|
Archive for the ‘Vundo’ Category
Thursday, December 31st, 2009
Just before we pop corks at the arrival of 2010 and the passing of 2009, let’s take a quick look at the second half of 2009.
Across the U.S. the ThreatFire community saw huge numbers of FakeAv variants disappointingly being run on systems, the Vundo ad-popping trojan appearing all over desktops, and Koobface worming its way across social networks. In India, the Sality virus/downloader and varieties of bots attempted to infect systems — when ThreatFire’s community’s statistics are extrapolated out to the 40 million likely computers in that country, we can estimate that millions of Indian systems were attacked by this virus. In China, we saw gaming password stealing worms continue to spread out across the country, most likely distributed through usb sticks and other removable drives. Hot topics consistently led to blackhat SEO and phony codecs. Socially engineered bulk email schemes delivered attachments that dropped password stealing Zbot and Bredolab downloaders, users were easily convinced that they received invoices from delivery services or social networks were updating their systems. The Conficker hype grew exponentially and is all too slowly whimpering away, while the Waledac threat mutated and began to dry up altogether.
Our PC Tools ThreatFire team finished the year with a bang. The award winning PC Tools’ Internet Security Suite and its ThreatFire Behavioral Intelligence component topped all other suites as champion in the lengthiest, most comprehensive, real-world dynamic-testing malware blocking competition to date. It’s exciting to see AMTSO dynamic testing best practices being adopted and used to better drive testing and scenarios that best evaluate malware attacks that most computer users really can encounter on a daily basis. Nice testing effort and results indeed.
As 2010 arrives, we hope that existing and new ThreatFire/Behavior Guard users around the world look forward to fewer of these threats being realized on their own systems and another year of confidence in their information driven world.
Posted in AMTSO, Bot, Bredolab, Crimeware, FakeAlert, Koobface, Malware Estimates, Password stealing, Rogueware, Sality, Social Engineering, Vundo, Waledac, ZBot | No Comments »
Monday, December 1st, 2008
Malware shows up in the most unexpected places. One of my previous colleagues regularly considered the idea of computer infections ridiculous, but wired Windows systems really are ubiquitous. And this last week’s Thanksgiving trip provided another location to observe computer malware effecting unsuspecting Windows users.
This year’s birthday celebration for our 92-year old grandmother was fantastic at her new home. Singing, dessert, multiple generations of our family were together for the holiday and grandma was in a great mood in her new digs.
In the meantime, a few of us celebrants, full of pizza and cake, left the party to check out the community building — the pool table on the fourth floor, pianos on the first. After knocking an 8ball around the pool table at 8 p.m. in the relative quiet of the home, we noticed a computer center along the way back to the elavators. The monitors in that center could not have displayed a more disappointing screen.
Next to a little “M” square in the system tray (a competing AV product that will remain nameless here), was a large red circle with a white X through it and a familiar fakealert bubble caption containing a frightenting message about an infection and loss of privacy: “Privacy Violation Alert! Antivirus 2009 detected a Privacy Violation”.
A quick look at the registry and taskman showed a spambot, the brastk.exe fakealert downloader, AntiVirus 2009, and a vundo component all installed and running. The brastk.exe downloader, one of the most familiar fakealert components that is being prevented in the ThreatFire community, was running full bore. And the Vundo dll locked up the CPU from within the explorer process. Add a half dozen ads open in half a dozen hung Internet Explorer windows, and the system was unusable.
There were various poker game shortcuts on the desktop, so I’m guessing that one of the senior citizens looking to play a game mistakenly installed a package of malware on the system, assuming that the free software game was innocent and the system was protected.
For a group of elderly that don’t know much about technology but want to use it, this is very disappointing and discouraging.
Along those lines, the recent unusual and severe Mytob infection bringing down several british hospitals (the London Chest Hospital, the Royal London Hospital and St Bartholomew’s) highlights the need for layered security as well. Malware is as ubiquitous as the PC itself.
Posted in Adware, AntiMalware Solutions, Incident, Rogueware, Social Engineering, Undetected malware, Vundo | No Comments »
Monday, September 29th, 2008
While we’ve been calling it Rogueware for years around here, Microsoft and the state of Washington Attorney General’s office is filing a set of complaints against “scareware” makers. It’s interesting that lawsuits can be filed against “John Doe” actors in the complaints, as written up by Elinor Mills on CNet:
“Microsoft filed five new lawsuits and amended two previous complaints against SMP Soft, all relating to programs that allegedly falsely alert consumers to problems on their computers and offer to sell software fixes. The programs listed include Scan & Repair, Antivirus 2009, MalwareCore, WinDefenderXPDefender.com and WinSpywareProtect. Most of the defendants are listed as “John Doe” because investigators do not yet know the identities of the people behind the programs.”
Chief Threat Officer of our research group Kurt Baumgartner was selected to present a timely last minute technical presentation on Thursday of this week on “Recent rogueware” at Virus Bulletin 2008 in Ottawa, Canada. The presentation will focus mostly on technical aspects of Rogueware currently in the wild including a couple of software packages listed in the complaint, the ridiculous but popular MonaRonaDona hoax, and various methods of delivery.
Regardless of the filings, the threats continue to evolve online and are active today, much like the image above.
Posted in FakeAlert, Rogueware, Virus Bulletin, Vundo, Zlob | No Comments »
|
|
|
|
