tumblr hit counter

PandaLabs Blog Everything you need to know about Internet threats

Aug 25

Rogueware on the roll

Quite recently a new rogueware called Advanced Security Tool 2010 entered the scene. This file is being detected as Adware/SecurityTool2010. Besides having a more modern look and a slick interface, it also loads an exploit known as the help center vulnerability. Microsoft has issued a Security Bulletin in July. Preventive measures can be taken by […]

  • (1) Comment
Jun 28

HCP Vulnerability Exploited in the Wild

On June 10th, a researcher working for Google publically released details about a flaw in Microsoft’s Help and Support Center.  The flaw exists due to improper sanitization of URI’s in the HCP protocol handler.  If exploited, an attacker would be able to execute arbitrary commands on a victim’s machine. This vulnerability disclosure has fueled an […]

  • (1) Comment
Jun 23

Infecting the iPad }:-)

Last year we witnessed the first infection that affected devices based on the iPhone operating system, it was the worm iPhone/Eeki. We wrote a blog post explaining how the worm worked, and prepared a video where you could see how it was infected and how it was distributed from an iPhone to an ipod Touch. […]

  • (5) Comments
Feb 1

Spam using Twitter and Youtube

Spam is something that we see on a daily basis. Everyday thousands of unwanted e-mails arrive to our mailboxes. We have seen them in all kind of flavours. Plain text, html, instant messaging, images, pdf, even in MP3. Users are able to learn, so usually when we know that a message is spam, we don’t […]

  • (0) Comments
Oct 8

Rogueware with new Ransomware Technologyâ„¢

The criminals behind Rogueware attacks are becoming increasingly aggressive in their approach to make money. We recently stumbled across a sample (Adware/TotalSecurity2009) which uses a ransomware technique to improve its sales. Once the computer becomes infected, Total Security forces the victim to purchase it before it will allow any files from being accessed on the […]

  • Comments Off
Sep 8

Live Demo: Banking Trojans

Banking Trojans are one of the most prevalent Malware species in the threat landscape today.  Malware authors aim to keep infections live and undetected long enough so that they can get what they are really after: money. Financial motivations lead malware developers to craft the stealthiest banking Trojans to steal personal and financial data for […]

  • Comments Off
Jul 8

Zero day in MSVIDCTL.DLL

A couple of days ago we started spotting a new vulnerability affecting Microsoft Video ActiveX Control. Even though it's been said there are thousands of web sites affected, they are only a few dozens and most of them are in China: Anyway, it is a matter of time to see this attack expanding worldwide. We've seen […]

  • Comments Off
Apr 23

New Blackhat SEO attack exploits vulnerabilities in WordPress to distribute rogue antivirus software

  • Comments Off

Over the past week we have seen a new Blackhat SEO technique emerge to exploit vulnerabilities in the popular WordPress blog software.  Two of the sites we identified were TheWorkBuzz.com, a website owned and operated by Career Builder (CareerBuilder.com), and The Center for International Media Assistance, an initiative of the National Endowment for Democracy (NED.org). […]

  • Comments Off
  • Become a fan!

    Panda Security on Facebook
  • Blogroll

  • Categories