‘Final-urgent-trojan-notification-about-window-error-http4004.site’ Pop-Ups

The ‘Final-urgent-trojan-notification-about-window-error-http4004.site’ pop-up alerts in your browser are not to be trusted. The ‘Final-urgent-trojan-notification-about-window-error-http4004.site’ pop-up alerts are generated on a phishing site that uses a modified screenshot of Support.microsoft.com to claim credibility. Support.microsoft.com is the official support site of the Microsoft Corp. and con artists often use a screenshot of the portal to fool users into thinking that they are redirected to a legitimate technical support service. The Final-urgent-trojan-notification-about-window-error-http4004.site domain is registered to the 43.255.154.95 IP address and is blacklisted by most Web filters including Google Safebrowsing, Sucury and Quttera. Web surfers should avoid interaction with content on...

Posted on November 11, 2016 in Adware

‘.UCRYPT File Extension’ Ransomware

The ‘.UCRYPT File Extension’ Ransomware is one of the countless variants of the Globe Ransomware that have appeared in Fall of 2016. The ‘.UCRYPT File Extension’ Ransomware was first observed in November of 2016. The ‘.UCRYPT File Extension’ Ransomware carries out a fairly typical ransomware infection that, unfortunately, is quite effective. It is clear that con artists, though constant tweaking of their models have made ransomware threats that are ever more difficult to prevent or recover from. The ‘.UCRYPT File Extension’ Ransomware is being distributed through a corrupted DOCX file that is attached to spam email messages specifically. This file exploits macros on the Microsoft Office, allowing the ‘.UCRYPT File Extension’ Ransomware to be downloaded and installed on the...

Posted on November 11, 2016 in Ransomware

‘.GSupport3 File Extension’ Ransomware

The ‘.GSupport3 File Extension’ Ransomware has received attention because it is one of the numerous Globe Ransomware variants that have appeared since October 2016. First released in November, the ‘.GSupport3 File Extension’ Ransomware carries out a typical ransomware attack to extract payments from its victims. Numerous variants of the ‘.GSupport3 File Extension’ Ransomware being distributed simultaneously, making the work of PC security analysts and security software more difficult substantially, when it comes to defeating these threats. Like most other ransomware variants in this family, the ‘.GSupport3 File Extension’ Ransomware is being distributed using corrupted spam email attachments and online ads. The ‘.GSupport3 File Extension’ Ransomware receives its name because,...

Posted on November 11, 2016 in Ransomware

‘.blackblock File Extension’ Ransomware

PC security analysts have received reports of attacks involving numerous new variants from the Globe Ransomware family. The ‘.blackblock File Extension’ Ransomware is one of these many variants, which carry out a typical encryption ransomware attack on their victim’s computers. The ‘.blackblock File Extension’ Ransomware is being distributed through corrupted email attachments contained in spam email messages. These corrupted emails may be designed to appear as if a legitimate company, often a social media platform like Facebook or Instagram, has sent them. The email will be designed to trick computer users into downloading and opening the corrupted attached file. The compromised email attachments being used to distribute the ‘.blackblock File Extension’ Ransomware tend to exploit...

Posted on November 11, 2016 in Ransomware

‘Microsoft.windowssupport0901.online’ Pop-Ups

The Microsoft.windowssupport0901.online domain is blacklisted by many AV vendors and Web filtering services like Google Safebrowsing, Quttera and Sucuri. The microsoft.windowssupport0901.online domain is used to promote technical support from unlicensed companies and direct users to install riskware. We have seen several clones of the microsoft.windowssupport0901.online portal that are hosted on the 185.93.1.22 IP address and include: Microsoft.windowssupport0803.online T.echsupport1209.site Su.pport1309.site There are reports that suggest users may be redirected to microsoft.windowssupport0901.online and related pages by clicking on corrupted links, ads displayed by adware and browser hijacking software. Security experts note that the microsoft.windowssupport0901.online domain features a JavaScript code that may cause...

Posted on November 10, 2016 in Adware

‘877-786-0114’ Pop-Ups

The ‘877-786-0114’ pop-up windows should not be trusted. The ‘877-786-0114’ pop-up notifications are hosted on blacklisted sites because they are used to promote fake technical support services. Researchers have spotted several pages that advertise computer assistance on the 877-786-0114 toll-free phone line which include: Cyber-protection-alert.faith Cyber-protection-official.host Cyber-security-alert.tech Cyber-security-warning.download The ‘877-786-0114’ alerts are triggered when a user clicks on a corrupted link, ads generated by adware, or a browser hijacker redirects the user to a phishing portal. Services like Google Safebrowsing, Websense Web Filter, and Sucuri aim to protect users from content related to the ‘877-786-0114’ pop-ups, and you should not ignore warnings...

Posted on November 10, 2016 in Adware

Heimdall Ransomware

The Heimdall Ransomware is an open source ransomware Trojan that is designed to target Web servers. The Heimdall Ransomware was released publicly. The Heimdall Ransomware is coded using PHP and can be utilized to allow attackers to encrypt data on Web servers. The Heimdall Ransomware was taken down from GitHub after a Brazilian coder uploaded it. It is likely that the amateur con artists that tend to rely on open source ransomware Trojans will find copies of the Heimdall Ransomware, though. The Heimdall Ransomware’s creator describes the Heimdall Ransomware on GitHub as follows: ‘The Heimdall is a ransomware file writte in PHP language and it run in services web the Heimdall encrypted all files with a password register and only decrypted files with this password’ To clear up why the Heimdall Ransomware was...

Posted on November 10, 2016 in Ransomware

PaySafeGen Ransomware

The PaySafeGen Ransomware receives its name because this encryption ransomware Trojan demands that victims pay their ransom using PaySafeCard. This type of payment was fairly common in early ransomware attacks from several years ago. Modern ransomware Trojans tend to favor payments carried out using BitCoin. Perhaps the appearance of the PaySafeGen Ransomware indicates a trend towards older payment methods. The PaySafeGen Ransomware is being delivered using corrupted spam email attachments that disguise an executable file through the use of double extensions. When the victim opens the compromised file attachment, which delivers an executable file named ‘Cry.exe,’ the PaySafeGen Ransomware is installed on the victim’s computer. The PaySafeGen Ransomware will scan the victim’s files, searching all local drives...

Posted on November 10, 2016 in Ransomware

Telecrypt Ransomware

The Telecrypt Ransomware has caught the attention of PC security analysts because it uses Telegram in its Command and Control server operations. The Telegram channels, which are known for offering secure communications to their users, are being used by the Telecrypt Ransomware as Command and Control servers in its attacks. Because of the Telecrypt Ransomware’s reliance on the Telegram platform, the Telecrypt Ransomware attacks cannot be carried out with access to a Web connection on the infected computer. The Telecrypt Ransomware represents a significant threat to computer users, and PC security analysts strongly advise ensuring that all security software is fully up-to-date. The people responsible for creating the Telecrypt Ransomware have coded this threat using Delphi. The Telecrypt Ransomware’s binary file is 3 MB...

Posted on November 10, 2016 in Ransomware

‘Orgasm@india.com’ Ransomware

The Orgasm@india.com Ransomware is an encryption Trojan that threat investigators named after the email orgasm@india.com which victims are directed to contact if they want a decryptor. Initial threat assessment showed that the Orgasm@india.com Ransomware is delivered to users by corrupted documents attached to spam email. Computer users may be welcomed to download and open a macro-enabled PDF, DOCX and XLSX file. Experts recommend users to avoid spam email and delete messages coming from email addresses that resemble official accounts of services like PayPal and Amazon, and social media like Facebook, Instagram and Twitter. In-depth analysis of the Orgasm@india.com Ransomware revealed that the Trojan is an altered version of the Globe Ransomware and works very similarly to the ‘.kyra File Extension’ Ransomware . If...

Posted on November 9, 2016 in Ransomware

CerberTear Ransomware

The CerberTear Ransomware is an identification name used by security researchers when talking about Trojans based on the Hidden Tear project, which pretends to be variants of the Cerber Ransomware . Experts agree that the authors of the CerberTear Ransomware attempt to present their Trojan as a new version of Cerber that encrypts nearly one hundred and thirty data containers. The CerberTear Trojans are delivered to users via spam emails that are loaded with a Trojan-Dropper packed as a macro-enabled document. Computer users need to be extra careful when an email appears to be sent from an account on social media and invites the user to open an interesting file that is attached to the message. The CerberTear Ransomware is an encryption Trojan that uses the AES-256 cipher to lock targeted data containers. The implementation of the...

Posted on November 9, 2016 in Ransomware

Mysearchengine.ru

Mysearchengine.ru is perceived by many users as a low-quality search service when compared to Google, Yahoo and Bing. Security experts agree that the lack of HTTPS encryption on Mysearchengine.ru is a cause for concern and you should avoid entering information in the search bar at Mysearchengine.ru. The primary function of Mysearchengine.ru may appear to be the provision of results related to your search criteria. However, most of the code on the front page is dedicated to advertising and better product placement. Mysearchengine.ru may offer free services but its operators still need to pay for Internet bandwidth, server costs and staff. That is why many search services like Mysearchengine.ru and Search.bearshare.com rely on the support of advertisers that wish to present visitors with promotional materials. At first glance, there is...

Posted on November 9, 2016 in Browser Hijackers

iRansom Ransomware

The iRansom Ransomware is an intelligent encryption Trojan that is released with spam emails to Windows users. Security analysts speculate that the authors of the iRansom Ransomware may be fans of the Apple products and note that the iRansom Ransomware is directed at the Windows OS exclusively. Initial threat assessment suggests that the iRansom Ransomware may be a version of Crowti and depends on the .NET Framework 4.5 by Microsoft to be installed on the compromised computer. In many cases, the iRansom Ransomware is introduced to systems as ‘iRansom.exe,’ which may be signed with a fake digital signature. Computer users should avoid spam that looks like it is sent from social media like Twitter, Instagram and Facebook. Threat actors prefer to use logos from trusted companies when they send out spam email to potential...

Posted on November 9, 2016 in Ransomware

FixIt by Clever Systems

The FixIt software by Clever Systems Sp. Zo.o. is advertised at Fixit-soft.net as “Your Complete System Fix” that would allow users to detect potential problems, keep their system protected and enhance long-term performance. The FixIt by Clever Systems software may be appealing to users who play MMORPG games, use resource hungry programs like Adobe Photoshop CS6 and test freeware on a daily basis. Computer experts agree that poorly configured software can cause poor system performance and flood the drive with cache files. You may be willing to give the FixIt system optimizer a try and need to consider how it will affect your PC. FixIt by Clever Systems is deemed as a Potentially Unwanted Program (PUP) that might claim to improve your cyber defenses and prolong your system’s lifetime. There is no evidence to support...

Posted on November 8, 2016 in Possibly Unwanted Program

Newtab.club

The Newtab.club domain is operated by Visicom Media, which provides customized search solutions to its clients. Freeware developers are among customers of Visicom Media and may use Newtab.club to provide PC users with a custom search engine and quick links to popular services. Visicom Media helps freeware developers to monetize Web traffic Newtab.club and keep valuable services free of charge for you. However, users report that they may be redirected to Newtab.club automatically whenever they open a new tab and begin an online session. Users that visit Newtab.club are welcomed by a clean design hosting a search bar, quick-launch icons at the top and a speed dial underneath the search bar. Newtab.club appears to provide quick links to Instagram.com, Twitter.com, Linkedin.com, Facebook.com, Gmail.com and Plus.Google.com. The speed dial...

Posted on November 8, 2016 in Browser Hijackers