Salsa Ransomware

The Salsa Ransomware is a ransomware Trojan first reported in April 2017. The Salsa Ransomware seems to be a standalone ransomware threat rather than part of a larger family of ransomware. The most common way in which the Salsa Ransomware is being distributed is by attaching corrupted files to spam email messages. When the victim opens the file, a compromised script downloads and installs the Salsa Ransomware on the victim’s computer. The Too Spiced Salsa for Your Files The Salsa Ransomware's intended target seems to be mainly corporate networks and servers, although the Salsa Ransomware attacks also can be quite effective against individual computer users. The Salsa Ransomware functions like most ransomware Trojans, encrypting the victim’s files by using a strong encryption algorithm to make them inaccessible. The Salsa Ransomware...

Posted on April 11, 2017 in Ransomware

Cerberos Ransomware

PC security researchers first received reports of the Cerberos Ransomware infections in April 2017. The Cerberos Ransomware is a variant of an already existing ransomware Trojan, which tended to go by the name of Cyber Splitter and had been released in a couple of different versions. The team responsible for this threat signed the executable file responsible for the Cerberos Ransomware attack. The Cerberos Ransomware is being delivered in the form of a bogus update for Adobe Acrobat Reader currently, in an installer file named 'pdf.exe.' Another way in which the Cerberos Ransomware may be delivered is in the form of a corrupted email file attachment that is delivered in conjunction with a social engineering tactic. A Mythological Dog Messing Up with Your Files The Cerberos Ransomware seems to be designed to infect computer users in the...

Posted on April 11, 2017 in Ransomware

Go.buzzonline.site

Go.buzzonline.site is a redirect link to the Buzzonline.site, which is presented as a news portal that (at the time of writing) has content that is ten months old and lacks updates. Moreover, buzzonline.site is associated with cases of browser hijacking where users are forced into loading buzzonline.site in their Internet clients whenever they open a new tab and click the 'Home' button on their Toolbars. The buzzonline.site browser hijacker is programmed to generate Internet traffic to buzzonline.site by redirecting users on random intervals and when they perform certain actions like opening a new tab page. That way, the owners of buzzonline.site can claim pay-per-view and pay-per-click from advertisers that used the buzzonline.site platform to promote products and services. The buzzonline.site browser hijacker may have arrived on your...

Posted on April 10, 2017 in Browser Hijackers

NoteHomepage Toolbar

The NoteHomepage Toolbar by Mindspark Interactive Network, Inc. is promoted on the Chrome Webstore and notehomepage.com as a tool that enables users to create and customize notes and to-do lists online for free. The NoteHomepage Toolbar is available to Google Chrome, Internet Explorer and Mozilla Firefox users. You should be aware that the NoteHomepage add-on for Firefox is not listed on the official app store at addons.mozilla.org and Firefox blocks the installation of the add-on by default. The NoteHomepage Toolbar is deemed as a Potentially Unwanted Program (PUP) because it is an ad-supported software that may display unsolicited advertisements related to spam, "pyramid schemes," badware and pornographic media. Needless to say, the NoteHomepage Toolbar is not a kid-friendly app that you would want to install on a browser used by...

Posted on April 10, 2017 in Possibly Unwanted Program

‘WindowsTime.exe’ Bitcoin Miner

The 'WindowsTime.exe' Bitcoin miner is a threat infection that is designed to generate money by taking advantage of the infected computer's processing power. BitCoins are an online currency. The way new Bitcoins are created is by using computer processing power to run algorithms. The 'WindowsTime.exe' Bitcoin miner belongs to a category of threats that the con artists may use to infect the victim's computer with software that uses that computer's resources to generate BitCoins, making a profit while using the victim's resources. Threats like the 'WindowsTime.exe' Bitcoin miner make the infected computer slower than normal, causing it to overheat frequently and affecting its performance severely while running in the background. The 'WindowsTime.exe' Bitcoin Miner and Similar Threats The 'WindowsTime.exe' Bitcoin miner processes BitCoin...

Posted on April 10, 2017 in Trojans

Rensenware Ransomware

The Rensenware Ransomware is an encryption ransomware Trojan that was uploaded to Github.com by a person going by the online handle '0x00000FF,' who created the Rensenware Ransomware to, supposedly, play a joke on other computer users. The Rensenware Ransomware, unlike most ransomware Trojans, does not demand the payment of a ransom to decrypt the files it encrypts in the attack. Rather, the Rensenware Ransomware encrypts the victim's files using a strong encryption but demands that the victim generates a score of 12 billion on the game 'Touhou 12' in the 'Lunatic' difficulty. This is extremely difficult, meaning that most of the victims fail the Rensenware Ransomware test. The Unusual Ransom Demanded by the Rensenware Ransomware The Rensenware Ransomware carries out an attack that is typical of these infections, with the only...

Posted on April 10, 2017 in Ransomware

MemeLocker Ransomware

The MemeLocker Ransomware is a ransomware Trojan that is used to encrypt the victim's files. Con artists may use the MemeLocker Ransomware and similar Trojans to encrypt files so that the victim will be forced to pay a ransom to recover the affected files. The MemeLocker Ransomware takes the victim's files hostage until the victim pays the ransom amount. Malware analysts first observed the MemeLocker Ransomware on March 25, 2017, although it became better known on April 10 of the same year. The MemeLocker Ransomware still seem to be in development, however, since some of its characteristics do not seem fully finished. The MemeLocker Ransomware is one of the many ransomware Trojans active currently that are based on the HiddenTear open source ransomware engine. The MemeLocker Ransomware also includes screen locking capabilities. The...

Posted on April 10, 2017 in Ransomware

The Coupon Store

The Coupon Store browser extension that Web surfers can find at Thecouponstore.co is promoted via ads generated by adware and may land on computers in the company of riskware such as Nonereblock and TappyTop. The Coupon Store browser extension is offered to Web surfers as a shopping enhancer that can provide access to free coupons on your new tab page along with a weather forecast and a powerful search. Computer users that use Mozilla Firefox and Google Chrome can add The Coupon Store app to their collections of extensions while Internet Explorer may want to switch to Chrome or Firefox if they want to benefit from The Coupon Store app. You might want to reconsider installing The Coupon Store extension because it is deemed as adware that may flood your browser with unsolicited marketing materials and redirect you to untrusted merchants....

Posted on April 10, 2017 in Adware

My Tropical Beach New Tab

The My Tropical Beach New Tab software is packed as a browser add-on and extension for Mozilla Firefox and Google Chrome. At the time of writing, there is no version for Internet Explorer. The My Tropical Beach New Tab software is associated with the Mystart.com domain that offers a search service managed by Visicom Media Inc. The My Tropical Beach New Tab extension works as a Web-app that may take control of your new tab page to provide expanded functionality as opposed to the default layout provided with Firefox and Chrome. The My Tropical Beach New Tab is marketed to help users discover beautiful sunny destinations for their vacation with every opened new tab. You can find the official page for My Tropical Beach New Tab at Mystart.com/mysunscape/, which for some reason features the name 'MySunscape,' and the site is listed on the...

Posted on April 7, 2017 in Potentially Unwanted Programs

My Games Classics New Tab

The My Games Classics New Tab program from Visicom Media Inc. is presented to users as a way to play classic games on their new tab page and play new ones. The official site for the My Games Classics New Tab program can be found at Mystart.com/mygamesclassics/ and it is part of the Mystart.com network of domains. The My Games Classics New Tab app requires integration with Mozilla Firefox and Google Chrome to enable the functionality marketed on Mystart.com/mygamesclassics/. When you load the site you are shown series of images related to games like Tron, Pacman, Final Fight One, Tetris, and Sonic, and you are provided with the following explanation on what the My Games Classics New Tab is all about: 'Customize your New Tab page, and play your favorite classic games! With every new tab, enjoy a different classic game, such as PacMan and...

Posted on April 7, 2017 in Possibly Unwanted Program

Yoga New Tab

The Yoga New Tab extension by Visicom Media Inc. is an ad-supported program that requires integration with Google Chrome and Mozilla Firefox to present users with beautiful photos from around the world, personalized greeting messages, quick access to social media, chill out music and weather information. The Yoga New Tab app is designed to present users with a customized page on the Mystrat.com network that can be loaded at Mystart.com/myyoganewtab/. PC users can install the Yoga New Tab by navigating to Chrome.google.com/webstore/detail/yoga-new-tab/jphkcdmoaacdaignphfganfdjadbfbim and Mystart.com/myyoganewtab/. Cyber security analysts recognize the Yoga New Tab extension as a Potentially Unwanted Program (PUP) because the advertisers who support the app have access to a broad spectrum of data collected by the Yoga New Tab extension....

Posted on April 7, 2017 in Possibly Unwanted Program

Kripto64 Ransomware

The Kripto64 Ransomware is a ransomware Trojan that is based on Hidden Tear, an open source ransomware engine that was first released in 2015. The Kripto64 Ransomware seems to target computer users in the Middle East, with the particular version of the Kripto64 Ransomware observed by PC security researchers using a ransom note written in Turkish. Despite the fact that the Kripto64 Ransomware is designed to target computer users in a particular part of the world specifically, there is nothing preventing the Kripto64 Ransomware from spreading to computers everywhere else. The most common way in which the Kripto64 Ransomware is distributed is by including it as an email attachment in the form of documents that use corrupted macro scripts attached to spam email messages disguised as social media notifications. The Dreaded Effects of the...

Posted on April 7, 2017 in Ransomware

LMAOxUS Ransomware

The LMAOxUS Ransomware is a ransomware Trojan based on an open source ransomware Trojan released on Github and known as Stolich. Stolich is a project started by Ahmad Kazi, a programmer that goes by the online handle of 'empinel.' Stolich itself is a version of EDA2, another open source ransomware engine made public in recent years. The LMAOxUS Ransomware is derived from these free open source ransomware Trojans and is being used to attack computer users that participate in the computer game Minecraft. The LMAOxUS Ransomware is being distributed by disguising it as a cracked version of this famous computer game. The LMAOxUS Ransomware - A Pompous Name of a Mere Threat The LMAOxUS Ransomware is very similar to many variants of EDA2 that have already been active. The LMAOxUS Ransomware scans the victim's computer and makes a list of all...

Posted on April 7, 2017 in Ransomware

‘Select Region’ Tech Support Scam

Computer users that are greeted by a blue screen with the title 'Microsoft Windows Select Region' after booting their OSes are likely to be infected with a Trojan that is associated with computer support tactics. The 'Select Region' screen message is displayed in full screen by a Trojan that is programmed to block your access to the desktop. The screen layout is styled to resemble the installation window for Microsoft's Windows 10 OS. The desktop overlay includes the Windows 10 logo in the top right corner and the 0800-652-8283 phone line listed in the top left corner of the screen. The right-hand side features five text fields that include information about your system and an invitation to select your country and region. Users are shown the following text: 'Customer Support: 0800-652-8283 Microsoft Windows Select Region Please Select...

Posted on April 6, 2017 in Adware

Trojan.Dropper.Dapato

The Trojan.Dropper.Dapato program is classified as a Trojan that is programmed to show advertisements on the screen of infected users and generate Internet traffic to unreliable search engines. The Trojan.Dropper.Dapato program was reported for the first time by users in Poland, and the threat appears to target users in Central and Western Europe predominantly. Computer users may install the Trojan.Dropper.Dapato with a corrupted free software bundle, which may include adware like PubHotspot and riksware such as YTDownloader. We have detected that the Trojan.Dropper.Dapato is often found on infected computers in the company of the Vnlgp Miner, which is a legitimate program that is abused by threat authors who claim revenue from processing online payments using the hardware resources of compromised machines. The Trojan.Dropper.Dapato...

Posted on April 6, 2017 in Trojans
1 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 1,152