name of this new family of Android malware is properly named as it is very 'badnews' to know that between 2 million and 9 million Android users have potentially downloaded this new-found malware . Lookout Mobile Security posted on their blog updates to this terrifying discovery where the malware was found in 32 apps across four different developer accounts within the Google Play store. As many as half of the apps potentially laced with malware were found to be in Russian and AlphaSMS. Among the SMS apps some of them were found to be involved in premium rate SMS fraud in the Russian Federation and surrounding regions. The way in which these 'BadNews' malware apps work is by pretending to...

Posted on April 21, 2013 in Computer Security


You may be sick of hearing about malware and the many strategies being employed daily, if not by the minute, to defraud and cheat you out of money and legal use of your system resources. However, cybercriminals love what they do and never tire of stealing your money, identity or system resources to further their personal goals. They've released a new threat to take advantage of the Boston terrorist attack and explosion, where the manhunt alone captivated more than 40 million of TV watchers alone. The attack continues to be covered by media channels across the board, which is why malware makers of Trojan-PSW.Win32.Tepfer feel it a good opportunity to capitalize on the emotions of PC users so anxious to learn more about those responsible, particularly the why, when and how. There is a rotation of subject matters, for example: 2 Explosions at Boston Marathon Explosion at...

Posted on April 19, 2013 in Trojans

Microsoft Reveals PCs without Antivirus Protection are 5.5-Times More Likely to Get Malware

It would be a safe bet to place all of your money on the idea of your PC becoming infected with some form of malware through a year's time. It would also be a relatively safe bet to guess that computers without antivirus protection are more likely, as much as 5.5 times more likely to get malware infections, according to the latest Microsoft Security Intelligence Report. The Microsoft Security Intelligence Report is an exclusive analyses released twice a year from data gathered over the threat landscape of malware, exploits and vulnerabilities from internet services and over 600 million computers around the world. In the latest Microsoft Security Intelligence Report, it was concluded that computers running while connected to the Internet are about 5.5 times more likely to get malware infections. Although, it seems to be a no-brainer for systems running unprotected will be...

Posted on April 19, 2013 in Computer Security


Backdoor.Matsnu.B is a backdoor Trojan that opens a back door on the attacked PC. Once run, Backdoor.Matsnu.B creates copies of itself as one of the harmful files.Backdoor.Matsnu.B creates the registry entries so that it can load automatically whenever the computer owner starts Windows. Backdoor.Matsnu.B connects to one of the domains and waits for instructions from the remote cybercriminal. Backdoor.Matsnu.B downloads and runs files, updates the list of domains, updates itself, deletes all files and folders in any hard drives found and overwrites the first 10,000 bytes in fixed hard drives and deletes the specific files. Type: Backdoors Backdoor.Matsnu.B has typically the following processes in memory: %Temp%\[RANDOM FILE NAME].exe %UserProfile%\[RANDOM FILE NAME].exe %UserProfile%\Application Data\[RANDOM FILE NAME].exe %DriveLetter%\

Posted on April 19, 2013 in Backdoors


Backdoor.Mudsy is a backdoor Trojan that opens a back door on the contaminated computer system. Backdoor.Mudsy is usually distributed by a specially crafted RTF document exploiting the Microsoft Windows Common Controls ActiveX Control Remote Code Execution Vulnerability (CVE-2012-0158). Once run, Backdoor.Mudsy creates the damaging files on the compromised PC. The document.doc file downloaded by Backdoor.Mudsy is not damaging. Backdoor.Mudsy creates the registry entries so that it can load automatically whenever the computer user starts Windows. Backdoor.Mudsy connects to port 8081 on the particular IP address. Backdoor.Mudsy may fulfill harmful activities such as download and upload files, run commands and delete registry 'Run' keys. Type: Backdoors Backdoor.Mudsy has typically the following processes in memory: %Temp%\update.exe %System%\msdap.dll...

Posted on April 19, 2013 in Backdoors


Trojan-Spy.Win32.Zbot.jqye is one of the most popular variants of the Zeus Trojan. Trojan-Spy.Win32.Zbot.jqye is usually distributed using social engineering scams, often in the form of spam email messages containing fake notifications from various types of companies and services. Like most Zeus Trojan variants, Trojan-Spy.Win32.Zbot.jqye is designed to steal banking information. To do this, Trojan-Spy.Win32.Zbot.jqye keeps track of keystrokes on the infected computer's keyboard and also steals information directly from the infected web browser. Trojan-Spy.Win32.Zbot.jqye can also be utilized to retrieve sensitive information such as email and social media passwords and sensitive files. Trojan-Spy.Win32.Zbot.jqye and Other Zeus Trojan Variants Variants of the Zeus Trojan were first detected in 2007 and have been used in thousands of high profile malware attacks. There are...

Posted on April 19, 2013 in Trojans


Troj/ExpJS-II is part of a malicious Java-based attack used to infect computers without the computer user's knowledge. Troj/ExpJS-II has been used in several attacks that take advantage of breaking news stories in order to convince computer users to visit websites containing videos or news stories. These websites are actually designed to redirect computer users to an attack website without their knowledge. In the case of Troj/ExpJS-II, this malicious infection was in an attack that attempted to convince computer users to view a video containing news about the fertilizer plant explosion in Waco, Texas. This same scam is concurrently being carried out with malicious messages claiming to contain information about the Boston Marathon bombing. The Social Engineering Scam Associated with Troj/ExpJS-II Computer users initially receive a spam email message with a subject line claiming...

Posted on April 19, 2013 in Trojans

CashU Virus

CashU is a legitimate online payment company that is very popular in the Middle East. This company provides a valuable service by allowing computer users in this region to make online payments without needing access to internationally recognized credit cards or websites that may be blocked in this region of the world. Unfortunately, since late 2012 this company's good name has been sullied because of the use of this payment service in a scam commonly referred to as the CashU Virus or CashU scam. The same thing has been happening in Europe with the Ukash money transfer service and in North America with MoneyPak, both online payment services being used by criminals demanding the payment of a ransom in various ransomware schemes. Basically, criminals create Trojan infections that block access to the infected computer. Commonly known as Winlockers , these kinds of infections impersonate...

Posted on April 19, 2013 in Viruses

Hashemite Kingdom of Jordan Ransomware

The Hashemite Kingdom of Jordan Ransomware Trojan is a malware infection that targets computers with an IP address in the Kingdom of Jordan. There are numerous variants of the Hashemite Kingdom of Jordan Ransomware, all designed to attack computers with IP addresses in the Middle East. This is simply an update of a highly used scam that has been around for several years. Initially confined to the Russian Federation, it gradually spread throughout Europe and then, in 2012, to North America. The Hashemite Kingdom of Jordan Ransomware is simply the variant of this scam targeting computers in Arabic-speaking countries. These variants are characterized by their use of CashU to extract their ransom. This is a legitimate money transfer service that caters to costumers in this region of the world. How the Hashemite Kingdom of Jordan Ransomware Scam Works Once the victim's computer is...

Posted on April 19, 2013 in Ransomware

Scammers Exploit Boston Marathon Bombings to Spread Malware Attacks

The unfortunate bombing events that took place during the Boston Marathon are truly a tragedy, which scammers have already exploited to aid creative malware campaigns spreading multiple types of threats. It is almost expected, as if this world does not have enough cruel people, that hackers and cybercrooks look to popularized tragedies and news events to exploit , so they may have a basis of spreading malware. The latest online scam related to the Boston Marathon bombings is one that is using the disastrous event's subject to populate the headers of one out of every five spam messages. It didn't take scammers but a few hours after the incident to start exploiting users through aggressive spam campaigns spreading emails with subject lines related to the Boston explosion. Many of the subjects for these outlandish spam messages read 'Aftermath to Explosion at Boston Marathon'...

Posted on April 18, 2013 in Computer Security


W32/Kryptik.AX!tr is an FTP Trojan that comes bundled with UPX and, when unpacked, it has its own mechanisms in place to prevent emulation. W32/Kryptik.AX!tr collects details of a corrupted host's FTP servers. W32/Kryptik.AX!tr watches for many well-known FTP applications that incorporate 'Ghisler's Windows and Total Commander', 'Far FTP', 'GlobalSCAPE CuteFTP', 'WS_FTP' and 'FlashFXP'. W32/Kryptik.AX!tr queries the Windows Registry for the path of either an .ini or .dat file. W32/Kryptik.AX!tr can also query for the actual host, username and password associated with the particular FTP client program via registry subkeys. Also, if possible, W32/Kryptik.AX!tr also checks the ShSpecialFolder for the occurrence of identified FTP client directories and then manually looks for both the .ini and .dat files. For CuteFTP, W32/Kryptik.AX!tr queries the Windows Registry, and aside from querying...

Posted on April 18, 2013 in Trojans


JS:Includer-FR is a Javascript Trojan that takes over numerous features of computer systems and websites. JS:Includer-FR may completely restrict the victim from accessing the attacked PC. To restore access to the computer, the affected computer user should uninstall JS:Includer-FR from the infected computer with a reputable anti-malware tool. Payload of JS:Includer-FR includes various directions covering blocking access to resources, both online and hard drive memory.

Posted on April 18, 2013 in Trojans
previous  152  153  154  155  156  157  158  159  160  161  162  163  164  165  166  167  168  169  170  171  172  next     total items: 11429