In our daily work we see many different attempts to trick a user to install dubious software. One of the more common variants is to use fake video codecs, in other words claim that the user needs to download and install their software in order to see some videos. This could look something like this.
As soon as the user enters the page they will be presented with the following warning:
Recently we stumbled upon a rogue application that used a very aggressive way to get users to register and pay for a license. It all started with one downloaded file disguised as a movie file, using .wmv.exe extension and using a windows media icon. Once the file was run it started by warning you that your PC may be infected.
In an attempt to bolster the number of drones in their botnet the Storm Gang has started sending out more spam email.
I won't mention any names :) but a friend of mine accidently clicked at a link which he got on from a pal using MSN Messenger.
The IM message was saying:
Is this your photo? hxxp://youtube.my3gb.com/index.php?=xxx@hotmail.com
xxx@hotmail.com is your own hotmail address.
The worm we spotted behaves in this way:
On Tuesday, May 27, 2008 an unpatched (at time of writing) 0-day vulnerability was discovered in Adobes Flash Player.
This attack is known to be in the wild and a large number(20,000+) of websites have been injected with exploit code to infect users who visit them.
Recently we have seen several URLs leading to a website where a company called TST Management offers Pictures for MSN/ICQ Friends. The page contains a login box for MSN and a similar one for ICQ.
Below the login are the Terms and Conditions TST Management wants you to agree to:
After skipping over the Easter holiday, the crew behind the Zhelatan Worm decided to pump and dump their spam for April Fool's Day.
The latest filenames being kickme.exe, foolsday.exe and funny.exe.
When executed the files "aromis.exe" and "aromis.config" are created in the windows directory.
"just in time for Valentines Day. A new variant of the well known storm worm hit email boxes last night, AdAware detects Storm as Zhelatin, this time with an exe simply named "valentine.exe". In January we saw the first wave of the Storm Valentines propagation email campaign, back now with a few slight changes but enough to make it undetectable by most Anti-Malware applications.
Some of the Subject lines for this new variant include:
Spyware Isolator is one of this week's new rogue anti-spyware applications that we have seen here at Lavasoft Research. Its behaviour is typical of standard rogue applications.
- ‹‹
- 10 of 10