Levis Locker Ransomware

The Levis Locker Ransomware is named after the media creator LewissTechYT whose photo is incorporated into the lockscreen used by the Ransomware. The Levis Locker Ransomware was discovered while researchers were looking into spam emails carrying suspicious files. The distribution scheme for the Levis Locker Ransomware involves logos from trusted companies, banks, and NGOs with the aim to convince users into opening a macro-enabled attachment. The Levis Locker Ransomware is a Trojan that is designed to lock the screen of the user and display a rather disturbing message. The Levis Locker lock screen features accusations that the user is engaged in browsing illegal materials including child pornography, bestiality, torture and rape. These allegations are more than likely to trigger an angry reaction from many users. The successful...

Posted on December 12, 2016 in Ransomware

Mynetspeed.co

The MyNetSpeed.co extension promoted on Mynetspeed.co is said to help users check their Internet speed and keep up with how their Internet Service provider performs. The MyNetSpeed.co extension is supposed to support Internet Explorer, Google Chrome, and Mozilla Firefox, which are widely used by Web surfers. The MyNetSpeed.co extension may make several changes to the user’s default Internet client, which include changing the homepage to Mynetspeed.co/homepage/homepage.html?id=11192 and modifying the new tab page to include widgets named ‘Speed Test by Ookla’ and ‘Fast.com powered by Netflix.’ The page on Mynetspeed.co/homepage/homepage.html?id=11192 features a clock based on your approximate location, which is determined by reading your IP address. Your new homepage offers access to Fast.com and...

Posted on December 9, 2016 in Browser Hijackers

Discretesearch.com

Security analysts report that the Discretesearch.com website is connected to a browser hijacker that may be released to PC users as a search helper included in free program bundles. The Discrete Search browser hijacker is promoted as a search add-on that can enable users to perform untraceable search tasks unlike the services provided by Google, Bing and Yahoo. While these services are safe, they use tracking cookies to analyze Web traffic and show advertisements that generate revenue and pay for server maintenance, staff and new features. Discretesearch.com claims to offer a search functionality without the tracking cookies, as well as incorporate a Perfect Forward Secrecy (PFS) technology. PFS allows better security compared to SSL connections because tokens used to encode your link are generated with each command on...

Posted on December 9, 2016 in Browser Hijackers

QuickWeatherAlert Toolbar

The QuickWeatherAlert Toolbar software is developed by Mindspark Interactive Network, Inc. and can be downloaded at Free.quickweatheralert.com. Web surfers that are using Google Chrome, Internet Explorer and Mozilla Firefox for their online activity can install the QuickWeatherAlert Toolbar for free. Mindspark does not charge users who install the QuickWeatherAlert Toolbar. The QuickWeatherAlert software is promoted to help users get local weather forecast including the forecast for parts of the country you are interested in. Data regarding weather is pulled by the QuickWeatherAlert Toolbar from several sources and arranged in news feed. The QuickWeatherAlert Toolbar is designed to introduce several changes to your browser, which include altering your new tab page. You may be urged to allow QuickWeatherAlert set a new homepage for...

Posted on December 9, 2016 in Possibly Unwanted Program

‘.VforVendetta File Extension’ Ransomware

The ‘.VforVendetta File Extension’ Ransomware is packed as a Trojan that you may come in contact when you enable a macro in documents downloaded from spam emails. The ‘.VforVendetta File Extension’ Ransomware is a version of the SamSam Ransomware , which we covered in an article in April 2016. The variant ‘.VforVendetta File Extension’ Ransomware may have been inspired from the movie ‘V for Vendetta’ from 2005, which introduced the Guy Fawkes mask worldwide and later became the symbol of the hacktivist group Anonymous. As its name suggests, the ‘.VforVendetta File Extension’ Ransomware is named after the marker placed on encrypted objects. For example, ‘Lockheed Martin F-22 Raptor.pptx’ is transcoded to ‘Lockheed Martin F-22 Raptor.pptx..VforVendetta’....

Posted on December 9, 2016 in Ransomware

‘_morf56@meta.ua_ File Extension’ Ransomware

The ‘_morf56@meta.ua_ File Extension’ Ransomware is an encryption Trojan that is named after the marker it uses to notify the users about the data encryption. The files affected by the ‘_morf56@meta.ua_ File Extension’ Ransomware feature the ‘_morf56@meta.ua_’ suffix appended after the default file extension. For example, ‘Essexite rock.docx’ will be encrypted to ‘Essexite rock.docx_morf56@meta.ua_’ and you may need to do another report on a silica-undersaturated mafic plutonic rock. The ‘_morf56@meta.ua_ File Extension’ Ransomware is a Trojan that is spread among Windows users via a spam campaign that carries macro-enabled documents. As you may know, the macro functionality in digital documents is abused by threat actors to deliver threats. Security researchers...

Posted on December 9, 2016 in Ransomware

Supermagnet@india.com Ransomware

The ‘Supermagnet@india.com’ Ransomware is a Trojan that is a variant of the Dharma Ransomware . The ‘Supermagnet@india.com’ Ransomware is named after the email left for negotiations between operators and users affected by the Trojan. Reports from users show that the distribution campaign for the ‘Supermagnet@india.com’ Ransomware is centered on using dummy spreadsheets that have an embedded macro. The content of the dummy spreadsheets that serves as a decoy and as a message to enable macro is placed on the top of the document. Users who are lead to open the spreadsheet may enable the macro functionality in their office clients and run the macro. Windows interprets the macro as a command to download and run an executable with elevated privileges. Researchers note that the...

Posted on December 8, 2016 in Ransomware

Crypt.Locker Ransomware

The Crypt.Locker Ransomware is an encryption Trojan that behaves similarly to the Jigsaw Ransomware . The distributors of the Crypt.Locker Ransomware utilize spam emails to deliver threat droppers to users. In most cases, the users are welcomed to open a payment notification from an online store and a bank to confirm a purchase made recently. The designers of the spam messages are known to use copyrighted images and logos to convince users to open a macro-enabled document. Threats like the Crypt.Locker Ransomware and Satan666 Ransomware are known to land on computers after a macro was executed, which introduced the crypto threat into the system. Security researchers note that the Crypt.Locker Ransomware uses a reliable AES-256 cipher to lock data and may come with a fake digital certificate. The encryption engine of the...

Posted on December 8, 2016 in Ransomware

Popcorn Time Ransomware

The ‘Popcorn Time’ Ransomware was reported by security researchers that stumbled upon samples submitted on the Google’s VirusTotal. Snippets of code were shared on forums hosted on the TOR-Network and investigators determined that the ‘Popcorn Time’ Trojan is still under development at the time of writing this. The ‘Popcorn Time’ Ransomware does not appear to introduce new features regarding file encryption and works similarly to well-known threats such as the Crysis Ransomware and TeslaCrypt . Security experts note that the ‘Popcorn Time’ Ransomware can be packed easily as a file with a double extension and released with a wave of spam emails sooner rather than later. Samples of the ‘Popcorn Time’ Ransomware show that its authors may have drawn inspiration from...

Posted on December 8, 2016 in Ransomware

DiscoverLiveRadio Toolbar

The DiscoverLiveRadio Toolbar is advertised by adware and legitimate ads as a valuable addition to browsers such as Google Chrome, Internet Explorer, Opera and Mozilla Firefox. The DiscoverLiveRadio Toolbar is a product of Mindspark Interactive Network, Inc., which released the MyRadioAccess Toolbar , the Easy Radio Access Toolbar and the Your Radio Now . The DiscoverLiveRadio Toolbar is offered at Free.discoverliveradio.com for free download and usage as long as you tolerated advertisements from affiliate marketers. The DiscoverLiveRadio Toolbar may change your new tab page settings and load a customized version of Hp.myway.com, which may include ads from sponsors. Additionally, users of Internet Explorer and Mozilla Firefox may be urged by Mindspark to set Hp.myway.com/discoverliveradio/ttab02/index.html as their home page....

Posted on December 7, 2016 in Possibly Unwanted Program

Driver Updater Plus

The Driver Updater Plus is developed by Jawego Partners LLC and offered for download at Driverupdaterplus.com. The Driver Updater Plus software is promoted to solve driver problems with printers, keyboards, Webcams and other peripheral devices. According to Driverupdaterplus.com, the Driver Updater Plus supports all versions of Windows as far back as Windows XP. Computer users that cannot find the right driver for their hardware could download a trial version of the Driver Updater Plus and diagnose problems on their PCs. Additionally, the Driver Updater Plus is said to give an overview of outdated drivers and backup existing drivers. However, you might want to know that Jawego Partners LLC is known to release riskware, which we have covered in our articles on Super PC Cleanup , PC Protector Plus and PC Clean Plus . Researchers...

Posted on December 7, 2016 in Possibly Unwanted Program

Vo_ Ransomware

The Vo_ Ransomware was discovered in December 2016, five months after the SQ_ Ransomware emerged on security reports. Both threats are encryption Trojans that are delivered to potential victims via spam emails. Additionally, the Vo_ Ransomware is a slightly improved version of the SQ_ Ransomware, and both Trojans come from the same developers according to security experts. The spam emails carrying the dropper for the Vo_ Ransomware appear to feature logos from banks and online stores and urge the user make a payment referred in the invoice attached. Needless to say, users are asked to open a macro-enabled document, which is designed to install the Vo_ Ransomware Trojan in the background. When the Vo_ Ransomware is installed, it determines what type of drives can be accessed and how many files should be encrypted. The Vo_ Ransomware...

Posted on December 7, 2016 in Ransomware

Phoenix Ransomware

When the Phoenix Ransomware was first mentioned amongst security researchers, the Trojan was still in development. Researchers found the threat while digging in reports submitted to the Google’s VirusTotal platform and going on the Dark Web. Samples recovered from reports provided threat investigators with the executable to analyze, and they reveal interesting facts. The Phoenix Ransomware appears to be in development at the time of writing this. However, the Phoenix Ransomware is compact in size and can be deployed with spam emails as a file with a double extension, which may pass as a simple invoice easily. The researcher Utku Sen published an educational crypto-threat on the Github platform, which was used by threat actors to develop threats like the KimcilWare Ransomware and the HappyLocker Ransomware . The same source...

Posted on December 7, 2016 in Ransomware

GoldenEye Ransomware

The GoldenEye Ransomware is an encryption Trojan that is pushed as an improved version of the Petya Ransomware, which surfaced in March 2016. The GoldenEye Ransomware was brought to the attention of security researchers in December 2016. Spam emails aimed at human resource departments were found to carry a corrupted spreadsheet that featured a macro. As you well know by now, the macro is widely abused by threat actors to deliver threats like the Al-Namrood Ransomware and the Osiris Ransomware . PC users that work with CVs on a daily basis appear to be among the primary targets of the GoldenEye Ransomware since they are likely to open a document from an unknown sender. The macro script used to deliver the GoldenEye Ransomware is designed to write base64 encoded strings into an executable file that is stored in the Temp directory....

Posted on December 7, 2016 in Ransomware

‘Add Extension’ Pop-Up

An ‘Add Extension’ pop-up may indicate that a website is trying to install an extension to the Chrome Web browser automatically, a method that may result in adware infections or a variety of other problems. Extensions loaded through the ‘Add Extension’ pop-ups may not be associated with the Google Chrome Web Store. The ‘Add Extension’ pop-up, rather, may be generated by suspicious Java scripts loaded on Web pages with dubious content. Computer users have reported that, when visiting these types of pages, they find an ‘Add Extension’ button that does not disappear, even when using pop-up blockers such as those that are included in Web browsers like Mozilla Firefox or Google Chrome. Some pop-up blockers by third parties have been effective in hiding the ‘Add Extension’ pop-up or...

Posted on December 6, 2016 in Adware