Track Global Malware Trends
View the trending of malware based on the 'detection count' reports of threats found in infected PCs and volume levels which reflect malware infection rates. For real-time data on malware outbreaks worldwide, visit MalwareTracker.

Top Security News

Top 20 Countries Found to Have the Most Cybercrime
Have you ever wondered which countries face the most cybercrime? If you have ever wondered which countries have the most cybercrime, then you may be surprised to know that there are few contributing factors that attract cybercriminals to specific regions of the world. Security research firm,...
Gmail Filter Virus Attacks Gmail Users Turning Them Into Spammers
A new vulnerability within the Gmail email account system, called Gmail Filter Virus, is currently affecting some Gmail users taking control of their account turning it into a virtual spam proxy. Many Gmail account users will utilize the 'filters' feature for various automation functions in...
Crafty Scammers Offer a Fake Survey Bypassing Script That is Really a Survey Scam Campaign in Disguise
Just when you think that you have heard about some of the most clever scams online, cybercrooks amaze us all again as they introduce their very own solution to online survey scams. The people responsible for survey scams are not only still tricking computer users through the use of their annoying...

More Articles

LaSuperba

LaSuperba may be associated with numerous problems that may be caused by PUPs (Potentially Unwanted Programs). LaSuperba may interrupt the computer users' activities when browsing the Web and cause performance problems on affected Web browsers. LaSuperba is linked to an adware that may affect most commonly used Web browsers on the Windows operating system, including Internet Explorer, Mozilla Firefox and Google Chrome. LaSuperba advertisements may take the form of irritating pop-up messages that make it very difficult to use the affected Web browser. In most cases, removing adware associated with LaSuperba will stop LaSuperba advertisements from appearing on affected Web browsers. However, most adware infections do not come alone; the presence of one adware component may indicate the presence of others, all of which may be connected with LaSuperba and similar unwanted content....

Posted on August 31, 2015 in Adware

VirLock Ransomware

Screenshot

The VirLock Ransomware is a ransomware Trojan that takes computers hostage and then demands payment from the computer users using BitCoin, a crypto-currency that is known for permitting anonymous online payments. The VirLock Ransomware will threaten computer users, claiming that the VirLock Ransomware has found pirated software on the infected computer and threatening to report the victim to the authorities unless the fine is paid. These claims have no basis. The VirLock Ransomware cannot check your computer for pirated software or alert the authorities. Rather, the VirLock Ransomware is engineered to lock down your computer and prevent access to your files. If the VirLock Ransomware...

Posted on December 10, 2014 in Ransomware

CryptoWall Ransomware

Screenshot

The CryptoWall Ransomware is a ransomware Trojan that carries the same strategy as a number of other encryption ransomware infections such as Cryptorbit Ransomware or CryptoLocker Ransomware . The CryptoWall Ransomware is designed to infect all versions of Windows, including Windows XP, Windows Vista, Windows 7 and Windows 8. As soon as the CryptoWall Ransomware infects a computer, the CryptoWall Ransomware uses the RSA2048 encryption to encrypt crucial files. Effectively, the CryptoWall Ransomware prevents computer users from accessing their data, which will be encrypted and out of reach. The CryptoWall Ransomware claims that it is necessary to pay $500 USD to recover the encrypted...

Posted on May 12, 2014 in Ransomware

CryptoLocker Ransomware

Screenshot

The CryptoLocker Trojan is a ransomware infection that encrypts the victim's files. CryptoLocker may typically be installed by another threat such as a Trojan downloader or a worm. Once CryptoLocker is installed, CryptoLocker will search for sensitive files on the victim's computer and encrypt them. Essentially, CryptoLocker takes the infected computer hostage by preventing access to any of the computer user's files. CryptoLocker then demands payment of a ransom to decrypt the infected files. CryptoLocker is quite harmful, and ESG security analysts strongly advise computer users to use an efficient, proven and updated anti-malware program to protect their computer from these types of...

Posted on September 11, 2013 in Ransomware

MyStart by Incredibar

Screenshot

MyStart is a browser hijacker that uses the MyStart by Incredibar toolbar and a browser hijacking component that forces its victims to visit the MyStart.Incredibar.com website. This website is a low-quality search engine that displays more advertisements than legitimate results. Even worse, several of MyStart's search results may lead computer users to websites containing malicious content. Although MyStart actually provides a supposed tool to remove this component from the victim's web browser, ESG security researchers recommend disregarding this component and instead removing MyStart with the help of a reputable anti-malware utility. MyStart can refer to both the low-quality...

Posted on July 31, 2012 in Adware

FBI Moneypak Ransomware

Screenshot

ESG security researchers have received reports of a ransomware infection, known as the FBI Moneypak ransomware, that targets computer users in the United States. The FBI Moneypak ransomware infection will claim that the victim's computer was involved in viewing child pornography and then demands payment of a 100 dollar 'fine' to be sent via MoneyPack. Of course, that a criminal charge as serious as child pornography would be punished with a mere 100 dollar fine is laughable. There is a reason for this, the FBI Moneypak ransomware is not really from the FBI. Rather, this message is actually part of a common malware scam. The FBI Moneypak ransomware scam will use a Winlocker, that is,...

Posted on June 25, 2012 in Ransomware

Live Security Platinum

Screenshot

Live Security Platinum is one of the many fake security programs in the WinWebSec family of malware. Although ESG security researchers have been following the family of malware for several years, Live Security Platinum is a relatively new variant first detected in 2012. Because of this, it is pivotal to ensure that your security software is fully updated. Like most fake security programs, Live Security Platinum is designed to induce PC users to purchase a worthless 'full version' of Live Security Platinum. To do this, Live Security Platinum will try to scare the computer user with a variety of fake error messages, pop-up alerts from the Taskbar and a convincing fake scan of the...

Posted on June 1, 2012 in Rogue Anti-Spyware Program

DNS Changer

Screenshot

DNS Changer is a Trojan that is designed to force a computer system to use rogue DNS servers. Also, DNS Changer is being referred to as the Internet Doomsday Virus, Ghost Click Malware, DNS Changer Rootkit, DNS Changer Malware, DNS Changer Trojan, DNS Changer Virus, FBI DNS Changer or DNSChanger. A DNS Changer infection will typically have two steps, in order to reroute the infected computer’s traffic to these malicious DNS servers: A DNS Changer malware infection will change the infected computer system’s settings, in order to replace the DNS servers to rogue DNS servers belonging to hackers or online criminals. The DNS Changer malware infection will then try to...

Posted on November 25, 2011 in Trojans

Vdomser.xyz

The Vdomser.xyz site is flagged as suspicious and untrusted by several Web filtering services including Websense ThreatSeeker and Sucuri. We have received reports by users that their homepage and search provider are changed to Vdomser.xyz without their approval. ESG researchers looked into the Vdomser.xyz domain and found out that there is a browser hijacker connected to the site. The Vdomser.xyz browser hijacker appears to travel with free software packages and pretend to be a good add-on. However, the browser add-on related to Vdomser.xyz is not safe to install because it will cause browser redirects and show promotional materials via pop-up windows and banners at Vdomser.xyz. The Vdomser.xyz site hosts a custom Google Search that is very limited in functionality and is programmed to populate the search results with ads predominantly. The custom Google search on Vdomser.xyz does...

Posted on August 31, 2016 in Browser Hijackers

Window Raws Manager

The Window Raws Manager program is another modified version of the Window Range Manager software by Plamsoft Inc. However, users may encounter Window Raws Manager under several publishers among which are Homesat Co. and DevInst Ltd. The Window Raws Manager application is promoted as a network utility that can mask your location and IP address by connecting your PC to a private VPN server. That way when you access Internet advertisers and other entities, you will be provided with the VPN's address instead of yours. There are other benefits for joining a VPN server, which include Web filtering and improved DNS configuration. None of which are supported by Window Raws Manager because it is adware. The Window Raws Manager application is classified as adware because it may modify your browser to show ads by affiliated networks only. Also, the Window Raws Manager adware may run as a...

Posted on August 31, 2016 in Adware

Ustarts.xyz

The Ustarts.xyz domain is associated with a browser hijacker that travels with freeware bundles and generates affiliate marketing revenue for its creators. The 62.109.15.15 IP address of Ustarts.xyz is hosting several other sites related to browser hijacking software such as Tabs000.online , Sear4m.xyz and Startab.me . The Ustarts.xyz is presented to users as a welcoming search service that has useful links to popular portals like eBay, Yahoo, Facebook and Wikipedia. However, the Ustarts.xyz page does not offer search functionality and acts as a redirect-portal to Baserad.xyz, which visitors are lead to believe is powered by Google. That is not true and Ustarts.xyz along with associated pages is under the command of untrusted advertisers. An analysis of the Ustarts.xyz portal found a clone located on Tabtab.xyz and concluded that whenever a visitor lands on either one of the...

Posted on August 31, 2016 in Browser Hijackers

‘Error Code Rundll32.exe’ Pop-Ups

Sites that show you an 'Error Code Rundll32.exe' pop-up message should not be trusted even if they feature the Windows logo. The 'Error Code Rundll32.exe' pop-ups are hosted on untrusted sites that are rigged with JavaScript, which can freeze your browser and crash it. The 'Error Code Rundll32.exe' pop-ups serve one purpose, and that is to direct users to call con artists on phone lines like 844-580-8647 and 866-540-2570. These untrustworthy individuals pretend to be certified computer support agents that are willing to help you repair Rundll32.exe and install an anti-virus shield. You should not call 844-580-8647 and 866-540-2570 if you experience the 'Error Code Rundll32.exe' pop-ups. Rundll32.exe is a command-line utility program that allows the users to process commands inside DLLs. The legitimate Rundll32.exe is designed by Microsoft Corp. and is delivered with Windows to...

Posted on August 31, 2016 in Adware

Diablo_diablo2@aol.com Ransomware

The Diablo_diablo2@aol.com is a custom build of the Crysis Ransomware that is very popular at the time of writing this article. The Diablo_diablo2@aol.com Ransomware is designed to run on server machines that are powered by the Windows Server 2016, Windows Small Business Server, Windows Essential Business Server 2008 and Windows Server Essentials 2012 and 2012 R2. The Diablo_diablo2@aol.com Ransomware is cryptomalware that uses the AES and RSA encryption algorithms to lock databases, XLSX and HTML resources. The Diablo_diablo2@aol.com Ransomware may be injected into server systems via corrupted WordPress add-ons and Trojan-Droppers like Sventore . What makes the Diablo_diablo2@aol.com Ransomware a bit more interesting is that it is programmed to encode database backups as well. The Diablo_diablo2@aol.com Ransomware is known to prioritize the encryption of SQL resources and can...

Posted on August 31, 2016 in Ransomware

‘Bitcoinrush@imail.com’ Ransomware

The Bitcoinrush@imail.com Ransomware falls into the category of a cryptomalware that is designed to encrypt the data of the user and demand ransom for the release of a decryptor. The Bitcoinrush@imail.com Ransomware is an Encryption Trojan that may be delivered to users via spam mail and corrupted links. The payload of the Bitcoinrush@imail.com Ransomware may be packed as a ZIP, RAR, PDF and DOCX file. The Bitcoinrush@imail.com Ransomware is a variant of the Troldesh Ransomware , and its operators may push their product as a message from your bank and a payment notification from Amazon. That way, many users may be willing to open spam emails from unknown senders and run the Bitcoinrush@imail.com Ransomware. Computer users that are infected with the Bitcoinrush@imail.com Ransomware will find the ransom note in "How to decrypt your files.txt" that is placed on the desktop. The...

Posted on August 31, 2016 in Ransomware

FBI Warns of Hackers Targeting State Election Systems in U.S.

With several elections taking place in the weeks and months to come, including the U.S. presidential election, there has been a close eye on the security of voting systems around the USA. Unfortunately, the FBI has already found evidence of foreign hackers penetrating two state election databases in the past weeks forcing the FBI to issue an alert. Election officials have been warned of a breach by the FBI as reported on Yahoo news on how hackers were able to penetrate two state election systems. The attack comes amid the previous concerns among U.S. officials about potential cyberattacks by Russian state-sponsored hackers. Already, the Democratic National Committee has come under attack by Russian hackers prompting the Department of Homeland Security to make provisions in beefing up security. The DNC hack raised several eyebrows and stirred a mass-media hysteria surrounding...

Posted on August 30, 2016 in Computer Security

GetFormsOnline Toolbar

The GetFormsOnline Toolbar is a product of the famous Mindspark Interactive Network, Inc. that is known for the development of many ad-supported apps and riskware. The GetFormsOnline Toolbar is the revamped version of the My Forms Finder Toolbar that was not welcomed by many users. Also, the GetFormsOnline Toolbar functions very similarly to another Mindspark product named FreeGovernmentForms Toolbar . The three extensions mentioned before are promoted to help users find essential government forms for taxation, healthcare, travel, immigration, power of attorney, and more. You can find the GetFormsOnline Toolbar at Free.getformsonline.com/index.jhtml and install it to Google Chrome, Internet Explorer, Opera and Mozilla Firefox. The GetFormsOnline Toolbar will be listed in your Extensions Manager and may change several aspects of your browser. The GetFormsOnline Toolbar may change...

Posted on August 30, 2016 in Possibly Unwanted Program

Ads by VidSqaure

The VidSqaure program is the primary product of VidSqaure Ltd. that is based in Tel Aviv, Israel. The VidSqaure program is promoted on Vidsqaure.com as a hybrid service that allows its users to benefit from a secure DNS configuration and a VPN server. The slogan of the VidSqaure service is “Fast, Simple and Safe” and computer users that are looking for a free VPN server and DNS service may be interested in installing VidSqaure. The VidSqaure app may hide the user's location and encode data sent to a remote server by using a unique and innovative data filter. Users are not required to pay a dime to benefit from VidSqaure, but you might want to know that VidSqaure is ad-supported. That means marketers and advertisers related to VidSqaure may read information like your network traffic, IP address and software configuration. The VidSqaure app might gather information like your...

Posted on August 30, 2016 in Adware

Ads by OnlineAPP

The dubious OnlineAPP software may not be a browser extension that is safe to install. You may think that OnlineAPP is some extension that will improve your experiences on social media like Facebook, Instagram and Twitter. In reality, the OnlineAPP software falls into the category of adware and may travel in freeware bundles that include riskware such as Save Serp Now . The OnlineAPP adware does not feature a valid digital signature and may connect to insecure servers to download promotional materials on your PC. The OnlineAPP adware may be used for network computing and mining Bitcoins without your knowledge. Users that have installed the OnlineAPP might experience banners and pop-up windows generated in their browser. The OnlineAPP adware is compatible with modern Internet clients and may access data like your Internet history, downloads, list of extensions, and hardware setup...

Posted on August 30, 2016 in Adware

ATMRIPPER

ATMRIPPER is a banking Trojan that appeared in August 2016 when a security sweep was conducted inside banks in Thailand. The ATMRIPPER malware can be seen under the name RIPPER as well, and is similar to threats like SUCEFUL and PadPin . The ATMRIPPER Trojan is designed to exclude the infected ATM from the main framework and force the device to release notes. The ATMRIPPER is activated by inserting a special card that features an EMV chip that acts as the authentication mechanism. In-depth analysis revealed that the ATMRIPPER could run as a standalone service and be masked as a legitimate process on the compromised ATM. The ATMRIPPER malware will kill the dbackup.exe process, which allows the remote monitoring of the ATM to prevent detection by the ATM vendor. Then it will substitute dbackup.exe with a corrupted version and delete backup copies that may be present on the system....

Posted on August 30, 2016 in Trojans

Batman_good@aol.com Ransomware

The Batman_good@aol.com email is associated with a new variant of the Troldesh Ransomware .that specializes in the encryption of data on servers. The Batman_good@aol.com Ransomware functions like a Trojan and this threat may be delivered to users via spam email and compromising Web-access portals connected to the targeted server. The Batman_good@aol.com Ransomware at hand is known to encode all data on the infected device except for files in the Windows directory and Program Files. We have received reports that PCs infected with Batman_good@aol.com Ransomware can boot into the desktop, but databases and other resources are unavailable. The Batman_good@aol.com Ransomware uses a combination of the AES and RSA ciphers to lock objects on the compromised system and files on unprotected network shares. The Batman_good@aol.com Ransomware might lock your access to the following file...

Posted on August 30, 2016 in Ransomware

Cyber_baba2@aol.com Ransomware

The Cyber_baba2@aol.com Ransomware is a new adaptation of the Crysis Ransomware that is similar in behavior to the Mahasaraswati Ransomware . Both cryptomalware follow an India-based theme and are known to infect server systems primarily. The Cyber_baba2@aol.com Ransomware may be deployed to users via corrupted attachments to spam email Trojan droppers like Rovnix . The main executable of the Cyber_baba2@aol.com Ransomware is known to run from the Windows directory and might mask its process under svchost.exe signed by Microsoft Corp. The Cyber_baba2@aol.com Ransomware is using an industry-grade encryption algorithm to lock the victims' data and leave them unable to read the corrupted data. The Cyber_baba2@aol.com Ransomware will scan the PC for a list of available drives and begin the encryptions process if it is not detected by your AV scanner. Security investigators note the...

Posted on August 30, 2016 in Ransomware

Last_centurion@aol.com Ransomware

The Last_centurion@aol.com Ransomware is an Encryption Trojan that is designed to infect server systems and prioritize the encryption of databases. The Last_centurion@aol.com Ransomware may be propagated via corrupted links, spam mail and compromised RDP (Remote Desktop Protocol) connections. The Last_centurion@aol.com Ransomware may be introduced to protected machines via a Trojan-Dropper like Gamarue . Researchers note that the Last_centurion@aol.com Ransomware is not an original cryptomalware and is a derivative of the Troldesh Ransomware . The Last_centurion@aol.com Ransomware uses a public key to encrypt the user's data, and you will need the private decryption key to unlock objects with the .id-[eight random characters].last_centurion@aol.com.xtbl. As stated above, the Last_centurion@aol.com Ransomware is used in attacks on server networks predominantly and may encode the...

Posted on August 30, 2016 in Ransomware

TopSecurityTab

Some computer users have moved their attention to advertisements and popups called TopSecurityTab, which is part of an adware threat that is inclined to display random ads to potentially interrupt normal use of a computer. TopSecurityTab ads are associated with the company Imali Ltd, which may be known for other browser hijackers or advertisements applications. TopSecurityTab may attempt to offer computer users with other methods of surfing the web securely. The features of TopSecurityTab may prove to be unwanted for some computer users. Use of the TopSecurityTab ads may cause unwanted redirects to load sites that have questionable content. TopSecurityTab is made up of web browser plugins or add-on components. Most times, TopSecurityTab components will load as a result of installing freeware programs or 3rd party applications. Reversing the effects of TopSecurityTab may require the...

Posted on August 29, 2016 in Adware
1 2 3 4 5 6 7 8 9 10 11 1,082