Track Global Malware Trends
View the trending of malware based on the 'detection count' reports of threats found in infected PCs and volume levels which reflect malware infection rates. For real-time data on malware outbreaks worldwide, visit MalwareTracker.

Top Security News

Top 20 Countries Found to Have the Most Cybercrime
Have you ever wondered which countries face the most cybercrime? If you have ever wondered which countries have the most cybercrime, then you may be surprised to know that there are few contributing factors that attract cybercriminals to specific regions of the world. Security research firm,...
Gmail Filter Virus Attacks Gmail Users Turning Them Into Spammers
A new vulnerability within the Gmail email account system, called Gmail Filter Virus, is currently affecting some Gmail users taking control of their account turning it into a virtual spam proxy. Many Gmail account users will utilize the 'filters' feature for various automation functions in...
Crafty Scammers Offer a Fake Survey Bypassing Script That is Really a Survey Scam Campaign in Disguise
Just when you think that you have heard about some of the most clever scams online, cybercrooks amaze us all again as they introduce their very own solution to online survey scams. The people responsible for survey scams are not only still tricking computer users through the use of their annoying...

More Articles

LaSuperba

LaSuperba may be associated with numerous problems that may be caused by PUPs (Potentially Unwanted Programs). LaSuperba may interrupt the computer users' activities when browsing the Web and cause performance problems on affected Web browsers. LaSuperba is linked to an adware that may affect most commonly used Web browsers on the Windows operating system, including Internet Explorer, Mozilla Firefox and Google Chrome. LaSuperba advertisements may take the form of irritating pop-up messages that make it very difficult to use the affected Web browser. In most cases, removing adware associated with LaSuperba will stop LaSuperba advertisements from appearing on affected Web browsers. However, most adware infections do not come alone; the presence of one adware component may indicate the presence of others, all of which may be connected with LaSuperba and similar unwanted content....

Posted on August 31, 2015 in Adware

VirLock Ransomware

Screenshot

The VirLock Ransomware is a ransomware Trojan that takes computers hostage and then demands payment from the computer users using BitCoin, a crypto-currency that is known for permitting anonymous online payments. The VirLock Ransomware will threaten computer users, claiming that the VirLock Ransomware has found pirated software on the infected computer and threatening to report the victim to the authorities unless the fine is paid. These claims have no basis. The VirLock Ransomware cannot check your computer for pirated software or alert the authorities. Rather, the VirLock Ransomware is engineered to lock down your computer and prevent access to your files. If the VirLock Ransomware...

Posted on December 10, 2014 in Ransomware

CryptoWall Ransomware

Screenshot

The CryptoWall Ransomware is a ransomware Trojan that carries the same strategy as a number of other encryption ransomware infections such as Cryptorbit Ransomware or CryptoLocker Ransomware . The CryptoWall Ransomware is designed to infect all versions of Windows, including Windows XP, Windows Vista, Windows 7 and Windows 8. As soon as the CryptoWall Ransomware infects a computer, the CryptoWall Ransomware uses the RSA2048 encryption to encrypt crucial files. Effectively, the CryptoWall Ransomware prevents computer users from accessing their data, which will be encrypted and out of reach. The CryptoWall Ransomware claims that it is necessary to pay $500 USD to recover the encrypted...

Posted on May 12, 2014 in Ransomware

CryptoLocker Ransomware

Screenshot

The CryptoLocker Trojan is a ransomware infection that encrypts the victim's files. CryptoLocker may typically be installed by another threat such as a Trojan downloader or a worm. Once CryptoLocker is installed, CryptoLocker will search for sensitive files on the victim's computer and encrypt them. Essentially, CryptoLocker takes the infected computer hostage by preventing access to any of the computer user's files. CryptoLocker then demands payment of a ransom to decrypt the infected files. CryptoLocker is quite harmful, and ESG security analysts strongly advise computer users to use an efficient, proven and updated anti-malware program to protect their computer from these types of...

Posted on September 11, 2013 in Ransomware

MyStart by Incredibar

Screenshot

MyStart is a browser hijacker that uses the MyStart by Incredibar toolbar and a browser hijacking component that forces its victims to visit the MyStart.Incredibar.com website. This website is a low-quality search engine that displays more advertisements than legitimate results. Even worse, several of MyStart's search results may lead computer users to websites containing malicious content. Although MyStart actually provides a supposed tool to remove this component from the victim's web browser, ESG security researchers recommend disregarding this component and instead removing MyStart with the help of a reputable anti-malware utility. MyStart can refer to both the low-quality...

Posted on July 31, 2012 in Adware

FBI Moneypak Ransomware

Screenshot

ESG security researchers have received reports of a ransomware infection, known as the FBI Moneypak ransomware, that targets computer users in the United States. The FBI Moneypak ransomware infection will claim that the victim's computer was involved in viewing child pornography and then demands payment of a 100 dollar 'fine' to be sent via MoneyPack. Of course, that a criminal charge as serious as child pornography would be punished with a mere 100 dollar fine is laughable. There is a reason for this, the FBI Moneypak ransomware is not really from the FBI. Rather, this message is actually part of a common malware scam. The FBI Moneypak ransomware scam will use a Winlocker, that is,...

Posted on June 25, 2012 in Ransomware

Live Security Platinum

Screenshot

Live Security Platinum is one of the many fake security programs in the WinWebSec family of malware. Although ESG security researchers have been following the family of malware for several years, Live Security Platinum is a relatively new variant first detected in 2012. Because of this, it is pivotal to ensure that your security software is fully updated. Like most fake security programs, Live Security Platinum is designed to induce PC users to purchase a worthless 'full version' of Live Security Platinum. To do this, Live Security Platinum will try to scare the computer user with a variety of fake error messages, pop-up alerts from the Taskbar and a convincing fake scan of the...

Posted on June 1, 2012 in Rogue Anti-Spyware Program

DNS Changer

Screenshot

DNS Changer is a Trojan that is designed to force a computer system to use rogue DNS servers. Also, DNS Changer is being referred to as the Internet Doomsday Virus, Ghost Click Malware, DNS Changer Rootkit, DNS Changer Malware, DNS Changer Trojan, DNS Changer Virus, FBI DNS Changer or DNSChanger. A DNS Changer infection will typically have two steps, in order to reroute the infected computer’s traffic to these malicious DNS servers: A DNS Changer malware infection will change the infected computer system’s settings, in order to replace the DNS servers to rogue DNS servers belonging to hackers or online criminals. The DNS Changer malware infection will then try to...

Posted on November 25, 2011 in Trojans

BrowsingGuard

The BrowsingGuard application may appear on your desktop when you handle a freeware bundle with the 'Express' or 'Typical' option. The BrowsingGuard is promoted as a program that can protect you from advanced cyber threats by monitoring what pages you open and scanning scripts on them. BrowsingGuard is claimed to be a rival of Content Protector and Shield Plus Privacy Protector. Some users may perceive the BrowsingGuard application as an alternative to Web of Trust and Google Safebrowsing. You may wonder if BrowsingGuard is free and whether you need to subscribe with your credit card. The BrowsingGuard software is published under the GNU Freeware license, and users should know that it is supported by advertisements. Its EULA (End User License Agreement) can be found at Browsingguard.com/eula, and you should read it carefully. The small print states that: 'The Software is supported...

Posted on July 28, 2016 in Adware

Uportal

The Uportal program is advertised as a search enhancer that can improve your start page and search capabilities significantly. The Uportal app is similar to Zebrouss and OneSearch and will need you to grant it administrative privileges to alter your browser and start menu functionality. The Uportal browser plug-in may be installed on your browser the last time you installed a free app with the 'Express' or 'Typical' option. You can use the sorting options inside your 'Control Panel' to determine when Uportal landed on your PC. The Uportal software is created and managed by ESOffers Network Co., Limited. The Uportal plug-in is not provided for free and is provided to users that comply with several terms of use. The Uportal software is ad-supported and customers of ESOffers Network Co., Limited. will need to tolerate many banners, pop-up ads and in-text hyperlinks to sponsored pages if...

Posted on July 28, 2016 in Browser Hijackers

‘1-866-933-5430’ Tech Support Scam

When you see the 1-866-933-5430 phone number listed on your screen, there is likely to be something wrong with your PC. The 1-866-933-5430 phone number is promoted on social media and pages like Kizifriv.org and Freegpssupport.com to provide technical support service to users. However, 1-866-933-5430 phone line is used by fake computer technicians and is associated with rogueware. The scammers on the 1-866-933-5430 phone line represent a fictional company called Apical Technologies that is advertised on social media and blog posts but is not registered officially. You should avoid calling 1-866-933-5430 if you experience BSOD and system crashes. The problems with your system might be caused by an application called VMC Media Player that is distributed to users via freeware packages. VMC Media Player is promoted as a media player, but its functionality defers from what you may be...

Posted on July 28, 2016 in Adware

R980 Ransomware

The first samples of the R980 Ransomware made malware researchers suspicious of its activity since it does not encrypt files. Our experts suspected that it might work like the CryptoHost Ransomware and transfer the victim's files in a password protected archive file. But no, R980 Ransomware appears to be a work in progress and may make an impact when its developers setup their servers correctly. The R980 Ransomware was discovered by the security researcher going under the name Jaromir Horejsi that revealed his discovery via social media. Web filters like Websense and Cisco Cloud Web Security raised alerts that suspicious activity was detected on the Bookmyroom.pk domain. The investigation proved fruitful, and it became apparent that the Bookmyroom.pk is used as a host server for the R980 Ransomware as well as 'Command and Control' server. A careful look at databases uploaded to...

Posted on July 28, 2016 in Ransomware

Juicyads.com

The Juicyads.com domain is the home for the Juicy Ads Advertising Network that allows its customers to benefit from their advertising solutions. Software developers that wish to gain popularity by making freeware may use the services of Juicy Ads to monetize views and Web traffic through their applications. The practice allows developers to earn money for their work and allows you and me to use software for free. However, there are those who exploit the Juicy Ads Advertising Network and created a browser hijacking program to direct users to promotional materials and sites forcefully. The Juicyads.com browser hijacker can change the user's proxy settings and divert traffic to affiliated pages. That way, the operators of the browser hijacker at hand can sit on their couch comfortably and accumulate pay-per-click revenue. The Juicyads.com browser hijacker is known to use the...

Posted on July 28, 2016 in Adware

Decryption Keys for Chimera Ransomware Leaked by Rival Cybercrooks

In recent events, there appear to be several decryption keys being leaked over the Internet uncovering the proper key to decrypt files that were once encrypted for the purposes of demanding ransom fees from victimized computer users. The author of the Mischa and Petya family of ransomware has leaked the decryption keys for the rival Chimera Ransomware . Chimera is among an extensive list of ransomware that appeared in 2015 and has since evolved to not only encrypt files on infected computers, but the threat took on a new face to offer an affiliate program for other crooks who want to earn money by the distribution of the malware. Recent ransomware infections have been known to conduct malicious activity, actions that end up leaving an infected computer nearly useless for performing various functions. The process of crypto-ransomware encrypting files ends up with a...

Posted on July 27, 2016 in Computer Security

Mediawhirl.net

The domain does not host media content in may form and serves as a redirect-portal. Web surfers that are rerouted to random pages on the Internet via Mediawhirl.net are likely to be infected with adware and a browser hijacker. Adware and riskware like 4zip and AdRotate are known to connect to untrusted sites like SoftNewread.Topupdate4u.net while generating content on the user's desktop. Our researchers performed a network analysis of Mediawhirl.net and revealed that users infected with a browser hijacker might be redirected to pages that offer potentially harmful software. For example, the browser hijacker at hand is reported to connect to more than fifty sites and drive Internet traffic through Mediawhirl.net. Users may install adware and browser hijacking software by handling free software packages with the 'Express' and 'Typical' option without caution. The browser hijacker...

Posted on July 27, 2016 in Adware

Jager Ransomware

The Jager Ransomware is cryptomalware that employs the AES-256 and RSA-2048 ciphers to lock the data of its victims. The Jager Ransomware is delivered to potential victims via spam mail and users may be lead to believe they are opening an official message from Facebook, Amazon and Twitter. Malware researchers report that the Jager Ransomware is a Trojan that is designed to encrypt your data on every drive you have access to and is connected to your primary system drive. The Jager Ransomware is similar to TowerWeb Ransomware and is designed to target more than a hundred file formats: .3DM, .3DS, .3G2, .3GP, .7Z, .ACCDB, .AES, .AI, .AIF, .APK, .APP, .ARC, .ASC, .ASF, .ASM, .ASP, .ASPX, .ASX, .AVI, .BMP, .BRD, .BZ2, .C, .CER, .CFG, .CFM, .CGI, .CGM, .CLASS, .CMD, .CPP, .CRT, .CS, .CSR, .CSS, .CSV, .CUE, .DB, .DBF, .DCH, .DCU, .DDS, .DIF, .DIP, .DJV, .DJVU, .DOC, .DOCB, .DOCM, .DOCX,...

Posted on July 27, 2016 in Ransomware

FastCompress-Zip

FastCompress-Zip is another Chinese archive manager that you can download from Fastcompress.com and install it with a freeware package that includes apps like Info Seeker and IST Cleaner Pro. The FastCompress-Zip software is promoted as a powerful archiver that can satisfy the needs of most users and allow them to create, organize and modify archives of data efficiently. According to Fastcompress.com, FastCompress-Zip can work with standard formats like RAR, ZIP, 7Z and TAR as well as GZIP, APK, and LBR. The FastCompress-Zip program is a product of Adlegend Limited that is based in Hong Kong, China and employs the services of ad networks to provide FastCompress-Zip cost-free to their customers. As you may suspect, FastCompress-Zip is supported by advertisements injected into your Internet browser. Computer users that install the FastCompress-Zip software may notice that it comes...

Posted on July 27, 2016 in Adware

Moonly Search

The Moonly Search browser add-on is promoted to Web surfers that use Google the most of the time they are online. The Moonly Search software may offer users to make modifications to how Google appears and functions. The Moonly Search add-on may allow users to set wallpapers on the main page of Google.com and direct it to load results from favorite locations first. The Moonly Search program may enable users to search on Google via the built-in search bar inside the Windows Explorer that comes with Windows 7, 8 and 10. The Moonly Search program is deployed to PC users with the help of freeware bundles and does not have an official site. You may find Moonly Search bundled with third-party apps like HQvidPv and Infonaut. Security analysts looked into the Moonly Search add-on and discovered that it has browser hijacking capabilities. The Moonly Search add-on may change your default...

Posted on July 27, 2016 in Browser Hijackers

Moth Ransomware

The Moth Ransomware falls into the category of Encryption Trojans and uses the .m0th file extension to mark files that it have corrupted. The Moth Ransomware is malware that you might download as a ZIP, RAR, PDF and DOCX file that has embedded macro. The developers behind the Moth Ransomware use spam bots to distribute their products to unsuspecting users and may employ social engineering to boost their campaign. The Moth cryptomalware is programmed to use a custom version of the AES-256 encoding algorithm to facilitate its operations. The Moth Ransomware is lightweight and is not likely to hijack your system resources while encrypting your data. The Moth Ransomware behaves in such way to minimize the risk of users catching up on its activity and terminating its primary process via the Windows Task Manager. Security researchers reveal that the Moth Ransomware is programmed to...

Posted on July 26, 2016 in Ransomware

Simple_Encoder Ransomware

The Simple_Encoder Ransomware is a new cryptomalware employed by cyber criminals that aim to extort PC users for their money. The Simple_Encoder Ransomware is an Encoding Trojan that is programmed to lock the victim's files and allow its operators to use them as leverage in negotiating a ransom. The payload of the Simple_Encoder Ransomware is deployed to users as an invoice from online stores like Amazon, eBay, and Best Buy. The mail with Simple_Encoder Ransomware may be sent from an address that is nearly identical to the official email account of your favored online shop. The Simple_Encoder Ransomware is packed as an XSLX file with macro that allows it to connect to the Web silently, download and install the Simple_Encoder Ransomware on your PC. All it takes to infect your computer with the Simple_Encoder Ransomware is one click on the malware dropper. AV vendors might detect the...

Posted on July 26, 2016 in Ransomware

NoobCrypt Ransomware

Malware investigators report that there is another competitor in the business with Ransomware that is called NoobCrypt Ransomware. The NoobCrypt Ransomware is a standard Encryption Trojan that is distributed to users using spam bots. The payload of the NoobCrypt Ransomware is not as sophisticated as the one of PowerWare Ransomware and may appear as a PDF, DOCX, and PPTX file. The potential victims may be lead to believe that they are opening an invoice and an update from social media like Twitter, Instagram, and Facebook. When the user runs the NoobCrypt Ransomware he/she may be redirected to a page on the Web and be presented with a fake error message. However, the main executable of the NoobCrypt Ransomware is injected in the OS and may connect to a remote server to download and install additional files. Our analysis revealed that the NoobCrypt Ransomware might be the work of the...

Posted on July 26, 2016 in Ransomware

MyDrivingTab

The MyDrivingTab browser extension is designed to work with Google Chrome excursively and provide navigation services. The MyDrivingTab extension is developed and maintained by Upside Innovations, Inc. that offers their product under the GNU Freeware license. Web surfers can find the MyDrivingTab software at Lp.mydrivingtab.com. Computer users may spot the MyDrivingTab extension bundled with third-party apps like GOsavy and HighliteApp . The MyDrivingTab extension is programmed to substitute the default design of the new tab page in Google Chrome with a custom portal located on Drivingtabsearch.com. Additionally, Drivingtabsearch.com is set as the preferred search aggregator, and users will be redirected to Drivingtabsearch.com whenever they type keywords in the omnibar. The MyDrivingTab extension may change the functionality of the right-click menu in your browser and add a new...

Posted on July 25, 2016 in Potentially Unwanted Programs

PowerLocky Ransomware

Malware researchers report that they have spotted a new member of the PowerWare family of Ransomware that is a combination of '.locky File Extension' Ransomware and PowerWare Ransomware . The hybrid is dubbed PowerLocky Ransomware, and it is powerful as Locky Ransomware and stealthy as PowerWare Ransomware. Security vendors may detect PowerLocky as PoshCoder as well. The hybrid is designed to use the PowerShell script editor that converts PowerShell scripts to Microsoft executable files and is delivered to users as a .NET executable file attached to spam mail. The makers of the PowerLocky Ransomware seem to like the functionality of the .NET Microsoft Windows executable that allows is to unpack an embedded script automatically. The main body of the PowerLocky malware is archived into Scripts.zip and incorporated in the .NET executable as a resource. Packing the PowerLocky...

Posted on July 25, 2016 in Ransomware
1 2 3 4 5 6 7 8 9 10 11 1,073