Personal Deluxe Guard is a clone of the rogue anti-spyware program Personal Deluxe Protector, and, just like it, it’s a fake. This parasite usually uses trojans, such as the infamous Zlob or Vundo, to enter the system. This is relatively easy to do, since the trojan is disguised as a video codec and mostly found [...]

Tiger Protector Plus is a fake security program, like so many out in the wild today. This parasite makes use of trojans, such as the notorious Zlob or Vundo, when entering systems. Tiger Protector Plus relies on misleading advertising to scare users into purchasing its “licensed version”, which is no more functional than the so-called [...]

Lsas.Trojan-Spy.DOS.Keycopy is a fake threat used to trick users into purchasing the rogue anti-spyware program Malware Destructor 2009. It appears in popups, one of which reads:
“WINDOWS SECURITY ALERT! Lsas.Trojan-Spy.DOS.Keycopy is suspected to have infected your PC. This type of virus intercepts entered data and transmits it to a remote server.”
This threat is a fake and [...]

Trojan-Mailer.Win32.Spambot is a fake threat displayed in popups used to advertise the rogue anti-spyware program Spyware and Privacy Control Center. The popup reads:
“Subject: Trojan-Mailer.Win32.Spambot; Description: This Trojan sends email spam to your address book; Result: Threat blocked; Recommended: Make a full scan of your computer… Stop sending and remove spambot.”
Do NOT trust this popup, if [...]

It seems like a new spam bot is currently being developed. Few days ago it was posted a pretty good analysis of a relatively simple spam bot, which Trend Micro detects as TROJ_PROXY.AIF.
This spam bot is quite straightforward. On execution the trojan (TROJ_PROXY.AIF) issues a DNS query to a single domain in order [...]

Post from: TrendLabs | Malware Blog - by Trend Micro

The Good and the Bad of Being A New Spam Bot

Scan-AV-Express.com is a malicious website, designed to advertise the rogue anti-spyware program System Security. This website simulates a system scan, which produces false results and urges the user to purchase the fake spyware remover. Scan-AV-Express.com hijacks the browser and displays popups, which read:
“The page at http://Scan-AV-Express.com says: Your computer remains infected by viruses! They can cause [...]

TrendLabs researchers have recently published their research on two of the most prevalent botnets in the threat landscape to date:
Infiltrating WALEDAC Botnet’s Covert Operations
Spam is not a mere inbox annoyance anymore but is the first step toward executing more dangerous kinds of system infiltration. Malware are no longer discrete executables but a motley group of [...]

Post from: TrendLabs | Malware Blog - by Trend Micro

Botnet Research on WALEDAC and PUSHDO