January 2007 - Posts

Phishers go one step further

Posted by Sergio Piñeiro at  31 January 07 04:54     Today we are going to talk about phishing. We already know that financial institutions are a prime target for phishers. As malware evolves from an amateur hobby to a money making business, things have evolved a lot. The phishing we are going to talk about

Read More...

Attachment(s): mailagencia.JPGf

Strange scanner

Posted by Sergio Piñeiro at  25 January 07 09:06     Yesterday we came across a sample. It is dropper of a virus called W32/Rigel.A Once you execute it, it displays a windows(Shown below), that informs users that a scanning for a specific Trojan horse is being done. But, the truth is quite different. While

Read More...

Attachment(s): RigelA.JPGf

Spam in PHP forums

Posted by Sergio Piñeiro at  24 January 07 01:31     Today we have found that in a php forum, someone was posting spam messages. It was obvious in this particular case, because it was a Spanish forum, and the message was in English. Notice that it uses the "guest" account ("invitado").

Read More...

Attachment(s): PhpForum.JPGf

Another Spamta run

Posted by Sergio Piñeiro at  23 January 07 11:08     We have seen that spamtas are rising quickly. Two days ago, we detected a variant, that has been quite silence. But a few hours ago, the last one started climbing, with the appearance of a new variant, which is also arriving in great numbers. Both are

Read More...

Attachment(s): Spamtaload.JPGf

Trj/Alanchum.NX alert

Posted by Sergio Piñeiro at  19 January 07 08:14     A new trojan is being spammed and is arriving to our inbox. We can recognize it because you have the following subjects: - "U.S. Secretary of State Condolezza Rice has kicked German Chancellor Angela Merkel" - "230 dead as storm batters

Read More...

MSN Messenger Trojan: Trj/MsnZombie.A

Posted by Sergio Piñeiro at  18 January 07 06:06     Today we have found a piece of malware that uses the so called "social engineering" to persuade users to infect their own machines. In this case it uses a file which is supposed to be an animation of USA's president Bush doing something

Read More...

Attachment(s): trj_MsnZombieA_IP.JPGf

Spam, spam spam.....

Posted by Sergio Piñeiro at  16 January 07 03:44     Of course, we have all wondered when we will stop receiving spam. It is not an easy question. We have already started 2007 and all the figures show that it is increasing overtime. When I take a look at my inbox, all I see are emails like these: - Phishing,

Read More...

New Spamtaload wave...

Posted by Sergio Piñeiro at  15 January 07 04:38     Today, we have detected an increase in the number of email incident reports. This is due to a new variant of the infamous Spamtaload. We have called this variant Spamtaload.CS. In the last 12 hours we have seen a peak reached at 10:00 and although the

Read More...

Attachment(s): Spamtaload_cs.JPGf

What do you want to do for a living?

Posted by Sergio Piñeiro at  11 January 07 09:28     Yesterday we found such an interesting job offer, that we felt compelled to explain it to you, in case you were interested. It consists in being paid 60$ every month, just for sending 1,000 emails a day. The deal works more or less like this. Once you

Read More...

Attachment(s): Joboffer.JPGf

Train timetables and Bluetooth

Posted by Sergio Piñeiro at  10 January 07 11:40     Today we came across an interesting piece of news. Less than two hundred meters from Panda Software's main building, at the hall of a centric train station in Bilbao, a hotspot will be installed, from which timetables and fares can be downloaded via

Read More...

Apple bugs month Revisited

Posted by Sergio Piñeiro at  09 January 07 05:12     As we announced a few weeks ago , Month of Apple Bugs is online since the first of January. Of the eight vulnerabilities that have been published, nowadays, two of these reports affect the Windows version of the vulnerable software: VLC Media Player udp://

Read More...

What do a Rootkit a Mitglieder and a Bagle do in the same pc?

Posted by Sergio Piñeiro at  08 January 07 05:27     Sometimes malware variants are quite selfish. Not long ago we came across a variant that downloaded a virus scanner, to gain full control of the pc's resources. Today we are going to talk about cooperation. And how different variants can be combined.

Read More...

Attachment(s): Bagle.JPGf

Adobe plugins Vulnerabilities

Posted by Sergio Piñeiro at  05 January 07 08:20     Stefano Di Paola y Giorgio Fedon have discovered various vulnerabilities in Adobe Acrobar Reader's plugin. They presented them at CCC's Congress with a presentation on Vulnerabilities in Web applications that use AJAX. The original advisory can

Read More...

December 2006 Top Spyware

Posted by Sergio Piñeiro at  04 January 07 10:28     Vicen, our spyware researcher has finished compiling the December's Top Spyware list. There are no changes from last month's list, at least on the top five. So here it is: 1 Adware/Gator 2 Application/Winantivirus2006 3 Adware/Ncase 4 Adware/Wupd

Read More...

Some figures...

Posted by Sergio Piñeiro at  03 January 07 06:10     I was reviewing some figures, and have decided to share them with you. All this numbers are extracted from statistics done in Spain. At the moment the last ActiveScan report shows that there are more than 750 different variants active, and that 21,1%

Read More...

New year, same old folks.

Posted by Sergio Piñeiro at  02 January 07 04:42     It is quite common in Spain to celebrate the first child born on the first of January. This is good news, as new life brings fresh air. But unfortunately, in our job, new variants don't mean good news at all. It just reminds us of the plenty of work

Read More...