Custom Search

MSRT January 2013 – Ganelp

To start the new year, we have added the Win32/Ganelp and Win32/Lefgroo families of worms to the January release of the Malicious Software Removal Tool.

Win32/Ganelp spreads via removable drives, uploads stolen information and downloads arbitrary files from remote FTP servers.

We have had detection signatures for this family for approximately 2 years and it continues to …

Trojan Disguised as Trend Micro Component Drops Bitcoin-Mining Malware

Malware writers have devised lots of social engineering tactics to lure users into their scheme. This time around, we saw a Trojan passing itself off as a Trend Micro component as a way to trick users into downloading and executing it.

We recently encountered a file and noticed the following properties (see below). For the untrained …

Fake delivery notification gets confused, has nice lie down

Looks like some scammers had a bit of a mix-up while counting out their cash on a gold plated yacht.

Click to Enlarge

Here’s the contents of the mail. The text in bold is a not-very-subtle clue:

“The UPS Office“:

Order: SD-5468-482485468 Order Date: Monday, 2 December 2012, 11:23 AM Dear …

Watch Out for WORM_VOBFUS

A wave of WORM_VOBFUS variants has recently emerged with some variants even spreading through Facebook. But based on initial analysis, this crop of WORM_VOBFUS presents no new routines. For good measure, users are encouraged to observe best practices such as disabling Autorun feature and updating their antivirus program with the latest pattern, just to name …

NYC Traffic Ticket spam is really Blackhole malware attack

Sophos – Don’t be too quick to believe that the New York State police are charging you with a traffic offence – that email you just opened in your inbox could actually be an attempt to infect your computer.

The team at SophosLabs have been intercepting a malicious spam campaign today which tries to trick the …

Malware attack spread as email from your office’s HP scanner

In these high-tech times, scanners and photocopiers aren’t just dumb machines sitting in the corner of the office.

They are usually connected to the corporate network, and – in some cases – can even email you at your desk to save you having to wear out your shoe leather.

And it’s precisely this functionality that we have …

Malware spammed out out as report for “tomorrow’s meeting”

Have you received an email telling you not to forget to bring a report to a meeting being held tomorrow?

Be on your guard.

SophosLabs is intercepting a malware campaign that has been widely spammed out across the internet, using just such a disguise.

Attached to the emails, which have a subject line of “Don’t forget about a …

Malware Attack through Fake YouTube Video.

Internet users are being warned about the latest disguise being used by malware authors in their attempt to infect people’s PCs. Below mentioned fraud email pretending to be from YouTube and having the subject line – Your video on the TOP of YouTube.

Quick Heal is proactively detects the malware and protect it’s users from …

Zbot Trojan spreads through fake ConEdison billing notification email

Today we came across a new malicious spam campaign that is actively sent out by the Cutwail spam botnet. The suspicious email claims to be a bill summary from the New York-based energy company Con Edison, Inc. It may use the subject line “ConEdison Billing Summary as of <DATE>” and the attachment uses …

So I Googled your name and found.. a Twitter phishing attack!

Sometimes they claim to have found a funny picture of you, say that you look like you’ve lost weight, or that there’s a horrible blog going around about you.

Whatever the nature of the disguise used by phishing attacks on Twitter, the modus operandi is always the same. Scammers will send you a message, possibly …

iPhone 5 emails infect Windows PCs with malware

Apple’s iPhone 5 is due to be revealed to the world tomorrow, which makes today the perfect opportunity for cybercriminals to take advantage of the excitement and exploit it for their own ends.

Journalist Abram Wagenaar was one of those who has received a malicious email, claiming to be from Apple and giving details of …

Mobile Malware Found Disguised as Opera Mini

The recent rise of mobile computing has further signaled the need for users to have a good reliable mobile browsers, such as Opera Mini, installed into their smartphones or any mobile device. We believe that is for this reason that cybercriminals are currently using Opera Mobile as a disguise for mobile malware.

We encountered a website …

Mac OS X Trojan hides behind malicious PDF disguise

A fascinating new example of Mac malware has been discovered, that appears to be adopting an old Windows-style disguise to fool users into running it.

Despite the numerous times that cybercriminals have created boobytrapped PDF files that exploit vulnerabilities to infect unsuspecting users, many people still think that PDF files are somehow magically safer to …

Scan from a Xerox WorkCentre? Trojan attack spammed out widely

Emails claiming to come from a Xerox WorkCentre Pro photocopier have been spammed widely across the internet, containing a malicious file as an attachment.

Modern photocopiers don’t just copy your confidential documents, or see the downside of inebriated staff antics at the office party, they can also email you your documents these days.

Which makes …

Inter-company invoice emails carry malware

Have you received an unexpected “inter-company invoice” from a company for the period January 2010 – December 2010?

If so, chances are that your computer is being targeted by cybercriminals who are using the disguise as a method to infect your computer with a Trojan horse.

Companies such as Beazer Homes, KPMG, Miltek, Kraft Foods, …

 
  Older Entries »