[YOUR IP].Moshimoshi.top

The [YOUR IP].Moshimoshi.top pop-up windows may appear on Google Chrome and other respected Internet clients offering misleading information and should be avoided. That may be hard for some users considering that the pages associated with [YOUR IP].Moshimoshi.top receive Web traffic from browser hijacking software. Computer users that wish to avoid browser hijackers may want to explore the ‘Custom’ and ‘Advanced’ options of software installers. Software bundling may be used by the developers of riskware, adware and browser hijackers widely. The [YOUR IP].Moshimoshi.top pop-up windows were reported by users who were rerouted to personalized [YOUR IP].Moshimoshi.top pages from ads, adware and browser hijackers. As you can see, the operators of the Moshimoshi.top domain may take advantage of the public IP...

Posted on December 30, 2016 in Adware

‘mkgoro@india.com’ Ransomware

The ‘mkgoro@india.com’ Ransomware is another variant of the Dharma Ransomware that surfaced not too long after the ‘amagnus@india.com’ Ransomware and the ‘supermagnet@india.com’ Ransomware that belongs to the same family of crypto-threats. The team behind Dharma seems busy releasing their Trojan under new names and tend to switch between email accounts. PC security researchers alert that the new version of Dharma is delivered the same way as its older forms—spam emails. Computer users may encounter emails that appear legitimate, include logos from social media, payment portals, and banks as well as an invitation to download and open a file with a random name. Most infiltration techniques used to install the ‘mkgoro@india.com’ Ransomware involve a macro-enabled text document, but we...

Posted on December 30, 2016 in Ransomware

Splintersearch.com

The Splintersearch.com search service was brought to attention by users who were redirected to Splintersearch.com automatically. Splintersearch.com presents itself as a search portal that features minimalistic design and does not offer much in the form of filters and custom parameters. Web surfers that visit Splintersearch.com may be provided with a search field, Splintersearch’s logo and nothing more. As far as obstruction-free design goes, Splintersearch.com may be the best amongst its kin. Compared to giants like Google and respected services like DuckDuckGo, Splintersearch.com may not seem like a good search provider. Splintersearch.com is associated with browser hijacking and is not a legitimate search portal. Splintersearch.com is a redirect-gateway to Snap.do that is not qualified as a respected service provider....

Posted on December 30, 2016 in Browser Hijackers

‘Membership Rewards’ Pop-Ups

The ‘Membership Rewards’ pop-up windows in your browser may not come from trusted advertisers. The ‘Membership Rewards’ pop-up windows may be generated on phishing pages, which you may open when you click on corrupted ads or are infected with a browser hijacker. Computer users that are interested in receiving the gifts promised by the ‘Membership Rewards’ should know that the gifts are fake and used as bait. You will not receive a free iPhone 7, Apple iMac or an Amazon Gift Card because you opened a random page on the Internet. The ‘Membership Rewards’ pop-ups may appear when you click on advertising banners and click-bait ads. The domains used to host the ‘Membership Rewards’ messages are flagged by VA vendors as phishing pages and should not be trusted. We have seen a...

Posted on December 29, 2016 in Adware

‘MNS CryptoLocker’ Ransomware

The MNS CryptoLocker Ransomware is a file encryption Trojan. The MNS CryptoLocker Ransomware is used to encrypt the victims’ files, then demands the payment of a ransom in exchange for the decryption key. The MNS CryptoLocker Ransomware threatens victims with the prospect of never recovering their files. The MNS CryptoLocker Ransomware uses the AES encryption to make the victim’s files inaccessible. Unfortunately, once the MNS CryptoLocker Ransomware encrypts the victim’s files, these files will become inaccessible. The MNS CryptoLocker Ransomware is being distributed as an alternate version to the CryptoLocker family of ransomware, a large and well-known ransomware family. Many ransomware Trojans claim these connections without it meaning that the MNS CryptoLocker Ransomware belongs to this family of ransomware...

Posted on December 29, 2016 in Ransomware

‘ihurricane@sigaint.org’ Ransomware

The ‘ihurricane@sigaint.org’ Ransomware is a ransomware Trojan that is used to take money from computer users. The ‘ihurricane@sigaint.org’ Ransomware is a variant of the Stampado Ransomware . The ‘ihurricane@sigaint.org’ Ransomware was released on the Dark Web for con artists to purchase. Variants of the ‘ihurricane@sigaint.org’ Ransomware are on sale for $39 USD on the Dark Web currently. Con artists can take advantage of this Ransomware as a Service (RaaS) offer to buy a ready made ransomware Trojan and then carry out attacks on the targets of their choice. The ‘ihurricane@sigaint.org’ Ransomware is being distributed using corrupted spam email attachments, which use corrupted files that exploit known vulnerabilities on victims’ computers. The...

Posted on December 29, 2016 in Ransomware

KillDisk Ransomware

The KillDisk Ransomware is a ransomware Trojan that is being used to take money from computer users. The KillDisk Ransomware existed in a previous version that did not have encryption capabilities. The latest version of the KillDisk Ransomware, however, does encrypt victims’ files to demand payment of an enormous ransom. The size of the ransom indicates that it is likely that the KillDisk Ransomware is targeted towards businesses and industrial targets specifically. The KillDisk Ransomware uses a sophisticated communications method that involves the Telegram API to connect to its Command and Control server. Analysis of the KillDisk Ransomware has revealed that each sample of this threat infection includes a unique Telegram account for communications. The KillDisk Ransomware has full encryption ransomware capabilities, meaning...

Posted on December 29, 2016 in Ransomware

Survey.[RANDOM NUMBER].ws

Security researchers alert that Web surfers that use to click on suspicious ads and click-bait links may be presented with content from domains named Survey.[RANDOM NUMBER].ws. We have received reports that advertisers and adware developers use pages registered to the 45.79.206.139 IP address to claim pay-per-click revenue and promote riskware. You may experience pop-up windows loaded with content from Survey.[RANDOM NUMBER].ws, which claim to provide search functionality while the following message is displayed on your screen: ‘Search whatever you are looking for! [text box that says ‘Enter Your Email’] Submit Email to Continue’ The message is not accompanied by a company logo and information as to who owns the Survey.[RANDOM NUMBER].ws domains. The lack of ownership information should make you cautious...

Posted on December 29, 2016 in Adware

Timesearchnow.com

The portal hosted at www.Timesearchnow.com is advertised as a custom search engine based on the distinguished service by Yahoo Inc. When searching through www.Timesearchnow.com users are redirected to a custom version of Search.yahoo.com, which may include advertisements and recommendations that you will not find on the standard version of Search.yahoo.com. Computer users that value what Timesearchnow.com has to offer may be welcomed to install a browser add-on that supports Google Chrome and Mozilla Firefox. However, Timesearchnow.com is reported by users to be related to cases of browser hijacking. The Timesearchnow.com browser hijacker is said to change the homepage and new tab page of compromised users. Researchers revealed that Timesearchnow.com does not provide information about its owners and software associated with...

Posted on December 28, 2016 in Browser Hijackers

OverwriteMBR

OverwriteMBR is a threat infection that is used to overwrite the victim’s MBR (Master Boot Record). This has severe consequences on the affected computer. OverwriteMBR was saw being used in a campaign against cheaters of a popular online game. Counter-Strike Global Offensive (CS:GO) is a popular online game that is plagued by cheaters, who use hacks to improve their chances against other players. External Counter-Strike is distributed as a program that allows players to see their online enemies through in-game obstacles and walls. These tools may be distributed on the website Mpgh.net. OverwriteMBR is currently being used to target cheaters that download this product. According to the file names and messages associated with OverwriteMBR, the creator of External Counter-Strike is someone that is targeting cheaters and Mpgh.net...

Posted on December 28, 2016 in Possibly Unwanted Program

‘fantomd12@yandex.ru’ Ransomware

The ‘fantomd12@yandex.ru’ Ransomware is a ransomware Trojan that belongs to the same family 0f the Fantom Ransomware. These ransomware Trojans are based on the EDA-2 ransomware project, released online as a proof of concept for educational purposes. Since its release, EDA-2 has served as the basis for numerous ransomware Trojans released by con artists, including the ‘fantomd12@yandex.ru’ Ransomware and its variants. The ‘fantomd12@yandex.ru’ Ransomware, like many similar threats, receives its name based on the email address used by the con artists to contact the victims and receive payments. The ‘fantomd12@yandex.ru’ Ransomware appeared shortly after most anti-virus programs were updated to block the Fantom Ransomware , making it likely that the ‘fantomd12@yandex.ru’...

Posted on December 28, 2016 in Ransomware

Alice

Alice is a threat that con artists can use to gain cash illicitly from Automatic Teller Machines (ATM). Alice was first detected in November 2016. Alice is used to targeting ATMs, allowing con artists that have physical access to the ATM’s ports to force the machine to give money to the con artist. Alice receives its name because its creator referred to the Alice code as ‘Project Alice.’ It is possible that versions of Alice have been active since at least 2014. The people using Alice need access to the ATM ports, either through the USB or CD-ROM ports. If they have access, they can load Alice into the ATM and then connect a keyboard to interact with the ATM. In most cases, ATMs are based on the Windows XP, which allows con artists to launch Alice with a keyboard. To do this, the con artists need a PIN access code...

Posted on December 28, 2016 in Trojans

CryptoLocker3 Ransomware

The Cryptolocker3 Ransomware, known as Pclock, pretends to be a CryptoLocker variant by encrypting the data on the victim’s PC using an XOR encryption method. The Cryptolocker3 Ransomware also receives the name Pclock because of a project name that threat analysts found in the Cryptolocker3 Ransomware’s executable code. Once the Cryptolocker3 Ransomware is installed, it scans the victim’s files in search for certain file extensions. The Cryptolocker3 Ransomware encrypts the found files using its encryption engine. After encrypting the victim’s files, the Cryptolocker3 Ransomware displays its ransom note, which includes a 72-hour timer. The Cryptolocker3 Ransomware demands the payment of 1 BitCoin (approximately $840 USD at the current exchange rate) in exchange for the decryption key. Fortunately, there is a...

Posted on December 28, 2016 in Ransomware

Ageofcomp.nfo/search/start.html

Browser hijackers are small applications that are usually installed as browser extensions and they are designed to execute just one simple task – to modify a Web browser’s settings so that it redirects users to a particular website whenever they load their homepage or new tab page. Software of this type may often be used to boost the traffic of less popular websites or search engines greatly so that they’ll seem more legitimate due to the high amount of exposure they receive. This is exactly the case with http://ageofcomp.info/search/start.html, a dubious search engine that you may agree to set as your default new tab page and homepage unknowingly, even though you’ve never heard of it before. The http://ageofcomp.info/search/start.html browser hijacker, just many other similar low-level threats may rely on software...

Posted on December 27, 2016 in Browser Hijackers

Exclusiverewards.[RANDOM DOMAIN NAME]

Exclusiverewards.[RANDOM DOMAIN NAME] is a questionable website brought to your computer by an adware that was bundled with a useful program you downloaded from the Internet, and is used to display annoying and unwanted advertisements on the computers it affects. Exclusiverewards.[RANDOM DOMAIN NAME] is linked to browser hijackers and adware, which main objective is to offer the installation of dubious content that includes optimization utilities, web browser toolbars, and similar applications to generate pay-per-click revenue for its creators. Computer housing Exclusiverewards.[RANDOM DOMAIN NAME] also may be redirected to unsafe websites that may display random commercial pop-up ads and banners or ads and banners matching the PC user’s browsing routine since its related adware may collect the user’s browsing data. Browser...

Posted on December 27, 2016 in Adware