April 2007 - Posts

April spyware list

Posted by Vicente Martinez at  27 April 07 01:43     This month, Adware/Gator gains the first position again, with only 75 more detections than Adware/Lop. 1: Adware/Gator 2: Adware/Lop 3: Application/MyWebSearch 4: Application/Winantivirus2006 5: Spyware/Virtumonde 6: Adware/SaveNow Application/Winantivirus2006

Read More...

Not without my Eula!!!

Posted by Vicente Martinez at  26 April 07 11:58     In a website that uses exploits to infect I have come across a malware that installs a program with the EULA agreement without user’s consent. Here you have a video in the following link or via YouTube: The process is shown: 1 – Eula agreement – How a

Read More...

Cybercrime... for sale (I)

Posted by pmontoya at  23 April 07 05:23     You have probably wondered at some time or another why there is so much malware. As we have lately explained on so many occasions, most times it all comes down to money. However, this raises other questions: How do hackers make money out of programming

Read More...

W32/Spamta.WF.worm

Posted by Luis Corrons at  19 April 07 03:57     In the last hours we have received a few hundreds e-mails containing the worm Spamta.WF. The attached file has one of the following extensions: bat cmd exe pif scr The subject of the email is one of the following: Error Good Day hello Mail Delivery System

Read More...

Artesimda.A

Posted by Luis Corrons at  18 April 07 11:58     Everyday we discover a huge number of new Trojans. Almost all of them are crimeware related (to steal any kind of credentials, e-mail addresses, etc.). It is common that the hackers, some of them really lazy, use different tools to carry out different

Read More...

FakeImages

Posted by Vicente Martinez at  16 April 07 10:44     I have just discovered a new kind of fakecodecs. This time, instead of being related with codecs to watch videos, it is related to images, I have named it Adware/ImageAccesActiveXObject. As well as with the fakecodecs, it offers us to "enjoy"

Read More...

Ani exploit plus Heap Spraying

Posted by Ismael Briones at  13 April 07 02:40     Today we have detected a server exploting the last ani vulnerability with the known "Heap Spraying" technique. The ani file exploits the vulnerability nevertheless there isn't a shellcode inside it: The html page has a javascript code to inject heap as

Read More...

Nurech.Z

Posted by Luis Corrons at  13 April 07 01:33     In the last hours we have received several mails containing the worm Nurech.Z. In order to avoid being detected, this worm comes in a .zip file attached to the email. In addition, a password is needed to open that .zip, which makes its detection by the

Read More...

Trojan Snatch installed in a lot of malware servers

Posted by Luis Corrons at  04 April 07 10:24     Lately, I’ve been coming across several websites that infect computers with the Trojan Trj/Snatch by using exploits. This malware not only monitors the passwords entered in the websites accessed by the user, but also has rootkit functionalities

Read More...

ANI vulnerability and malware researchers... be careful

Posted by Ismael Briones at  02 April 07 09:30     Last week (thursday and friday) was very hard for all malware researchers, working with the "new" ANI threat. Too much and different information were released. "Yes, it's the same MS05-002 issue", "No, it's not the same issue..." , "It 's a user32.dll

Read More...