Custom Search

Meet the new paid-archive malware families

In a previous post, “Fake apps: Behind the effective social strategy of fraudulent paid-archives,” we exposed the social engineering technique behind Win32/Pameseg - our detection for a family of “paid-archives.”

We described the use of “low-ball” techniques and explained how users are led to believe they are making an informed choice. However, the choice ultimately leads to …

Trojans and other threats in March

According to Doctor Web analysts, a temporary decline and subsequent upsurge in the spread of Trojan.Hosts programs was one of March’s most distinct trends. The outbreak reached its peak in early 2013. March was also marked by a growing number of encoder Trojan infections and the emergence of adware Trojans for Mac OS X. So …

Trojan.Yontoo.1 leads among new adware Trojans for Mac

Russian anti-virus company Doctor Web reports that adware for Mac OS X has been increasing in number since the beginning of 2013. Trojan.Yontoo.1 is the most prominent of them: It can download and install an adware browser plugin in an infected system.

According to Doctor Web’s analysts, the trend towards a growing number of adware …

Cyber Attacks Against Uyghur Mac OS X Users Intensify

In partnership with researchers at AlienVault Labs, we’ve analysed a series of targeted attacks against Uyghur Mac OS X users which took place during the past months. You can read their analysis here. For our research, please read below.

We previously wrote about targeted attacks against Tibetan activists which used Mac OS X malware. In …

Fake apps: Behind the effective social strategy of fraudulent paid-archives

In my previous blog “Fake apps and the lure of alternative sources,” I discussed a fraudulent scheme that takes advantage of known, legitimate and free applications. Unlike rogues and ransomware which use threats and force to influence their victims, the social engineering techniques employed by a fake installer are less aggressive yet, interestingly, more …

Fake Installer for Mac OS Charges Users via Their Mobile Account

Reports are circulating that a fake installer for Mac OS has surfaced, proving that Mac OS is still fair game when it comes to web threats.

Our friends from Dr. Web have uncovered a fake installer for Mac OS X. Detected as OSX_ARCHSMS.A, users may encounter this threat by downloading from websites peddling supposed legitimate software. …

First fake-installer Trojan for Mac OS

Russian anti-virus company Doctor Web informs users about a new Trojan for Mac OS X dubbed Trojan.SMSSend.3666. The malicious scheme used to spread this Trojan is notorious among many Windows users but until now it hasn’t been employed to deceive owners of Macs. Trojan.SMSSend is a fake installer which can be downloaded from various sites …

New Mac Malware Found on Dalai Lama Related Website

Acting on a tip, a member of our Threat Research team (Brod) has discovered a Dalai Lama related website is compromised and is pushing new Mac malware, called Dockster, using a Java-based exploit.Page source from gyalwarinpoche.com:Here’s a screenshot of gyalwarinpoche.com from Google’s cache:Note: Google’s November 27th snapshot also includes a link to the malicious exploit …

Romanian Google, Yahoo Users Redirected to Defacement Page

Earlier today, visitors of web pages associated with Google and Yahoo search were instead being redirected to a defacement page.

Preliminary investigation reveals that neither Google, nor Yahoo servers have been hacked or otherwise compromised. Instead, the attackers have somehow changed the authoritative DNS records for the affected domains (which are maintained by registrar RoTLD) …

October virus activity review: fierce Trojan encoders, malicious spam via Skype, and more

In the first half of October, an upsurge in Trojan encoders occurred, with a significant number of aid requests coming from users whose files were compromised by such programs. October also saw an increased bulk of e-mails spreading Trojan.Necurs.97, and an attempt to distribute another piece of malware via Skype.

Viruses

Various Trojan.Mayachok modifications lead …

Phishing for Apple IDs

The Websense® ThreatSeeker® Network has detected a phishing campaign whose potential victims are holders of an Apple ID account. An Apple ID allows you to buy new apps, make a customer workshop reservation at an Apple Retail Store, or buy music and multimedia content from the iTunes Store. You can also buy applications for Mac OS X as well as …

Java zero day = time to disable Java, in your browser at least

Now is the time to disable Java in your web browser, or even remove it from your system if that is practical. Why? The bad guys are hard at work trying to exploit a zero day vulnerability in the latest version of Java (version 1.7, Update 6.). This vulnerability is the subject of a US-CERT …

The first Trojan in history to steal Linux and Mac OS X passwords

Russian anti-virus company Doctor Web is reporting the emergence of the first cross-platform backdoor to run under Linux and Mac OS X. This malicious program is designed to steal passwords stored by a number of popular Internet applications. BackDoor.Wirenet.1 is the first such Trojan capable of running under any of these operating systems.

It’s not …

July 2012 virus activity review: the summer lull and a new threat to Mac OS

July 2012 saw an increased number of system infections by blocker Trojans; at the same time, because one of the largest BackDoor.Blackenergy botnets was brought down, spam traffic declined significantly. At the end of the month, Doctor Web discovered a cross-platform Trojan, dubbed BackDoor.DaVinci.1, targeting both Microsoft Windows and Mac OS X. It should be …

 
  Older Entries »