May 2007 - Posts

The Cimuz uninstaller

Posted by Vicente Martinez at  30 May 07 03:50     Checking a server that installs a variant of Trj/Cimuz, I came across a link that pointed to remover.exe file: After analyzing the code of the file, I noticed that it uninstalled the same variant of Trj/Cimuz that had been previously installed from that

Read More...

Pirates of the Caribbean: At World's End

Posted by Luis Corrons at  25 May 07 11:00     No, it's not about the Disney's movie that you can see today at cinemas. There has been a massive sending of a message with a file attached that is supposed to be the movie trailer, the name of the file is: Official_Trailer_Pirates_of_the_Caribbean_At_World's_End.exe

Read More...

A new server hosting a Briz

Posted by Vicente Martinez at  22 May 07 03:41     VisualBreeze or VisualBriz is another malware that is usually sold in forums of malware developers, similar to the ones we mentioned in “Cybercime for sale”. I have recently discovered a server that hosted a new variant of this malware and

Read More...

W32/MsnPhoto.A.worm

Posted by Sergio Piñeiro at  21 May 07 01:29     We have found a new malware that uses instant messaging to deceive users. It arrives as an .exe file disguised as a .jpg. If you open it, you will get infected, and your msn contacts will receive some messages and a file called " fotos_posse.zip ". Here

Read More...

Zunker that installs another Bot

Posted by Vicente Martinez at  17 May 07 12:23     One of the active servers of the Zunker we mentioned yesterday installs another bot. Although the first Zunker we talked about was configured to only affect computers with German IPs, this one only affects computers with Russian IPs: This Zunker installs

Read More...

More Zunkers!!!

Posted by Vicente Martinez at  16 May 07 06:03     Analyzing the pattern of the binary file installed by Zunker and comparing it with our samples, we have come across 32 similar files. On the left, the graphical representation of the binary file belonging to the first Zunker we came across and on the

Read More...

MPack uncovered!

Posted by Luis Corrons at  11 May 07 12:09     In " Cybercrime... for sale " we promised to talk about MPack. The latest version (MPack v0.851) we have just discovered is pretty active right now as you can see in the stats: Where is this tool infecting? Well, it is a question very easy to

Read More...

New Alanchun wave

Posted by Luis Corrons at  09 May 07 11:37     Our large malware honeynet also known as TruPrevent© is detecting a new Alanchun wave. In a few hours we have received some hundreds of reports about this one, named Trj/Alanchun.VT. It is just another Trojan with rootkit capabilities and prepared

Read More...

Zunker Bot

Posted by pmontoya at  08 May 07 09:46     Today I've got something special for you. It is the front-end of a botnet for spam, i.e. thousands of computers sending out mail indiscriminately, Everything started when I was investigating neosploit (I’ll talk about that another day) and I came across

Read More...

Quarterly Report January-March 2007

Posted by Luis Corrons at  07 May 07 01:12     We have just published the latest PandaLabs Quarterly Report . We have introduced several improvements in the presentation of the statistics. Our goal has been to expand the information and facilitate interpretation so readers will have a more precise

Read More...

Fake Internet Explorer 7.0 Beta

Posted by Luis Corrons at  07 May 07 09:20     This weekend we have seen several spam messages sent in order to infect users with a new Trojan. It is being distributed as if it were an Internet Explorer 7.0 Beta update. This message is sent from a faked address, admin@microsoft.com , and the subject

Read More...

Cybercrime... for sale (II)

Posted by pmontoya at  03 May 07 06:26     In this post, we continue talking about the price of malware, focusing on the price of software (Trojans, joiners, etc.): Keylogger Teller 2.0: typical keylogger; it uses stealth techniques and is quite complete: US$40. Webmoney Trojan: it captures Webmoney

Read More...