GhostAdmin

GhostAdmin is the name of a threat family that is dedicated to botnets. Trojans that belong to the GhostAdmin family are designed to connect compromised PCs to a botnet. A botnet is a network that is comprised of infected computers that are manipulated as a group by a threat actor. The owners of computers attacked by a botnet may not notice suspicious activity depending on how sophisticated the Trojan is. GhostAdmin was introduced to the cyber security community on January 17th, 2017. The GhostAdmin Trojan is programmed to infect machines, gain a boot persistence, establish a communication channel with the ‘Command and Control’ server and execute commands issued by the operator. Researchers reported that the GhostAdmin Trojan has an unusual connection setup that requires an Internet Relay Chat (IRC) client. The operators...

Posted on January 18, 2017 in Backdoors

Balkan.ba

Balkan.ba is a news site tailored to suit an audience that speaks Serbian. Balkan.ba is dedicated to providing articles on business, lifestyle, sports, and entertainment to users in Serbia predominately. Balkan.ba has no version in English, but users across the globe reported being redirected to a page hosted on Balkan.ba. PC users that like to explore free software alternatives to shareware may install a browser plug-in that may redirect them to Balkan.ba/speshl/search.html that is a hidden page hosted on Balkan.ba. The plug-in is classified as a browser hijacker because it is reported to reroute users to Balkan.ba/speshl/search.html whenever they open a new tab or links on pages. The Balkan.ba/speshl/search browser hijacker may alter the Internet settings on browsers like Google Chrome, Internet Explorer, Opera, Mozilla Firefox and...

Posted on January 17, 2017 in Browser Hijackers

Havoc Ransomware

The Havoc Ransomware is a ransomware Trojan that carries out a typical attack of this nature. A bright violet ransom note characterizes the Havoc Ransomware’s. The Havoc Ransomware first appeared in January 2017, and there is little to differentiate the Havoc Ransomware from the numerous other ransomware Trojans that are active today. The Havoc Ransomware’s executable note is named ‘Havoc.exe’ and is commonly distributed using corrupted file attachments contained in spam email messages. The Havoc Ransomware, despite its unremarkable nature, is still capable of carrying out a harmful and effective encryption ransomware attack. In the Havoc Ransomware’s executable files’ file information section there is the message ‘Will bring the Havoc to your PC.’ Despite the scary language, however, the...

Posted on January 17, 2017 in Ransomware

VBRansom Ransomware

The VBRansom Ransomware is a ransomware Trojan that is used to extort computer users. The VBRansom Ransomware was first observed after an encryption Trojan project was uploaded online. According to the VBRansom Ransomware’s ransom note, the current version of the VBRansom Ransomware is its ‘Version 7,’ although it is unclear how true this may be. However, it is clear that the VBRansom Ransomware is still under development and there are aspects of the VBRansom Ransomware that are still unfinished. Analysis of the executable file linked to the VBRansom Ransomware makes it apparent that the creator of the VBRansom Ransomware plans to release the VBRansom Ransomware as a fake version of Adobe Reader, to trick computer users into opening the corrupted executable file. Other file names that have been associated to the...

Posted on January 17, 2017 in Ransomware

iMedia Start

The iMedia Start, also seen as the iMedia Search, is an application that you can find at ienjoyapps.com/utilities/imedia/. The iMedia Start (iMedia Search) software by ienjoyapps.com is promoted as a useful addition to the browser of users that like to browse media on their online sessions more than anything. The iMedia Start supports a version for Google Chrome only. PC users that are interested in the iMedia Start (iMedia Search) may need to do a transition from another browser to benefit from the iMedia Start extension. The official page of the iMedia Start says that the extension can enable users to download media files on their drives easy and fast. The statement on ienjoyapps.com/utilities/imedia/ reads: ‘Get all the media you want directly to your hard drive using iMedia, the best free tool available! This professional...

Posted on January 17, 2017 in Possibly Unwanted Program

Extminooop Ads

If there are too many pop-up windows titled ‘Ads Powered by Extminooop’ on your screen, there is a chance you are infected with the Extminooop adware. The Extminooop adware is a program that is designed to flood the user’s desktop with marketing materials from promoters and advertisers. The Extminooop adware may be bundled with free browser extensions and media players to reach a greater number of users. The Extminooop adware may alter the way your browser works and behaves. For example, the Extminooop adware might change the layout of your new tab page and generate a list of promotions whenever you open a new tab. The Extminooop adware may add parameters to the shortcut for Google Chrome, Internet Explore, Edge and Mozilla Firefox. The parameters set by the Extminooop adware may cause redirects to suspicious pages...

Posted on January 16, 2017 in Adware

‘Your Connection Is Not Safe’ Pop-Ups

The ‘Your Connection Is Not Safe’ alerts in your browser may make you think that a third-party is trying to collect data on your PC. The ‘Your Connection Is Not Safe’ alerts are styled after the ‘Your Connection Is Not Safe’ notifications by Google Safebrowsing and many users may consider calling the phone line listed on their screen. However, the ‘Your Connection Is Not Safe’ messages are phishing messages that may be presented on your display by a browser hijacker. The browser hijacker associated with the ‘Your Connection Is Not Safe’ pop-ups may run as an extension, add-on and a Browser Helper Object depending on your browser of choice. You may have installed a fake browser plug-in that can redirect you to the ‘Your Connection Is Not Safe’ messages whenever you...

Posted on January 16, 2017 in Adware

LambdaLocker Ransomware

The LambdaLocker Ransomware is a ransomware Trojan that was uncovered in January 2017. The LambdaLocker Ransomware will use a combination of the AES-256 and SHA-256 encryption to make the victim’s files inaccessible. The files encrypted using the LambdaLocker Ransomware will be identified by the file extension ‘.lambda_l0cked.’ The LambdaLocker Ransomware then drops a ransom note in the form of an HTML file named ‘READ_IT.hTml’ on the victim’s Desktop. The LambdaLocker Ransomware’s ransom note delivers a message that is both in English and Chinese. This makes it likely that the LambdaLocker Ransomware infection is designed to target computer users in China. According to the LambdaLocker Ransomware’s ransom note, the victim’s must pay 0.5 BitCoin (approximately $450 USD) to...

Posted on January 16, 2017 in Ransomware

HakunaMatata Ransomware

The HakunaMatata Ransomware is a ransomware Trojan that is used to take the computer users’ files hostage and then demand the payment of a large ransom in exchange for their recovery. The HakunaMatata Ransomware is similar to countless other ransomware Trojans that are active in the wild currently. PC security researchers advise computer users to take preventive steps to ensure that their files are well protected from these attacks. Some important steps to take include installing a reliable security program that is fully up-to-date and having backup copies of all files on an external memory device or the cloud. The files infected by the HakunaMatata Ransomware will be marked with the file extension ‘.HakunaMatata,’ a philosophy that became popular in Walt Disney’s ‘The Lion King’ and its...

Posted on January 16, 2017 in Ransomware

CryptoSweetTooth Ransomware

The CryptoSweetTooth Ransomware is a ransomware Trojan that is used to force computer users to pay large sums of money. The CryptoSweetTooth Ransomware is identical to various other ransomware Trojans that are active in the wild and belongs to a large family of ransomware Trojans based on HiddenTear, an open source ransomware engine project that is the basis for a large number of encryption ransomware Trojans released in 2016 and 2017. The CryptoSweetTooth Ransomware may be distributed via corrupted email attachments, in the form of corrupted documents attached to spam email messages that use some social engineering tactic. The CryptoSweetTooth Ransomware uses exploits involving macros and JavaScript to infect the victims’ computers. The current version of the CryptoSweetTooth Ransomware seems only to exist in a Spanish...

Posted on January 16, 2017 in Ransomware

Kaandsona Ransomware

The Kaandsona Ransomware is an encryption Trojan that was discovered on January 16th, 2017 when users reported strange files with the ‘.kencf’ extension. The Kaandsona Ransomware may be referred to as the RansomTroll Ransomware on some cyber security blogs considering the logo of the Trojan is a green troll glancing at a laptop. There are security experts suspecting that the Kaandsona Ransomware is developed in Estonia considering that the name can be pronounced as ‘Käändsõna’ in Estonian, but there is no evidence to support a thesis for the origin of the Kaandsona Ransomware. Trojans such as the Kaandsona Ransomware are developed in a ‘clean environment’ that is a virtual PC that has limited access to the Internet and serves as a proxy. When the Kaandsona Ransomware is packed, it undergoes a...

Posted on January 16, 2017 in Ransomware

Adobe Issues Emergency Update to Flash Due to Cerber Ransomware Attack

Ransomware has been a major nuisance in the computer security community in the recent years making history has one of the most dangerous types of malware. Ransomware has propagated to the point that Adobe is having to release an emergency update to its Flash application due to a security flaw that is being exploited to deliver ransomware to Windows PCs. If you are not all familiar with ransomware, it is wise to know that such threats will infect your system usually from a malicious spam email attachment where it will then load and encrypt several files on your computer. From there, ransomware is known to display a notification demanding payment from $200 to $1,000 to obtain a decryption key, which is claimed to decrypt and restore all encrypted files so they can then be accessible again. In the recent months, ransomware has evolved...

Posted on January 13, 2017 in Computer Security

Search.rapidserach.com

Search.rapidserach.com is a generic site that may appear as a search provider with links to popular services like Facebook, IMDB, Netflix, Instagram and YouTube, and include widgets related to shopping, news and media streaming. Search.rapidserach.com is owned by Stepitapp LTD., which operates a platform that enables advertisers and software developers to monetize their work. Search.rapidserach.com is associated with a browser extension that may be distributed to users via software bundles. The extension linked to Search.rapidserach.com may feature the name RapidSearch and claim to enhance your online experience. It may not be a good idea to install software related to Search.rapidserach.com because the site is reported in cases of browser hijacking. Search.rapidserach.com is not a legitimate search provider and acts as a gateway to...

Posted on January 13, 2017 in Browser Hijackers

TrojanDropper:JS/Exjaysee.A

TrojanDropper:JS/Exjaysee.A is a detection name used by security scanners. TrojanDropper:JS/Exjaysee.A refers to a computer Trojan that is written in the JavaScript programming language that is mostly found on Web servers. The technical detection name can change with time since the author can modify the code and release the Trojan again. Thus, security researchers work with names that can adapt. The root name is Exjaysee followed by the version identifier ‘A.’ The root name is preceded by two prefixes—the threat type and primary programming language. Trojans like Exjaysee and Febipos may include code written in other languages to expand their capabilities and send commands to various peripheral devices and modules. The author of the Exjaysee Trojan may have decided to write the program in JavaScript since it is a...

Posted on January 13, 2017 in Trojans

DirectionsBuilder

DirectionsBuilder is software that is promoted as a navigation tool, which requires integration with the Internet browser to work best. DirectionsBuilder works as a browser add-on that can be used to compile routes to desired destinations and export them as directions guides. Computer users that want to explore new commute routes, optimize their trips, and create a useful digital map for their vacation may be willing to give the DirectionsBuilder add-on a try. DirectionsBuilder has an official page that you browse at Directionsbuilder.com and determine if it meets your needs. DirectionsBuilder is published by Mindspark Interactive Network, Inc. DirectionsBuilder feels, looks and behaves nearly identically to a few extensions released by Mindspark in the past, which include DirectionsWhiz , FindYourMaps Toolbar , and FreeMaps...

Posted on January 13, 2017 in Possibly Unwanted Program
1 2 3 4 5 6 7 8 9 10 11 12 1,118